What you need to know about cyber security in 2023
New technologies, new threats and new methods: Security work is a project that never ends. But the biggest security holes are still ourselves.
Spring operational and safety expert Luca Ratiu gives you the threat picture for 2023 — and some invaluable tips on how to best protect yourself.
Cybercrime costs the global community hundreds of billions of dollars annually. Figures from the FBI also show that the number is skyrocketing: both the number of fraud cases, total money losses and reported phishing cases have multiplied in just a few years.
New technology is one of the reasons why this is increasing in scope. AI tools, for example, can make phishing attacks harder to detect. At the same time, user-friendly tools have been created that allow “anyone” to carry out attacks.
Where do the attacks come from?
Before we go into more detail about the most common threats, let's take a quick look at whom which typically make up these. Luca points to five groups: nation-states, curious enthusiasts, cybercriminals, hacktivists and insiders.
“For the vast majority of Norwegian companies, cybercriminals will be the biggest real threat. These are people who are looking to exploit your weaknesses, usually for their own financial gain.
But he also adds that no one should underestimate the insider threat. Luca clarifies that this does not mean that you have unfaithful servants in your ranks.
“It may as well be that someone unwittingly reveals sensitive material. Many, for example, have an ill-thought-out relationship with selfies in the workplace. Suddenly, someone has seen something they weren't supposed to, he warns.
New tools
For cybercriminals, there are some types of attacks that remain: phishing, harvesting sensitive data, extortion and malware. These can naturally slip into each other, and in many cases phishing is the “way in” through the security measures.
Phishing is simply about someone tricking you into performing an action, such as logging into a fake page or opening an attachment. The result could be that they steal your login information or get you to install malware.
In the time ahead, Luca warns that AI is going to make phishing attempts both more credible and sophisticated.
“Social manipulation is already the biggest security threat for the vast majority of people. With ever-smarter chatbots, deepfakes and voice cloning, the success rate of the criminals is likely to increase.
Demanding ransom
If they first get in the door, the criminals are well positioned to do great harm. But there is still a lot you can do to reduce the potential for damage. One thing is to take GDPR seriously.
“It's important to remember that GDPR is also about securing your data against serious data breaches. If you just think GDPR is a regulatory headache, you probably haven't done enough to protect yourself.
Malware is also one of the things Luca believes we should be extra aware of in 2023 and beyond. He highlights ransomware, which is a software that locks you out by encrypting your data -- then demanding a ransom.
This is nothing new in itself. But the so-called ransomware-as-a-serviceservices are starting to get creepily user-friendly. You hardly need to be computer savvy to adopt them, and it makes this type of crime accessible to larger groups than in the past.
3 tips on how to secure yourself
So what can we do to protect ourselves? According to Luca, it starts with acknowledging that you are vulnerable.
No one is Fort Knox, and you can never be 100% protected. But you can make improvements and minimize the risk quite a bit, he says, highlighting 3 steps:
1. 2FA and secure passwords
Always use two-factor authentication — and choose a rock-solid password. Everyone has heard it several times before, and there's a good reason why: It's simply incredibly important.
“The cross of mind is that the most used passwords in Norway are still crappy. Folk knows also that it's not a good idea to use the same password in multiple places, but they do it anyway. That's why the council stands to take this seriously. One tip is to use a password manager. Then you know you're getting a secure password and you don't even have to remember it.
2. Update all applications and systems
Also this is something people may know they should but wait with. That could be a costly lesson. Luca reminds that the latest version will always be the safest.
“For people working in security, the incentives lie in finding bugs in the latest version of a given system. Therefore, you should not wait to update either. It applies both individually and at the company level, ranging from small plugins to large systems,” he says, adding:
— Also, make a plan that one day you will replace all the systems that start to drag on. It's going to cost something, but it's a cost you should plan for.
3. Provide employees with safety training
Security breaches rarely take place like on film. It's not about firewalls dramatically falling because someone presses really fast on the keyboard. As a rule, it is we humans who fall. We are deceived by an email that looks trustworthy — or someone we think we can trust. Here it helps with good training.
“This is something every company should consider, and there are several professional firms that conduct this type of training. Internal phishing campaigns are often used, and can be useful in identifying potential weaknesses, says Luca, concluding:
“Just a little increased awareness does a lot for safety.
