The year 2023 marked a significant turning point for cyber-attacks with the introduction and vast proliferation of AI (artificial intelligence), now in the hands of people who wish to do you harm and who are actively using it to find faster and easier ways to rob you, extort you or burn your business to the ground.
As I write this, I’m well aware there’s a tendency to shrug and just accept the “we’re all gonna get hacked anyway” mantra to avoid dealing with it. Further, like overhyped weather reports, it’s also tempting to ignore the warning signs, thinking all this is just fearmongering rhetoric designed to sell stuff.
However, it truly is becoming a situation where the question is no longer IF your organization will be hacked, but WHEN. The Hiscox Cyber Readiness report recently revealed that 53% of all businesses suffered at least ONE cyber-attack over the last 12 months, with 21% stating the attack was enough to threaten the viability of their business.
This year is going to be a particularly nasty one, given the U.S. presidential election along with the ongoing wars between Russia and Ukraine and Israel and Hamas. Tensions are high, and hacking groups are often motivated by revenge and money.
Here are the 5 biggest developments in cyber threats you need to know about.
1. The Proliferation Of AI Powered Attacks:
If cybersecurity is a chess game, AI is the Queen, giving the person in possession the most powerful advantage for whoever plays it best. All cyber-related reports expect to see highly sophisticated deepfake social engineering attacks on the rise designed to separate you from your money.
We’ve already seen scams using AI-generated voices of family members, calling relatives to claim they’ve been injured, kidnapped or worse, to extort money. This is also being used to hack into companies by getting employees to provide login information to people they think are their IT department or boss.
This is where employee awareness training comes in, as well as controls such as MFA (multi-factor authentication) come into play. One of the things we do here at 10D Tech is implement regular training sessions to educate your staff about the latest cybersecurity threats and how to recognize them. These sessions include real-world examples and simulations of phishing attacks, ransomware, and other common threats. In addition, we require all 10D Tech staff members to use MFA (multi-factor authentication) for their accounts. We add the extra layer of security by requiring a second form of identification beyond just a password. For instance, after entering their password, your employees might also need to enter a code sent to their phone or email, or provide a fingerprint or facial scan. It makes it much harder for unauthorized users to access your systems.
2. Increased Risk Of Remote Workers:
The expansion of remote work is a trend that is not going away; with that comes an exponentially more significant risk for cyber threats. From laptops being carried around and connected to suspicious Wi-Fi to mobile phones providing a “key” to logging into critical applications (like your bank account, Microsoft 365, line-of-business and credit card applications), these devices pose a high risk of being easily lost or stolen. Further, when people use their own devices or work remotely, they tend to mix business and personal activities on the same device.
That employee who frequents gambling or porn sites may be using the same device used to log in to company email or critical applications. Even logging into personal social media sites that get hacked can provide a gateway for a hacker to get to YOUR company’s information through a user’s (employee’s) personal accounts.
3. Escalation Of Ransomware Attacks:
There are an estimated 1.7 million ransomware attacks every day, meaning 19 people are hacked worldwide every second. If you’ve been lucky enough to avoid this, know that someone else is getting hacked frequently, and you are very likely to be hit.
Last year, ransomware attacks increased by 37%, with the average ransom payment exceeding $100,000 and an average demand of $5.3 million.
Fortunately, not all ransom attacks are successful. Businesses are getting much smarter about cyber protections and have been able to put in place protections that prevent hackers from successfully extorting their victims. One of the ways we protect our clients from ransomware is by implementing robust, multi-layered security measures. 10D Tech uses advanced threat detection software to monitor systems for unusual activity and identify potential ransomware attacks before they take hold. Additionally, we enforce strict access controls, ensuring that only authorized personnel have access to sensitive information. Regular backups are another crucial aspect of our strategy; they ensure that backed-up data can be restored even in the event of an attack without paying a ransom. Moreover, we provide continuous cybersecurity awareness training to all employees, teaching them how to spot and avoid phishing emails or malicious links – common entry points for ransomware.
4. IoT Attacks:
IoT, or “Internet of Things,” is a term to describe the proliferation of Internet-connected devices. Today, even kitchen appliances, like a refrigerator, can be connected to the Internet to tell you when it’s time to change the water filter to alerting you if there’s a power outage.
More devices mean hackers have far more access points into your world. If there are 100+ more doors to walk through in a house, you have a much greater security risk than if there are only five. That’s why IoT attacks present such a problem and a massive opportunity for hackers.
While many people know they should lock their PC, they might not be as meticulous in locking down their fridge or their dog’s tracking collar, but those could all provide access to you, your devices, email, credit card and personal information.
5. Cyber Protection Legal Requirements:
To try and combat the out-of-control tsunami of cybercrime, the government is initiating more comprehensive federal and state laws requiring business owners to have “reasonable security” protections for their employees and clients in place.
The FTC (Federal Trade Commission) has been the most active in this space, bringing numerous actions against companies it alleges failed to implement reasonable security measures and issuing monetary penalties.
Of course, all 50 states plus Washington D.C. have passed laws imposing security requirements as well as data breach notification laws that require businesses to notify anyone whose data and PII (personally identifiable information) has been stolen or accessed by hackers via the company. For example, in Oregon, the Oregon Consumer Identity Theft Protection Act mandates that businesses must notify consumers of a data breach within 45 days of discovery. This notification should detail the nature of the breach, the type of information compromised, and the steps consumers can take to protect themselves. Additionally, if the breach involved Social Security numbers, the business is required to offer free credit monitoring services for a year. Non-compliance with these regulations can result in hefty fines and penalties, further emphasizing the importance of robust cybersecurity measures and protocols.
In California, under the California Privacy Rights Act (CCPA), a business could face a penalty of $100 to $750 per consumer and per incident if that company gets hacked and the court determines they failed to put in place reasonable security procedures.
Not Sure If You’re As Protected And Prepared As You Should Be?
Get a FREE, no-obligation Cybersecurity Risk Assessment to ensure you’re adequately protected. During this assessment, we’ll review your system so you know if and where you’re vulnerable to an attack.
Schedule your assessment with one of our Cybersecurity Experts by calling us at 541-243-4103 or going to https://www.10dtech.com/security
