Cybersecurity: Looking Back at 2022 to Understand What 2023 Might Hold

In the tech world we have this tendency to always look towards the future, never really looking back. It’s understandable, it’s a constant-changing world and it’s easy to become out-of-touch with the new technologies and developments happening in the field. This is especially true for cybersecurity, where we are constantly playing catch up with “the bad guys”. However, “lessons learned” aren’t important just right after an incident, and we should be looking into the past to have better hindsight about what threats might lie ahead of us, how to protect ourselves, or worst-case scenario, at least how to react to them.

In 2022 we can outline several kinds of attacks, many which made the news[i]. You might have heard what Costa Rica had to deal with in November. The country was the target of a known cybercrime group called Conti, that unleashed ransomware attacks for several weeks on many of the country’s critical systems. The healthcare system was one of many affected by cyberattacks worldwide.  Data leaks and stolen credentials to systems, such as National Health Service (NHS) in the UK suffered in April, were just some of the attacks directly affecting patients.  The CommonSpirit Health System attack targeted US citizens in October. All over the world there were news of ransomwares in hospitals, which can also both create data leaks and greatly affect patients, possibly having direct or indirect life-threatening consequences.

Despite the news usually only talking about attacks to big companies like the ones mentioned here, in reality cybercriminals target all kinds of businesses. According to Check Point Research[ii], there were 38% more cyberattacks per week in 2022 on corporate networks worldwide, with that number jumping to 52% in North America. In parallel, there was an increase in small hackers and gangs specialized in ransomware. In result, according to Statista[iii], over 71% of organizations worldwide have declared having been victimized by ransomware attacks this year. This number is in constant growth, having jumped from 55.1% in 2018.

Data exfiltration was also a massive problem, with big companies suffering attacks and having data leaked[iv], such as the Thalès Group, Twitter (who had a new breach this year in January 2023), Uber, and LastPass. We definitely saw more multinationals being affected, but although it sounds counterintuitive, small and medium businesses are a big target for smaller hackers.  In fact, they have less means of exploitation and usually SMEs have less securities in place.

So what can we expect cybersecurity to look like in 2023? Despite the tech world changing very quickly, in reality we will continue seeing the same trends. Ransomware and attacks to big companies will continue to grow in 2023. Most of them usually have phishing or some sort of social engineering as their first vector, meaning these are the main threats to businesses, along with malware, ransomware, data breaches as we mentioned above, but also business email compromise (BEC). This less talked about threat is a way for attackers to defraud a company and attacks are on the rise.

During the COVID-19 pandemic and its aftermath, we often heard about the security issues regarding working from home. Despite this not being a much talked about subject anymore, the threats remain the same. Many of us are still working from home or in a hybrid-mode, and although more cybersecurity awareness and training have been done, it still remains a strong risk for companies. We used to often hear about the risk BYOD (bring your own device) brought to companies, and this is still a reality nowadays that should not be forgotten about, especially since many attacks, namely phishing and smishing, are happening increasingly on mobile devices.  Check out our blog on IT Considerations for Working from Home for the Foreseeable Future.

Companies might also be affected through the growing trends in the tech world, namely smart devices (which are increasingly being used in companies), moving to the cloud, and relying more and more on third-party vendors for all kinds of software and infrastructure. Finally, another important trend we see in the tech world is machine learning and artificial intelligence, which can both aid hackers in crafting attacks that are more accurate, bigger in numbers, and more powerful.

As we see the world of technology evolving exponentially, we will also see its “criminal side” follow the same path. Despite everyone hearing about all the attacks happening worldwide, to nations and companies alike, the persistent logic is that “it will not happen to me”. Even big companies are still playing catch up and for many, will only really invest in cybersecurity once they have been attacked. When it comes to cybersecurity, especially in businesses, the best advice is to remember “better safe than sorry”.

So why wait?  If you want to learn more about cybersecurity contact us and receive your complimentary assessment today!