Businesses Need To Prioritise Cybersecurity In 2023

Uploaded on 2023-02-16 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Last year proved to be a year full of high profile cyberattacks, with incidents occurring across all sectors and business types. Indeed, figures show that global cyberattacks increased by 38 percent in 2022, compared to 2021, with the same research showing the UK saw a 77 percent increase in overall cyberattacks last year.

However, if businesses thought the worse was over, then unfortunately, they are in for a rude awakening as the beginning of 2023 has shown that cybercriminals are more active than ever and more capable than ever of hacking into systems and getting their hands-on data.

With less than two months of the year gone, we have already seen the following attacks:

Royal Mail:   Ransomware attack by a Russian hacker group which led to chaos across its international postal services.   

PayPal:   Hackers gained access to nearly 35,000 customer’s personal data, including name, address, Social Security numbers, tax ID and/or date of birth.

MailChimp:  The email marketing and newsletter giant, was hacked, with dozens of customers’ data exposed. More worryingly, this was the second successful hack on the company in the past six months.

DNV:    A shipping giant, saw a ransomware attack affect 70 companies and potentially 1,000 vessels.

UK Schools:  14 UK schools were hit with ransomware attacks, with some of the pupil data (much of it old) being released onto the dark web after the ransoms were not paid.

ION Trading UK:   A ransomware attack on the financial data firm saw scores of brokers unable to process derivatives trades. However, the gang behind the attack said that the ransom had been paid by an anonymous benefactor.

Undoubtedly, there have been many other attacks that have not grabbed the headlines as cybercriminals up their efforts to gain access to data. These attacks are across multiple sectors, both public and private, using different tactics, with gangs originating from all over the world. However, the determination of cybercriminals to gain access to data is the common thread, and all companies now hold data that is worth something to criminals.

Recognising this fact is the first step for most companies. A close second though is locating where your data is held. For many companies, data has been stored in various locations over a number of years, by individuals who may well now have left the business. This means that there is potentially sensitive data left in unprotected systems.
Without understanding what data is held, where it is stored and what could be safely disposed of, companies cannot effectively protect themselves. The key to cybersecurity though is to stop the cybercriminal from getting through in the first place.

The weakest point in most companies are the employees. This situation has become worse since more employees are now working out of the office or in hybrid roles. This leaves them out of the corporate network and potentially working on personal devices that are not updated or patched.

Some solutions constantly warn employees of potential dangers. However, the messages and alerts bombarding users have caused ‘security fatigue’ in some. This has led to employees making rash decisions, and ignoring all warnings, even the most urgent ones. This has made it easier for cybercriminals to gain access to systems.
Only warning employees at the point of danger is the key. This allows decisions to be made at the right time without being lost amongst other, less urgent messages. It also provides a real-time learning as employees can clearly see what the malicious threat looks like and can more easily identify one in the future.

With the threat from cybercriminals very obviously increasing, companies have to identify where their data sits (including legacy data) and whether any of it can be safely disposed of. Also, by turning your employees from the weakest to one of the strongest links in your cybersecurity strategy companies will be in a much stronger position to keep cybercriminals out and data safe. 

AJ Thompson is CCO of Northdoor plc 

You Might Also Read:

Will The Insider Threat Intensify During The Recession?

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Royal Mail Refuses To Pay LockBit Ransom Demand
Policing Digital Crime »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

NQA Certification

NQA Certification

NQA provides certification to a range of ISO standards including ISO 27001 for information security management.

CIRCL

CIRCL

CIRCL is the national Computer Incident Response Center of Luxembourg

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

Securicon

Securicon

Securicon provides expert consulting for application, system and network security.

Sum&Substance (Sumsub)

Sum&Substance (Sumsub)

Sum&Substance is a developer of remote verification solutions. Our technology allows online services around the world to meet regulatory requirements, prevent fraud and enhance customer confidence.

Tactical Network Systems (TNS)

Tactical Network Systems (TNS)

Tactical Network Solutions helps you discover hidden attack vectors in IoT and connected devices before someone else does.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

RKVST

RKVST

RKVST is a powerful tool that builds trust in multi-party processes when it’s critical to have high assurance in data for confident decisions.

ACL Digital

ACL Digital

ACL Digital, an ALTEN Group company, is a leader in design-led digital experience, innovation, enterprise modernization, and product engineering services converging to Technology, Media & Telecom.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Servadus

Servadus

Servadus help organizations with their cybersecurity and compliance programs through management and sustainability, consulting, and assessing.