What The Latest Cybersecurity Trends Mean For Your SME 

It's open season for cybercriminals. Research from TWC highlights that the time between March and July is the peak period for cyber attacks targeting organisations, meaning that businesses of all shapes and sizes must remain vigilant. Comparing that with the uptick in cybersecurity incidents that hampered governments and global corporations alike this year already, it’s clear that smaller businesses must act quickly to avoid being caught out.

To stay safe in cyberspace, prevention is always better than the cure. Below, we’ll tackle emerging cybersecurity trends and how businesses can enhance their security and stay vigilant at a time when cybercriminals and fraudsters are growing ever more sophisticated.  

Playing Tricks With Packages 

Hackers will use many of the daily routine, mundane tasks we do to probe for weaknesses. That now includes targeting users as they download digital “packages” of files. There have been increasing incidents of package impersonation attacks via public repositories such as NPM, RubyGems, and PyPl. These play out as cybercriminals create fake packages that mimic legitimate ones in these repositories, and when developers unknowingly download one of these ‘packages’, they also install malware or other malicious code into their systems. The impact of such attacks can be serious as the information on a business’s servers is sensitive. 

To reduce the risk of these attacks, businesses must act to expand the verification and software composition analysis to identify potential threats.

Having verification measures in place checks a package's cryptographic signature and can authenticate the source, therefore ensuring the package is genuine. It can also verify the integrity and dependencies of the package, adding another layer of reassurance that it has not been tampered with. A final check is to run a software composition analysis, which can detect suspicious or malicious code within a package. 

 Multiplying Attacks From Multi-Factor Authentication

Most associate multi-factor authentication with an added layer of security. But even this can potentially be exploited. Businesses are seeing increasing incidents of push spam attacks, where an attacker will send countless push notifications demanding access, tricking an overwhelmed user into approving their entry into their system. The other increasingly common tactic is the ‘man in the middle attack’, which gives access to an account when an attacker intercepts the communication between the user and the server — thus obtaining authentication information. 

One obvious solution is improved employee education on the importance of not approving such requests, and increasing vigilance against unsolicited pop-ups or other suspicious activity. However, that will never fully eliminate the chance for human error.

So how can we bolster security? Hardware tokens could be a compelling solution to this threat. These tokens form an additional layer of security by generating a unique, one-time password that’s entered alongside regular login credentials. Since the password changes every time a user logs in, it’s much harder for attackers to access accounts.

Generating Security With AI

The rise of generative AI is offering many businesses opportunities to find new efficiencies. Unfortunately, cybercriminals are finding ways to benefit from this technology too. With tools like ChatGPT, cybercriminals have a powerful tool to craft more convincing phishing and smishing lures, even with limited technical skills of their own. 

Whether it’s phishing over email or text, companies must be on the front foot to tackle these incidents as they become more common. As before, employee education and training can form a crucial first step in helping with this, as well as staying vigilant against suspicious texts, emails and links. The second line of defense, as mentioned, is having resilient security measures in place, such as multi-factor authentication, as well as keeping device software up to date. 

Finally, don’t let the good name of your company be used against you. Some attackers may copy your domain name and impersonate a legitimate business in a homograph attack. It’s all too easy to overlook the small differences between characters that might be used to replicate a safe domain name with a malicious one — which is why it’s crucial to also consider choosing a domain name with built-in protection to guard against such vulnerabilities. Some domain providers are protecting their customers by automatically blocking all homographs of customers’ domain names at the time of purchase, effectively preventing any efforts to mimic legitimate websites.

API Attacks On The Rise

APIs have undoubtedly become the foundation of modern software development, given their data sharing capabilities and ease of integration. But this reliance on APIs comes at a risk. With attacks only getting more sophisticated–for instance, injection-based attacks, such as cross-site scripting (XSS) or SQL injection, or smarter social engineering tactics–hackers are getting better at getting users into divulging sensitive information. Thankfully, that risk can be mitigated.

While cybercriminals can exploit vulnerabilities in APIs to steal data, compromise systems or launch attacks on other applications or networks, implementing authentication protocols can reduce the likelihood of this threat. Tools like these can help businesses control access to their APIs, review access controls lists and ensure only authorised users can access APIs. Proper encryption of API data can also go a long way in helping protect sensitive data in transit, so data gets to where it needs to be safely. 

But this isn’t a checkbox exercise - instead, businesses must perform regular penetration testing to identify and address any vulnerabilities before it's too late. 

Securing The Path Ahead

Businesses must be vigilant that new technologies bringing them new efficiencies are not also working against them. After all, cybercriminals are just as invested in utilising the latest and greatest trends in technology.

But by having strong awareness and security-savvy employees, a protected domain name, as well as strong authentication protocols across the board, businesses can rise above the risks in 2023 and beyond. 

By Alexander Falatovich, Senior Cyber Security Threat Analyst at Identity Digital

You Might Also Read:

The Reality Check For Small & Medium Businesses:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« NSA Warning: China Is Stealing AI Technology
What Is The Difference Between Phishing, Smishing & Vishing?  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LogRhythm

LogRhythm

LogRhythm's security platform unifies SIEM, log management, network and endpoint monitoring, user behaviour analytics, security automation and advanced security analytics.

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

Findings

Findings

Findings (formerly IDRRA) is a scalable AI powered assessment platform that streamlines security compliance across sectors, jurisdictions and regulatory frameworks.

IT Career Switch

IT Career Switch

An IT Career Switch Traineeship is the easiest way to start a new career in IT or Cybersecurity with fantastic career prospects.

Startups.be

Startups.be

Startups.be helps tech entrepreneurs to be successful by providing quality access to service providers, business partners, customers and investors.

CyberCube

CyberCube

CyberCube provide world-leading cyber risk analytics for the cyber insurance market.

Nominet

Nominet

Nominet's cyber division offers network detection and response services to governments and enterprises worldwide.

UK Cyber Security Council (UKCSC)

UK Cyber Security Council (UKCSC)

The role of The UK Cyber Security Council is to champion the cybersecurity profession across the UK, provide representation for the industry, accelerate awareness and promote excellence.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

Mutare

Mutare

For three decades, Mutare has been empowering organizations to re-imagine a better way to connect through our transformative voice security, digital voice and text messaging solutions.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.