• Eric Schifflers, Chief Information Security Officer at Ria Money Transfer


• 01.12.2022 06:00 am
#cybersecurity

The global cost of cybercrime is rising and reached an estimated €5.5 trillion in 2021. Ransomware attacks alone hit organizations somewhere in the world every 11 seconds. Our use of and dependence on technology grows each day and with it the opportunities for criminals to profit from emerging vulnerabilities. Despite increased awareness and growing spending by organizations to protect themselves and to build resilience in the event of a successful attack, specific cyber threats will continue to rise in 2023. Cyber risks will have to be mitigated by managing direct threats, but sufficient resources will be needed to navigate an increasingly complicated regulatory and operational environment in the coming year.

Biggest threat: cybersecurity collateral damage caused by state-sponsored threat actors

State-sponsored cybercrime is now one of the most prominent forms of cyber-criminal activity, and it will continue to rise in 2023. Nation-states take advantage of our increased dependence on technology to use cybercrime for espionage, sabotage or to sow misinformation. Meanwhile, some are turning a blind eye to cybercriminal groups within their borders that target the private sector, as long as those targets are in other countries.

In 2021, only a quarter of cyberattacks reported in Europe were directed at public administrations, while more than half targeted private-sector companies in a broad variety of sectors. The reasons targets are chosen are not always clear. For example, last month fourteen US airports suffered a Denial of Service (DoS) cyberattack that disrupted websites featuring flight information. Russian-speaking hackers took credit for the attack but the reasons for their actions remain unclear.

Private companies will need to closely monitor potential collateral damage caused in some cases by state-sponsored threat actors whose motives may not be obvious.

Global supply chains under attack

Globalization has dramatically increased the flow of goods throughout the world, but the rising interdependence for supplies and manufacturing processes also means that supply chains are stretched over greater distances and have become especially vulnerable to disruption. Already weakened from pandemic bottlenecks, the manufacturing sector has become an attractive target for hackers. In 2021, the number of supply chain intrusions rose 16% on the previous year.

Manufacturers and service providers often adopt new digital technology in order to quickly enhance productivity but sometimes do so without paying sufficient attention to security issues. The introduction of robotics and the Internet of Things has provided hackers with new avenues to explore and exploit. One recent example is Toyota’s suspension of its Japanese production line last February due to a cyber-attack not directed at Toyota itself but at one of its suppliers. The company had to delay production of 13,000 vehicles as a result.

Ransomware’s continued rise

Cybercriminals monetize their activities via ransomware, and the tactic, which blocks access to systems or data until a ransom is paid, is being used on an ever-broader range of organizations and companies of all sizes. In 2021, there was a record 623 million ransomware attacks; far more than in previous years. Broader adoption of digital tools and remote working during the pandemic helps to explain the rise. More and more, criminals are using sophisticated phishing scams and targeted ‘deep fakes’, and the ubiquity of digital communication means hackers have more windows of opportunity to exploit.

Malicious insiders become more of a threat

Financial companies are prime targets for cybercriminals and frequent targets of cyber-attacks. Financially motivated criminals attempt to infiltrate systems using tactics like server access, misconfigurations, and fraud, often monetizing their activities through ransomware.

Almost one-third of successful breaches in the sector come from internal actors, in some cases employees not aware they are putting their company at risk. Adequate cybersecurity awareness training is key to avoiding incidents.

Insiders who knowingly aid cybercriminals, on the other hand, can be difficult to identify. To mitigate the threat from malicious insiders, cyber security systems need to take into account a broad range of information and be able to detect unusual or erratic user activity. Processes and controls must be established for granting access to sensitive data and followed closely at all times. User and Entity Behavior Analytics (UEBA) can be critical to properly vet new hires and keep an eye out for unusual practices in the workplace.

The shifting regulatory environment

The sense of alarm is growing among policymakers and regulators throughout the world of the threat to critical infrastructure and businesses that cybercrimes present, not to mention the risks to private citizens. New legislation to improve resilience and try to stem the growing tide of cyber incidents is beginning to appear which will require greater attention to an evolving regulatory landscape for cybersecurity.

Pressured into action by high-profile cybercrimes involving businesses and infrastructure, such as the Colonial Pipeline hack in 2021, the U.S. passed the Strengthening American Cybersecurity Act of 2022 last March. The new legislation obligates companies to notify the Cybersecurity and Infrastructure Security Agency within 72 hours of discovering a cybersecurity breach and within 24 hours of paying ransom to hackers. The law targets companies that provide critical infrastructure, but details of which companies the law will apply to and how it will be enforced have yet to be fully defined.

The new Digital Operational Resilience Act (DORA) was adopted by the European Parliament last November and introduces a comprehensive framework for the digital operational resilience of the financial sector. Almost all regulated financial institutions are in the scope of DORA and will have to implement sufficient safeguards to protect against cyber and other ICT-related risks.

As the implications of these new laws become clearer and more countries follow their own requirements, meeting the increasing cybersecurity-specific regulatory requirements across all countries and regions where companies operate will be a growing challenge for cybersecurity managers in 2023.

Ongoing challenge: Attracting and retaining cybersecurity expertise

Unfortunately, the increased use of technology and the rise of cybercrime has not brought with it an increase in the number of qualified cybersecurity professionals available to address the problems. Attracting and retaining the right talent has been a challenge for companies and will continue to be in the future.

Recruiting professionals with the needed skill set is critical, but just as important is retaining talent once onboard. Many cybersecurity professionals want to work at organizations where their opinions will be taken seriously by top management, where well-defined cybersecurity governance and automation are in place and where cybersecurity training and investment throughout the organization is a key priority. Many want to feel challenged to design new solutions to important issues and to connect with the core purpose of the company they work for. Organizations have to focus not just on filling their specific needs, but on meeting the expectations for career development and the purpose of the cybersecurity talent they depend on.

Overcoming the cybersecurity threats that lie ahead will take more than stamina to confront the day-to-day battles. The broad vision is critical in order to keep up with an environment in constant evolution and to cultivate adequate resources to help in the fight.