Cyber losses continue to rise, and risks continue to evolve as cybercriminals adapt their tactics and use new tools. Below are several cyber exposure trends affecting businesses of all types and sizes.
Attacks become more expensive
The Internet Crime Complaint Center (IC3) says that cyber complaint losses will reach $10.3 billion in 2022. This is a huge year-over-year increase; In 2021, cyber losses totaled $6.9 billion. At the same time, the number of cyber complaints decreased slightly from 847,376 in 2021 to 800,944 in 2022.
Ransomware remains a problem, and IC3 received 2,385 complaints with losses of $34.3 million. However, Payments Journal says that payments for ransomware decreased in 2022, and research from Chainalysis shows that payments decreased by 40%. This decline may be the result of more victims refusing to pay.
Ransomware losses may be decreasing, but phishing attacks have increased. A single successful email is all a hacker needs to access your sensitive data, financial information and accounts.
According to Interisle, phishing attacks increased by 61% between May 1, 2021 and April 30, 2022, while the number of monthly phishing attacks has more than doubled since May 1, 2020.
Business Email Compromise
Enterprise email compromise schemes are another attack that depends on human, rather than technical, weaknesses.
In a typical e-mail compromise scheme, fraudsters pose as a legitimate contact (such as a supplier or client) to trick the target into authorizing a wire transfer. However, some systems have other goals, such as diverting salaries or accessing information. In late 2022, the FBI warned that fraudsters were also using business email compromise schemes to steal large shipments of food and ingredients. Other products may also be targeted. In March 2023, IC3 warned that hackers are using email compromise tactics to steal various goods.
New AI tools allow anyone to create a fake photo or video in seconds.
The FBI says cybercriminals are using these techniques to create more convincing email compromise schemes. The criminal accesses an email account belonging to a CEO (or someone else authorized to request a virtual meeting). During the virtual meeting, the criminal will use a still image of the CEO along with a deep fake sound of the CEO’s voice. The criminal may explain that the video does not work. The criminal then instructs employees to initiate fund transfers, and this can be confirmed in a follow-up email.
Cyber attack automation
New tools help cybercriminals automate their attacks.
According to Dark Reading, AI and phishing-as-a-service make it easy for criminals to launch attacks. For example, these tools can automatically adapt phishing attacks to the target’s native language, allowing hackers to deploy phishing attacks in multiple languages. Hackers can also weaponize tools like ChatGPT to create phishing emails and malware.
Businesses are encouraged to do their part
The US government has released a strategy to deal with the growing cyber security risks. According to Cybersecurity Dive, the strategy has five core pillars: defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and creating international partnerships to achieve common goals.
However, this plan does not mean that companies no longer need to prioritize cybersecurity. According to Cybersecurity Dive, CISA Director Jen Easterly recently told US business leaders that cybersecurity is not an issue the government can address on its own, and businesses must see cybersecurity as a matter of central importance.
Protect your business
Cyber threats may change, but they won’t go away. Businesses must take steps to reduce the risk of a cyber attack.
- Look for slight variations in links and email addresses. Criminals can use an email address that is just one letter away from the email address of the legitimate company they are impersonating.
- Educate everyone about the threat of deep fake technology and be suspicious of urgent and unexpected requests for money, goods or information. Implement processes to verify requests.
- Train your employees on how to spot phishing attacks and malicious URLs. Conduct tests to see if workers click on suspicious links.
- Get cyber insurance. Other policies often exclude losses arising from cyber attacks, so it is important to have coverage designed for cyber risks.
Cyber insurance can protect your business, but securing coverage is a challenge. Rates have risen and insurers want to see that you have strong cyber security measures in place. The insurance and risk advisors at BNC can help you navigate the market so you can secure the coverage you need to protect your business. Contact Us.