These three cyber trends reveal security vulnerabilities, increasing the call for businesses to stay on top of the ways cybercriminals are adapting and evolving their operations.
Cybersecurity is one of the most prevalent risks in our hyper-connected society.
Given the nature of technological advances and the speed with which data can be manipulated, businesses and governments seem trapped in a never-ending cycle of catch-up as cybercriminals launch new and more sophisticated threats.
In the latest chapter of this evolution, cybercriminals are using emerging technology and shifting their focus to different targets to carry out their malicious activities.
Data ransomware tactics targeting companies
Cybercriminals have long focused on encrypting their targets’ systems or data to extract ransom.
In response, many companies have prioritized robust backups from which their data can be restored in the event of a ransomware attack.
This has forced cybercriminals to focus their approach to profit from victims’ data.
Cybercriminals are now increasingly stealing highly sensitive data, often choosing to forgo system encryption, and instead threatening to leak or sell this information publicly on the dark web unless the organization pays.
To get the most for their money, cybercriminals often attack the public sector, where the government, healthcare, and education industries hold a wealth of private and confidential data. Furthermore, these industries tend to have constrained budgets and outdated systems, making them easy targets.
This is not to say that the private sector is not in trouble – any organization that collects and stores data is at risk of a ransomware attack.
Cyber risks posed by artificial intelligence and quantum computing
The constant development of technology is a double-edged sword.
For example, many companies are turning to current developments such as artificial intelligence (AI) to increase efficiency; This technology is used for the same purpose in the criminal world.
Cybercriminals have successfully circumvented built-in legal safeguards to use AI software to increase their production of malware and credible phishing emails.
They also take advantage of public interest in AI applications, such as ChatGPT, by creating fake websites claiming to offer AI programs to steal credentials or launch malware.
AI can also be used to create audio transcripts to defraud employees. For example, cybercriminals used AI to impersonate the head of a UK-based energy company to successfully steal $234,000.
The future potential of quantum computing is another emerging risk because current cybersecurity and cryptography technology is not sufficient to protect against these advanced and powerful capabilities.
In response, cybersecurity stakeholders and experts are calling on organizations – especially those involved in critical infrastructure – to begin creating a quantum readiness roadmap, which includes examining their vendors’ roadmaps.
This brings us to our third direction.
Cyber vulnerabilities of third-party vendors
Increased efficiency often contributes to greater success for both companies and cybercriminals.
As such, companies often contract out various cyber services where they are cost-effective, and third-party vendors – such as those providing payment processing services, software, IT and marketing services and products – are increasingly under attack.
Cybercriminals can cause widespread destruction by targeting and exposing vulnerabilities in third-party vendors; Targeting a single service provider can spread malware to users along the network supply chain, infecting multiple targets to extort money from or steal data.
This not only affects companies using affected third-party suppliers, but also those companies’ contacts.
Recent examples of this include attacks on MOVEit, a popular file-sharing software, which resulted in data breaches of more than 600 companies worldwide, affecting more than 40 million people; and Log4J, a widely used logging library software, which saw more than 100 hacking attempts occur every minute at the peak of the exploit.
Businesses can no longer be complacent in ensuring that their systems are adequately protected. They are also responsible for reviewing and ensuring that third-party providers engage in a high level of cybersecurity.
This is a very difficult space to monitor. As more companies rely on third-party vendors, these providers are increasingly exposed to a deluge of compliance requests and may be reluctant to open their entire systems to audit.
How can companies respond to evolving cyber threats?
Cybersecurity will always be seamless.
Education remains key to effective adaptation in response to criminal activities, as companies must be vigilant to stay on top of rising and emerging threats as well as current cybersecurity best practices. This should not be done in isolation, but should instead involve the exchange of information between stakeholders, vendors and employees.
Ongoing training for employees – who remain the weakest link when it comes to a company’s cybersecurity defenses – is crucial, as is routine review, testing and updating of response plans.
Budgets must also reflect the growing need for IT and cybersecurity expertise Cyber liability insurance.
Start a conversation with one of our expert brokers today to determine which coverage is right for you
Let us discuss what we can do for you.
author
Helen McCaffrey It is a senior underwriter and broker, D&O and Cyber, with Acera Insurance (formed by the merger of several award-winning brokerages, including Rogers Insurance, CapriCMW and Megson FitzPatrick). It specializes in providing cybersecurity insurance and risk management solutions to directors and officers. Helen holds a law degree (University of Calgary, JD96) as well as Canadian Designations in Risk Management (CRM) and Chartered Insurance Professional (CIP). It is licensed in Alberta, British Columbia, Manitoba, New Brunswick, Newfoundland, Ontario, Prince Edward Island, Saskatchewan and Yukon.