The past year has seen a series of cybersecurity incidences of concern, and these included new forms of threat and different ways to convince businesses and consumers to be drawn into webs of deception. Here is Digital Journal’s round-up.
In reviewing what has gone one, many cybersecurity companies publish research reports focusing on different aspects of cybersecurity and breach trends. Here is a round-up:
Generative AI
Generative artificial intelligence presents a cyber-threat, and this is a trend seen by many consumers, according to the Jumio 2023 Online Identity Consumer Study.
This report finds that 57 percent of consumers believe generative AI tools will make online identity theft easier. Although many are aware of the general threat, the majority are unaware of a specific threat: deepfakes. Here, 67 percent of consumers are aware of generative AI technologies, but they overestimate their ability to detect a deepfake video.
What businesses have been experiencing
Capterra, in the report ‘Three Factors That Weaken Data Classification—and Lead to Data Breaches’, observed that the majority of businesses have experienced attempted cyberattacks (this is supported by Security Scorecard who found that 98 percent of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years). In some of these areas, these have been successful. For instance, two in three (67 percent) businesses with a data classification program reported a data breach within the last two years, and a quarter of those same respondents reported multiple breaches.
The review finds that most data breaches result from human factors instead of malicious actors. The most common type of breach was a database or other data source left unsecured (48 percent) while only 38 percent reported that a hacker or other outsider had maliciously accessed data.
Energy sector
According to Rockwell Automation, attacks on businesses continue to accelerate. For example, OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991-2000.
One of the major targets for attack is the energy sector. Threat actors are most intensely focused on the energy sector (39 percent of attacks) – over three times more than the next most frequently attacked verticals, critical manufacturing (11 percent) and transportation (10 percent).
Developing threats
In terms of the main types of threats that businesses are most concerned about, phishing leads the way. With this form, PDF documents represented the most common malicious choice for threat actors representing 42.4 percent of all total malicious file attachments.
As detailed in Capterra GetApp’s 5th Annual Data Security Survey, IT security managers consider advanced phishing attacks the top threat heading into 2024. As well as advanced phishing attacks being mentioned by 43 percent of respondents, AI-enhanced attacks (38 percent of respondents) and advanced ransomware attacks (mentioned by 33 percent of participants) stand as the most concerning threats for the next 12 months.