Magazine menu Close Magazine menu

Threat intelligence

What a year of changing cyberthreats can tell business

Knowing which threats are on the rise can help your business stay ahead. Here are some your business should look out for in 2023.

Author

Suraya Casey

Art by

GettyImages

Published on

Jan 25, 2023

minute read

Share article

Art by

GettyImages

Share article

cybersecurity predictions

For business leaders, knowing what’s changing in cybersecurity helps you recruit the right people with the right skills today for what you’ll soon need.

Kaspersky’s 2022 Security Bulletin (free download) analyzes which attacks their global cloud service Kaspersky Security Network (KSN) has detected, blocked and disabled over the past year. There are some numbers your business will want to know about.

15 percent of users had a malware attack

Kaspersky Security Network blocked malware-class attacks on some 15 percent of users in 2022, or around 1 in 7. This shows just how common malware is.

The malware class of attacks covers familiar cybercrime tools like viruses, trojans and ransomware. The countries where Kaspersky’s software blocked the most malware attacks in 2022 were Tunisia, Taiwan and Algeria.

ciso turnover

Related article

Keeping your CISO engaged will benefit your business. Here’s how.

With poor retention rates, businesses must act to make sure they don’t lose their Chief Information Security Officer (CISO.) And CISOs can play a part too.

  • Leadership
  • min read
    • Between stress, overwork and constant new threats, Chief Information Security Officers (CISOs) face countless challenges. And the security of nations, businesses and society relies on their doing everything they can to rise to the challenges. Growing complex threats and the rapid shift to remote work complicate an already expansive role. Today's CISO needs technical skill and the ability to respond fast to reputation-damaging breaches like ransomware attacks. High stress, low retention Many CISOs haven't been in their role long. Research by Cybersecurity Ventures in 2020 found nearly one in four (24 percent) of CISOs in US Fortune 500 companies had been in their job just a year. A further 16 percent had been in post for only two years. There's no single reason CISOs move around more than other C-suite executives, but higher stress probably plays a part. UK domain registry Nominet's 2020 CISO Stress Report found 88 percent – around nine in 10 – CISOs said they were "moderately" or "tremendously" stressed. The same report found average CISO time in post was just two years and two months. Seasoned CISO Matt White, once fashion brand Chanel's Global Head of Information Security Strategy and co-founder of software-as-a-service platform XaaS, thinks CISOs' biggest challenge is lack of understanding from companies and boards. CISOs have an uphill battle – under-resourced with budget and staff while battling red tape and bureaucracy. Relationships make a fulfilling role What can CISOs do to find a role where they feel fulfilled? White suggests considering what a potential employer wants from a CISO. Do they want change or someone to continue the status quo? Although it may be hard to assess before joining, a CISO should investigate how well the organization has established and resourced its cybersecurity. White adds, "It's paramount to understanding the type of company, its level of maturity and how supportive the board may be of changes." If the last CISO left because they didn't have the financial resources or headcount for a good cyber defense strategy, a new CISO should make sure there's since been change. Kaspersky research, in association with Longitude, a Financial Times company, found a closer relationship between the C-suite and cybersecurity teams leads to better security outcomes. Over a quarter (26 percent) of survey respondents said they believed "strong integration between the C-suite and cybersecurity teams will be very important in the next two years." This group also reported they were better prepared to deal with the impact of cyberattacks. It's important senior managers get involved in elements of cybersecurity. If CISOs foster strong relationships with C-suite colleagues, they can help those executives better understand challenges facing IT security. Continuous skill development With new threats and cyber challenges cropping up daily, CISOs must keep their skills and technical knowledge up-to-date. But their role also demands a range of 'soft skills.' "CISOs, like all C-suite roles, need continuous development, not just with technical skills," says Naveen Vasudeva, Founder and CEO of United Arab Emirates-based CyberTree Paradox, a cybersecurity firm focused on small-to-medium enterprises. "The CISO must be a diplomat, skilled in communicating technical things simply, so others can understand and take action." To thrive in their career and ensure a long tenure at companies they enjoy working for, CISOs should build their skill base. This will mean they're as prepared as possible for challenges that come their way. But if a CISO finds they're completely exhausted and can't perform their job because of lack of company support, the best option may be to seek greener pastures. Strong teams are everything C-suite executives have a vital role in improving CISO working conditions and retention. Not all C-suite members can gain a comprehensive understanding of cybersecurity. Those who do develop that understanding can show inclusive leadership and better support the CISO. A CISO is only as effective as the team they lead. Highly skilled cyber professionals are in hot demand, hard to retain in a competitive market. A Cybersecurity Ventures 2020 study found unfilled cybersecurity jobs grew 350 percent in the eight years to 2021. A CISO may enter a business and find their staff don't have the right skills, making it hard to succeed in their role. Vasudeva thinks selecting the right team is the difference between success and failure. "You can't do it all, and you shouldn't. Pick skills in your team you can rely on and help them develop their next moves, so you can develop yours. It's about leadership, not management – there's a massive difference." Short tenure hurts CISOs and companies, so everyone involved should address the issue. Kaspersky's 2020 global business survey backs this up, with 38 percent of respondents saying lack of consistent management in IT security is a challenge. Being a CISO for just a year or two isn't enough time to make a real difference or embark on transformational projects, let alone change corporate culture. There is no one way a CISO can fully protect themselves from short tenure, but if they focus on enhancing their skills, build relationships with executives and create a strong team, they will likely find themselves in a strong position. C-suite colleagues have an important role to play in retaining CISOs too – raise your cybersecurity understanding so your CISO can rely on your support.

506 million web-based attacks

Web-based attacks result from users downloading files that then trigger a cyberattack. These might come from websites made by cybercriminals, infected online resources within user-created content (like online forums) or legitimate resources that cybercriminals have hacked.

Cybersecurity education can be a powerful tool in preventing web-based attacks. Heathrow Airport has a novel staff cybersecurity education that carefully targets those needing it most with 10-minute online learning modules.

1.4 million cryptocurrency mining attempts

Cryptocurrency mining is very much on the rise. Kaspersky Security Network detected around 1.4 million attempts to install mining software in the past year.

Cybercriminals hack computers and use their processing power to make money by ‘mining’ cryptocurrency.

Mining means digitally solving complex mathematical problems that verify cryptocurrency transactions, which also earns cryptocurrency. It slows devices and uses much electricity.

In November 2022, Kaspersky announced they’d seen a 230 percent growth in cryptocurrency mining in the third quarter of 2022 compared with the same period in the year before.

102 million attempts to visit malicious URLs

Malicious URLs are a common tool in ‘phishing‘ attacks – when cybercriminals send emails inducing recipients to click on links, downloading malware.

Endpoint security is vital in protecting against phishing, as is employee cyber-awareness.

377,000 attempts to steal money

Kaspersky’s software identified and blocked 377,000 attempts by financial malware to steal from online bank accounts, ATMs and payment terminals in 2022.

These attacks were often in the form of ‘banking Trojans‘. In early 2022 a particularly sophisticated money-stealing Trojan popped up that masquerades as a banking app and imitates phone conversations with bank employees. The app fooled many, highlighting the need to teach employees ‘cyber hygiene’ – like remembering to pause and think before downloading anything. Those who provide legitimate apps or financial services might also reflect on how they can show customers their products are trustworthy.

These big numbers in cybersecurity over the past year show how threats to business are growing and changing. Cybercriminals always find new ways to get through consumers’ and employees’ defenses. By combining hiring the right people with robust cybersecurity education and strong security solutions, your business will greatly reduce its chances of a serious attack succeeding. Then, you can spend your time on what you do best.

Keywords

Kaspersky Security Bulletin 2022

Find out which attacks Kaspersky Security Network (KSN) detected, blocked and disabled over the past year in our free report.

Get report

About authors

Suraya Casey

Suraya Casey is a freelance writer, editor and content strategist based in New Zealand. Her interests include cybersecurity, technology, climate, transport, healthcare and accessibility.

More articles by Suraya

Suggested articles

by Innovating leaders.
Innovative tech.
About Secure Futures

Secure Futures magazine is your go-to business guide for opinions, trends and insight into the world of technology and cybersecurity. We help your business to bring on the future. Brought to you by Kaspersky, the global cybersecurity experts.

  • For all other countries