The Current Climate
Top 10 Current Business Risks
According to Aon’s 2023 Global Risk Management Survey, cyber attacks remain the number 1 risk to businesses, both currently and for the future, as they were in the last survey (2021).
From the report:
“Cyber risk did not come into the top 10 until 2015, but it has since risen in importance and became the number one risk globally in 2021 and again in 2023.
Corporate digitization programs as well as increases in remote working and the widespread use of automation and service centers mean that cyber exposure is a critical aspect of overall organizational success. Mitigation actions and protocols can quickly become ineffective as soon as attackers shift their tactics. As Aon’s 2023 Cyber Resilience Report highlights, ransomware attacks were more than 1,010 percent higher in the third quarter of 2023 than they were in the first quarter of 2019, even though they declined in 2022. The overall rise in malicious activity is evident in regular news reports of breaches and exemplifies the need for continued vigilance and proactive protections.”
Click on the image above to read the key findings report with breakdowns by region and by the respondent’s role.
Ransomware Rising
- The number of attacks from January through November of this year is approximately 85% greater than the same timeframe last year.
- The number of attacks in November alone is 67% more than November of last year.
Spam and Scam Calls Stats
Do you answer unknown calls on your cell phone? Or respond to unknown texts? No judgment whether you do or don’t, but this data may make you think twice.
TrueCaller, a global communications provider, recently released its first Monthly U.S. Spam and Scam Report. And it has some appalling numbers.
- Americans receive 2.1 Billion spam calls each month
- The average American individually gets 5.6 spam calls a month
- The average spam call is 3.36 minutes long
Their information ranks Georgia 6th and South Carolina 2nd in the Most Unwanted Calls on average per user per month. It’s not a top 10 we really want to be in.
The image below shows details for Georgia. You can click on it to see the other findings and look at other states’ stats.
So that’s where we are, our current climate.
That’s the reality we live and work in.
I don’t share this information to be full of doom and gloom. I share it like a warning sign on the road of a sharp curve ahead or a low gas indicator in your car. If you don’t slow down, you could take the curve too quickly and have an accident. If you don’t stop to get gas soon, you could run out and be stuck somewhere inconvenient or even dangerous.
The point is to be aware so you can prepare.
- Teach your team about the risks and how to properly handle them.
- Make sure you have multiple layers of protection built into your business.
- Don’t freak out, but don’t be complacent. Check on your cyber insurance coverage.
- Test your business continuity and incident response plans.
- If you have questions, ask them. Even when you don’t like the answers, it’s better to know so you can move forward.
News and Updates
Chrome Padlock Icon Change
Have you looked at the address bar on a website in Chrome lately?
Google Chrome made a change recently, and it’s likely you never even noticed. It’s also okay if you didn’t. But here’s the explanation.
The padlock icon (left) has been changed to the tune icon (right) shown below.
They changed it because the padlock was misleading, or more accurately, misunderstood by most users.
The Chrome Security Team explains:
“Replacing the lock icon with a neutral indicator prevents the misunderstanding that the lock icon is associated with the trustworthiness of a page, and emphasizes that security should be the default state in Chrome. Our research has also shown that many users never understood that clicking the lock icon showed important information and controls. We think the new icon helps make permission controls and additional security information more accessible, while avoiding the misunderstandings that plague the lock icon.”
So now you know. And you can click on the tune icon, or the padlock still in use on other browsers, and access the security controls you never knew you always had access to.
Cyber Crime Marketplaces on the Open Web
This news is less positive but still important to know.
KnowBe4 breaks it down:
“According to cybersecurity vendor ZeroFox, cyber crime marketplaces are beginning to shift to the open web. One such marketplace is OLVX, available using a .cc top level domain. This marketplace sells services and products including:
- Ph|shing kits
- Remote desktop connections
- Cpanel credentials/access
- Webshells
- Spam sending platforms
- Stolen data
- Webmail access
By moving to the open web, it becomes easier to leverage traditional Internet services and platforms like Telegram, social media, SEO, etc. to act like any other legitimate business that seeks to advertise, outreach, and direct potential customers to their website.
This shift to the open web makes cyber crime tools much more accessible; something that organizations should be concerned about, as it means more players in the market, higher frequencies of attacks, better tools and techniques used over time, and – potentially – a higher likelihood of successful attack.”
Russian Hackers Indicted
But to end on a higher note, the Department of Justice put out a press release about this.
Two Russian Nationals Working with Russia’s Federal Security Service Charged with Global Computer Intrusion Campaign
“The indictment…alleges the conspiracy targeted current and former employees of the U.S. Intelligence Community, Department of Defense, Department of State, defense contractors, and Department of Energy facilities between at least October 2016 and October 2022. In addition, the indictment alleges the conspirators – known publicly by the name “Callisto Group” – targeted military and government officials, think tank researchers and staff, and journalists in the United Kingdom and elsewhere, and that information from certain of these targeted accounts was leaked to the press in Russia and the United Kingdom in advance of U.K. elections in 2019 [designed to influence that election].
As a common example, the conspirators used ‘spoofed’ email accounts designed to look like personal and work-related email accounts of the group’s targets. The conspirators allegedly also sent sophisticated looking emails that appeared to be from email providers suggesting users had violated terms of service. These messages were designed to trick victims into providing their email account credentials to false login prompts. Once the conspirators fraudulently obtained the victim’s credentials, they were able to use those credentials to access the victims’ email accounts at will.”
Read the full DOJ press release here.
Granted, this is an indictment, not a conviction. But you can see the methods used and learn from that. And this shows that the partnership among agencies can be effective in bringing down criminals. It can seem like they run unchecked with all the hacks and breaches we hear about, but just keep staying alert and reporting anything you’re not sure about. You’ll not only protect your own company better, you’ll help others down the road as well.
