With ransomware attacks surging globally, awareness of cyber threats is at an all-time high. Now, insurance provider Allianz has released its annual Cyber Security Trends report, providing crucial insights businesses need to know.
The report highlights developments across the cyber landscape from early 2022 through mid-2023, touching on the ongoing evolution of threats like ransomware, the role of human error in enabling breaches, the need for rapid detection and response capabilities, and more.
In this blog, we’ll summarise some of the top takeaways from the 31-page report. Key focus areas include the prevalence of supply chain attacks, the cybersecurity skills gap, the risks posed by mobile devices, and the importance of boosting employee security awareness.
Let’s get started.
The key takeaways from Alianz’s ‘Cyber Security Trends’ report.
Ransomware still dominates the threat landscape
Ransomware attacks surged 143% globally in early 2023, the report reveals.
These attacks are often successful because staff click on phishing links or fail to patch known software vulnerabilities.
Ongoing security awareness training is essential to avoid falling victim. Supply chain attacks, where hackers infiltrate vendor systems to steal customer data, are also increasing. Rigorous vendor risk assessments are crucial for managing your organisation’s level of risk.
Mobile devices are a growing target
Organisations are seeing more attacks aimed at mobile devices, according to Allianz. These endpoints often lack security controls, while employees commonly mix personal and corporate data on them. Implementing mobile device management policies helps secure these risky assets, and awareness should be raised among your team.
The cyber skills shortage increases exposure
With limited cybersecurity professionals available, many companies cannot adequately staff security teams.
Allianz advises focusing on employee training programs to fill the skills gap. Partnering with managed security providers can also help strengthen defences.
Human error contributes to breaches
Simple mistakes like misconfigured systems, inadequate system monitoring, and poor data management practices frequently contribute to breaches.
To reduce errors, organisations need proper cybersecurity awareness training, IT governance frameworks, internal auditing, and data retention policies.
Rapid detection and response is critical
Once attackers infiltrate systems, incidents often escalate rapidly into costly breaches. Allianz stresses early detection capabilities, like SIEMs and SOCs, are vital to spot intrusions quickly before major damage occurs.
Having an incident response plan, retaining specialist vendors, and conducting exercises also improves reaction time.
The top 10 findings from Alianz’s ‘Cyber Security Trends’ report.
- Ransomware remains the top cyber threat, with attacks surging 143% globally in early 2023.
- Supply chain attacks are increasing as hackers infiltrate vendor systems to access customer data.
- Mobile devices are a growing target due to weak security controls and the mixing of personal and corporate data.
- The cybersecurity skills shortage makes organisations more vulnerable to attacks.
- Human errors like misconfigurations and poor data practices enable many breaches.
- Early detection of attacks is critical to prevent escalation into major incidents.
- Having an incident response plan and retaining specialist vendors improves reaction time.
- Business email compromise scams are becoming more sophisticated using AI-generated content.
- The Internet of Things and 5G networks will expand the threat landscape as more devices connect.
- Data exfiltration attacks are surging, with stolen data leveraged to demand larger ransoms.
In short, while deploying robust technical controls remains important, continuously improving employee cybersecurity awareness and implementing governance procedures to avoid errors is fundamental.
Addressing the human element is key to reducing cyber risk. At Bob’s Business, that’s what we do.
Our NCSC-approved cybersecurity awareness training courses give your team the knowledge they need to protect your business, while our simulated phishing training gives your team hands-on experience in receiving and spotting phishing attacks.
Ready to learn more? Discover our range of solutions or chat with a member of our team.