5 Cyber Security Threats Every Business Should Watch for in 2023

As cyber security incidents have become more prevalent and newsworthy in recent years, businesses of every size have become more aware of the threats they face at the hands of cyber criminals. But with uncertain economic conditions, high employee turnover and changing workplace models, the threats continue to shift, requiring extra diligence and vigilance by business owners.

In a recent conversation, Michael Argast, Co-Founder and CEO of Canadian cyber security firm Kobalt.io shares the top cyber trends to watch out for in 2023 – and how to help protect your business from them.

1. Financial fraud attacks are on the rise

One of the untold stories of 2022 that’s continuing in 2023 is a significant rise in financial fraud attacks. Argast explains, “This is where an attacker is able to get into a customer environment, and by inserting themselves into a business’ email system, they can convince a customer, supplier or vendor to misdirect funds to an illegitimate source.”

He further explains attackers often monitor an email system for lengthy periods, scanning correspondence between suppliers and contractors about financial matters. When a large transfer comes up, they can insert themselves into existing communication threads and convince one of the parties to send funds to the wrong destination.

Top 3 Fraud Scams: Keeping Your Business Safe When Making or Accepting Payments

Relying on an increasingly sophisticated set of technical tools that allow attackers to penetrate the environment, combined with enhanced social engineering tactics, this attack is very effective because their email communications look legitimate. “You have no reason not to trust the request because you’ve trusted 10 – 15 other exchanges in that thread,” explains Argast.

2. Ransomware remains a threat

According to a recent RBC survey, 44 per cent of small business owners think their business might be a victim of cyber crime in the next 12 months, while 32 per cent admit they’re not prepared for a potential cyber attack.

In recent years, Argast and his team have noted changes in ransomware complexity and sophistication and a shift from primarily consumer-focused attacks to business-focused attacks.

“Ransomware incidents have become much more long-term, and criminals are more persistent, waiting until they have a really strong footing in an organization so they can take it down as a whole.” Attackers may lock down systems, steal consumer data and blackmail organizations, which he notes is a shift in behaviour.

On the upside, Argast explains that many businesses have shifted to the cloud, helping to insulate them more from the impact of ransomware. “If you don’t have a lot of servers on-site, if you don’t have a lot of critical data on your laptops, the ability for ransomware to impact your business effectively is dramatically reduced. Organizations are benefitting from that shift to the cloud organically,” he says. He adds that top-tier cloud service providers tend to be very good at securing their systems.

3. Remote work creates vulnerability

While workers across Canada have begun returning to the physical workplace, remote and hybrid work models are still very common. These may cause gaps in a business’ cyber security protections.

“One of the biggest challenges for businesses is that it’s harder for you to validate what’s going on from a communications perspective,” says Argast. “You can’t walk across the hall and talk to your financial officer. You’ve got to trust digital communication.”

Without the opportunity to have face-to-face conversations about financial matters, he recommends that businesses assume that email is a compromised communication chain. Therefore, validating through other channels is vital, particularly when instructions might cause financial harm.

4. A multi-channel world creates risk and opportunity

According to the CRTC, 83 per cent of phishing messages were sent by text over three months last year. As businesses begin relying on various channels — between Slack messages, emails, texts and social media — employees get overloaded with messages. “When we’re dealing with a volume of messages coming at us every day from diverse channels, it’s hard to be as consistently vigilant as when we were just concerned about email scams,” says Argast.

However, the benefit of a multi-channel environment is that if an employee receives an email they’re not sure about, they can text, call or Slack the sender to validate it. “It’s less likely that an attacker has compromised both your email and messaging systems.”

5. Government regulations force action

Until recent years, Canada and the United States have lagged behind Europe regarding government regulations to protect private data. The General Data Protection Regulation (GDPR), which came into force in 2018, is a regulation that harmonizes national data privacy laws throughout the EU and enhances the protection of all EU resident’s personal data. “The standards from the GDPR are being brought to North America as we speak,” says Argast.

He adds that some rights and protections exist today that did not exist a couple of years ago. “So it’s really important that businesses familiarize themselves with them and find ways to bring their systems and processes into compliance because the fines can be up to 5 per cent of your annual revenue.”

Businesses can find a listing of privacy compliance regulatory standards on the Kobalt.io website.

Listen to a recent podcast with Kobalt.io’s Michael Argast and RBC’s Chief Information Security Officer Adam Evans (read re-cap)

While businesses can’t stop all cyber security attacks from happening, being aware of current threats and being prepared for the ones that are most likely to impact your business can help keep your company, your employees and your customers safe. The right advice and support can also help you stay up-to-date on the threat landscape and recovery-ready at all times.

Share This Article