The Evolution of the Cybersecurity Threat in 2023

The digital world has, according to McKinsey, just opened Jurassic Park…without the electric fences. In fact, organisations aren’t even sure what kind of fence they need. The threats, now powered by generative artificial intelligence (GAI) capabilities and driven by syndicates determined to get their digital fingers into the business, are evolving at pace. And these threats are further complicated by an increasingly complex regulatory landscape that’s holding companies liable for breaches and security misdemeanours.

 

In short – security is a problem.

 

The statistics aren’t painting a pretty picture either:

  • 53% of respondents to a McKinsey survey have cited GAI as cause for cybersecurity concern – only 20% are putting systems in place to counter it.
  • 75% of employees are likely to acquire technology without visibility from the IT team – shadow IT remains a considerable threat, according to Gartner.
  • 88% of executives believe that security is less a technology risk and more of a business risk, says the same Gartner report.
  • The PwC 26th Annual Global CEO Survey found that 48% of CEOs are increasing investments into cybersecurity or data privacy.

 

The threats are also evolving

Cybercriminals are leveraging emergent technologies to enhance their threat and attack methodologies making them faster, more intelligent and more pervasive than ever before. Organisations are staring at the digital T-Rex and wondering how they’re supposed to stop it from eating their data when they’re not even sure which way it’s going to go.

PwC believes that phishing and deepfakes are rapidly becoming the most significant risks for the business. GAI is capable of creating incredibly realistic phishing emails, videos, and audio messages capable of fooling people very easily. In fact, there is a growing trend towards fake voice notes from the ‘CEO’ or another relevant executive to employees, asking them for password information or to make urgent payments on their behalf. The employee rarely realises that the person isn’t their superior until it is too late.

These high-level threats are capable of penetrating even the most rigorous security systems and this is putting companies at risk across multiple fronts.

A recent Microsoft Threat Intelligence report also highlighted shift in phishing attacks known as long-attack strategies. One group, Midnight Blizzard, used Microsoft 365 tenants that had already been compromised to undertake a series of social engineering attacks to gain access to credentials from targeted organisations. More than 40 companies around the world were affected by this attack.

Then there are the statistics – 73 incidents in August 2023 alone (at least those publicly released), nearly 80,000,000 records breached in the same month and a total of 629,097,913 records breached throughout 2023 to date. Twitter was the largest breach with 220 million records while the Electoral Commission in the UK was the biggest in the country for 2023 at 40 million records.

Which means that companies need security. They need the fence. And this is where Mint steps in. We help you build the right type of fence for your business, capturing your touchpoints and endpoints within a tightly woven security net that’s focused on people, platforms, processes and protection. We have a comprehensive security assessment designed to take a look at your cybersecurity infrastructure for a 360-degree view of your security and processes.

Recent Blogs