Cybersecurity digest 2023: a year in review

This content appears in our monthly email Security Digest, which unpacks recent security incidents, detailing what you should know, and what you should do. Sign-up to receive this digest below.

As the sun sets on 2023, it’s time for a retrospective glance at the cybersecurity landscape that has both challenged and advanced our industry over the past twelve months. 

Ransomware preys on smaller companies exclusively

This year, a troubling trend became much clearer: smaller businesses are the preferred targets of cybercriminals. A whopping 70% of successful ransomware attacks were against companies with a headcount of fewer than 500 employees.  

What you should do

This trend is a wake-up call for small businesses to bolster their defenses and recognize that no one is too small to be on a hacker’s radar. 

The Art of Deception: Business Email Compromise

Ransomware may have been the focus of many a CISO and risk manager’s priorities, but Business Email Compromise (BEC) stealthily climbed the ranks, becoming the criminal actor’s tactic of choice. By choosing to commit financial fraud by hijacking email conversations and manipulating people the old-fashioned way via deception, using increasingly sophisticated phishing as the main tool for compromise. 

What you should do

Tackling BEC is not just a technology problem, but a situation that involves improving processes, and constant awareness of the team to help spot troubling trends in communication 

Microsoft’s Digital Defense Report has many such interesting observations that might be beneficial for security and risk management leaders. 

Remarkable observations:

Identity Attacks: An Unrelenting Foe 

From Microsoft’s Digital Defense Report, another finding is critical in our understanding of how the landscape has evolved over the past year. Brute force attacks and the exploitation of valid accounts remain prevalent, underscoring the critical need for robust identity and access management strategies. Our digital personas are under siege, and the battle to safeguard them is far from over. 

The Law Takes a Stand 

In a landmark move, the SEC took SolarWinds and its Chief Information Security Officer to task, charging them with fraud for cybersecurity misrepresentations and failing to disclose known vulnerabilities. This legal action signals a an increased appetite for the authorities and regulators to crack down on what they may perceive as inaccurate statements. Read the indictment here. 

Looking Ahead: Innovations on the Horizon

As we pivot to the future, there are rays of hope that shine through the ominous clouds of cyber threats: 

Automated Defenses

The evolution of conditional access policies, especially those advocating for Multi-Factor Authentication (MFA), is set to elevate our security game. Automation could be the ally we’ve been waiting for. 

The Dawn of Passkeys

Passwords may soon become relics of the past as passkeys emerge. These digital keys are not just more secure; they’re user-friendly, signaling a potential revolution in how we authenticate our digital identities. We at Kalles Group hope to have more guidance for you to share as this becomes available in early 2024 in M365.

As we gear up for 2024, the lessons learned, and the innovations introduced in 2023 will undoubtedly steer us through the ever-evolving cybersecurity odyssey. Let’s embrace the challenges and triumphs of the past year as steppingstones to a more secure tomorrow.