Payment Security 101
Learn about payment fraud and how to prevent it
Every year we see an increase in cyber attacks globally and 2023 was no exception. This year we saw an increase in data breaches, phishing attacks, business email compromise attacks and more. The theme in the news and beyond was around organisations of all sizes starting to tighten their belts when it comes to cyber security, as tactics are becoming more refined and evolving faster than ever before.
In 2024, we can expect to see more of a focus on improving security when it comes to cloud services and digital infrastructure. Last year, with an increase in cloud computing came a steady increase in cyber attacks in this space. Within the cloud and IoT space, organisations will be fighting against possible data breaches, disruptions or even data loss this year.
Another trend we predict will become a theme in 2024 is the introduction of passwordless authentication. At the end of last year, Google launched Passkey as secure way for users to access their accounts without having to remember their passwords. Instead, this feature allows the user to login with a fingerprint, face scan or pin. The technology relies on cryptography, making it more secure and phishing resistance than previous measures.
At the end of 2023, we saw a stir of conversations related to generative AI usage, especially as it pertains to cyber criminals using it for financial gain at the expense of political figures and celebrities. We can expect to see governments investing time and resources into trying to monitor and regulate generative AI usage. Which ties into our final prediction, captured in a recent article by Chuck Brooks from Forbes. The article highlights an expected increase in cyber security regulations specifically focused on mitigating space attacks.
His article states “the security risk management of satellites and space will emerge as a top priority among both the public and private sectors.” There’s been a clear gap identified in the level of protection surrounding satellites and spaced-based communication and sensing. We can expect this to be a key conversation topic in the media this year.
And with that, we leave you with the latest, greatest (and most alarming) cybersecurity statistics to know in 2024:
The cost of cybercrime is continuously snowballing as cyber criminals get smarter and governments work to find ways to keep up with new strategies and tactics. This research also included the compounded consideration with the rising costs of damages associated with cybercrime, forecasting this cost could read $10.5 trillion by 2025.
Our team at Eftsure cross referenced this data with our own and in 2023 we successfully identified and stopped more cyber attacks against construction and manufacturing customers than those in other industries.
A key theme we saw at the end of 2023 was executives discussing the things that keep them up at night: data breaches and security. It’s no surprise seeing the rising cost of data breaches. Not to mention, this dollar value doesn’t account for the reputational damages incurred as well.
Companies are feeling the pressure to implement improved controls and tighter security measures in an attempt to protect their own data and the data of their suppliers or customers. In finance departments, CFOs are looking to protect their teams from phishing attacks, BEC attacks, and more.
In the ASD Cyber Threat Report 2022-2023, a number of emerging trends were identified with the growing number of attacks. These include cybercriminal continuously adapting tactics to increase the max payment from victims, data breaches which left millions of Australians impacted, and an increase in cybercrime costs.
An interesting statistic, which ties into a forecasted trend we will hear more about in 2024: space cybersecurity. In a recent Forbes article, Chuck Brookes backs this by stating “The economic sustainability of the free world depends on space-based global communications and sensing. Unfortunately, many of the platforms lack adequate protection, and hence, space cybersecurity will play a significant role in protecting key infrastructure.”
We expect to see more conversations at government levels about space and cyber security, especially closely tied to conversations about local militaries.
In the same survey, 98% of CFOs said they feel cyber-crime is growing globally, adding a layer of anxiety as finance professionals tend to be one of the top targets for phishing scams within organisations.
Given these numbers, it’s highly likely most of these companies haven’t considered proactive protection measures to mitigate the risk of an incident. Regardless of levels of preparedness, it’s always important to have a response plan in place, especially when we consider some cyber attacks can take a matter of minutes to successfully compromise systems or extract data.
According to Statista, the global cyber insurance market is expected to grow tremendously over the next five years. Some factors that come into play as why the market is expected to grow is from the increase in cyber threats, awareness of cyber risks, regulatory requirements, lack of in-house expertise such as IT teams or internal processes and growth in technology.
This includes ongoing concerns and fears around ransomware attacks, cloud outages, IT system failures and threats of cyber war.
The healthcare industry runs the highest costs for data breaches, with the average cost of a single data breach sitting at 11 million USD.
Which doesn’t pair well with the associated costs on the rise when it comes to these attacks.
The report notes the reduction in financial losses can be attributed to the increased efforts from financial institutions to keep criminals from attacking their customers. However, the numbers are still glaring and there’s still plenty of space for improvement.
It only takes one person to accidentally become the driving force behind a breach large enough to take down an entire organisation. This could be as simple as an employee clicking on a malicious link. Which is why organisations are increasingly investing in cyber awareness training for their employees to reduce the risk of a successful attack.
Adding even more emphasis on the need for people to become aware and vigilant, seeking protective measures rather than relying on reactive resolutions.
Despite the evolving cybersecurity challenges in an office setting, it’s evident remote working can costs organisations a lot more in comparison.
Changes in workplace standards meant a higher number of employees working remotely. Cybercrime increased, with phishing being the most common method.
The more popular video conferencing software Zoom becomes with companies bringing employees into remote work, the more cyber criminals will adapt their techniques to that format. Recently, we’ve seen reports of cyber criminals selling compromised Zoom accounts on the dark web to increase their chances for more data breaches.
These statistics show the risks many companies are taking when it comes to potential data breaches. Unsafe device access is an easy way for attackers to find an entry into company servers and access private data. At the very least, organisations should be looking to tighten their access requirements to be on corporate devices only.
According to a recent study, more people are using cloud services and iot devices that were never before part of a company’s security perimeter. More cyberattacks and security breaches are now a result of this and IT managers are now struggling to keep up with managing all these new technologies.
This statistic is also mentioned by several tech experts in their 2024 forecast as their biggest area of concern. Cloud adoption was huge in 2023, and with great acceleration comes even greater risk. This will be an area where CISOs and other security professionals turn to improved procedures, security and automation.
Up until this year, the largest DDoS attack on record was in 2018, but Google’s latest Distributed Denial of Service Attacks were said to be 7.5 times bigger than any other on record. Attacks can last from minutes to hours.
Cisco’s data also pinpoints the United States as the most frequently targeted region, generally focused on Microsoft-based systems and services.
Once again enforcing the increased focus on cloud security in 2024.
The finance industry has the most data and capital, making them a highly sought after target.
Every year, the number of Distributed Denial of Service (DDoS) attacks increases, and the industry that receives the most targets is finance because they have the most amount of data and capital. These attacks can last from a minute to an hour depending on the company’s security controls.
With this number only on the incline, we can expect to see higher numbers in 2024. These scams are also known as vishing (voice phishing) scams.
For older Australians, their lack of understanding of mobile phones makes them vulnerable to mobile scams because they have less familiarity with modern technology. The advancement of technologies has only made it easier for scammers to target people like them.
The data shows Australian’s lost a reported $28 million to phone scams in 2022. Following closely behind text phishing scams were over phone calls (29%), where Australian’s reportedly lost the most, landing at $141 million dollars.
There’s more awareness when it comes to email phishing, making it a bit harder to trick the end recipient as they are naturally more critical now than years before. However, with the rise of SMS phishing, there’s still work to be done.
The same study said 54% of Australian survey respondents said they would prefer to deal with the stress of monthly tax filings than cope with scam messages all year long.
1.2% equates to 3.4 billions phishing emails being sent daily. Because of the nature of phishing emails, and cyber scammers growing increasingly clever, it’s no wonder even the most savvy of people can fall victims to these attacks.
Despite organisations having tactics such as segregation of duties in place, things can still slip through the cracks without proper process or automation in place.
IBM’s 2022 Data Breach Report noted phishing scams tend to take the third longest mean time to be identified. As a result, these breaches can cost organisations the most, with an average of 4.91 million USD.
Scamwatch data reported losses amounted to $13.7 million in 2022, which was a 95% increase from the year before. It’s said the biggest contributor to these losses were through payment redirection scams, known as business email compromise.
If you’re a small or micro business owner and you haven’t considered adding payment protection for your business, have a chat with our team at Eftsure to see why businesses Australia wide trust our payment technology.
In the FBI’s latest report, Phishing, Vishing, Smishing and Pharming account for the largest number of attacks.
Between April and September 2020, there were over 4.5 million phishing attempts made. More recently in 2023, WhatsApp scams are growing in popularity along with other instant messaging platforms such as Telegram.
Which explains why the costs associated with phishing and scam attacks continue to rise year over year. Individuals, organisations and governments are constantly trying to stay alert, aware and vigilant when it comes to phishing.
Although we’ve successfully closed another year without a record setting data breach, several companies still became victims to data breach attacks and data ransom. Companies include Microsoft, MOVEit, ChatGPT, US Department of Transportation and more.
Spear phishing emails are more tailored than regular phishing emails. Meaning they appear to be more realistic to the reader. When the reader clicks the link, the scammer is able to access the device to retried personal identifiable information.
However, not always intentional. Many data breaches are caused due to human error, but regardless a staggering realisation to know many data leaks are caused from internal sources.
Lots of confidential information is stored in hospitals, especially in the healthcare industry. Moreover, due to tight timelines, hackers have an easier time conning staff to elicit sensitive information.
In 2021, cyber criminals have accomplished the exposure of an astonishingly large data leak of over 700 million LinkedIn users, exposing their names, addresses, phone numbers, and email addresses, as well as their LinkedIn profiles. The hack followed the same method used in the extremely damaging April penetration of their users’ information that hackers also uploaded to the dark web for sale.
Alongside X (formerly Twitter) was the 2023 AT&T breach which exposed approximately 9 million customers personal data. These are just noteworthy breaches, as of October 2023 there were hundreds of other publicly disclosed incidents.
Although the world of AI is moving at a rapid pace, there’s still much to be explored. As much as we expect to see acceleration with AI, we can also predict several attempts for government agencies to add improved regulations.
Although the cost of investing in cyber security is on the rise, data shows it pays to get on board with early adoption. This also includes encouraging organisations to consider streamlining their paid vendors, to ensure a cluttered list of apps and services don’t end up becoming an additional risk factor in itself.
Generative AI is not only adding concern on consumers, but it’s a massive driver for businesses and governments to monitor and be mindful of as videos surface where key political figures have been manipulated into falsified statements. These videos can look so realistic, even the people in the videos have had to take a double take on if the events happened or not.
A reputable security company said it picked up a 135% increase in sophisticated scam attacks leveraging AI in the first month of 2023.
Every company and every person has sensitive data that needs protection. Luckily, it’s never too soon or too late to start protecting your business and or personal information from thieves and criminals. Cybersecurity is all about preventing unauthorised access to, use of, disclosure of or damage to an organisation’s assets (in this case, data) by malicious activity.
Every business needs to have cybersecurity as their top priority, particularly the CFO, who is most targeted. In order to stay ahead of cyber attacks, employees should be vigilant in the following:
– Regularly change passwords
– Examine carefully any emails that may contain a malicious link
– Limit access to sensitive data
– Update software regularly
With cyber crime presenting a large risk to their finances, a modern CFO cannot afford to be complacent. Being the Chief Financial Officer requires that a person have an extensive understanding of the risk involved with cyberspace and the consequences it may have on their duties.
Here is a list of cybersecurity tips and best practices to get you started:
– Use complex passwords across different devices and accounts
– Enable 2-factor or multi authentication
– Check for HTTPS on websites
– Back up data
– Avoid suspicious emails links or attachments
– Use VPNs
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.