Payment Security 101
Learn about payment fraud and how to prevent it
The past year saw a surge in cyber-crime, with numerous high-profile companies falling victim to sophisticated cyber-attacks and the proliferation of ransomware incidents. Businesses are also increasingly concerned with vulnerabilities in critical infrastructure and supply chain security.
As we look ahead in 2023, cybersecurity experts expect cyber-crimes to become more sophisticated, driven by the use of artificial intelligence (AI). Experts are also anticipating continued rises in cyber insurance premiums. Business and IT leaders must work together to combat these evolving threats and implement best practices, incident response procedures and detection tools in the workplace.
To get a comprehensive understanding of the threat landscape in 2023, we’ll delve into the latest cybersecurity statistics, along with insights into the changing face of cyber-crime and the measures needed to protect financial assets and maintain business resilience.
Keep reading to explore the current state – and future outlook – of cybersecurity statistics in 2023.
According to the 2022 cost of a data breach report by IBM, the global average total cost of a data breach is $4.35M, growing at a record high. If we investigate further, IBM indicates that stolen or compromised credentials were not only the most common cause of a data breach, but also took 327 days to identify one. Other methods involve phishing, business email compromise, vulnerability in third-party software and malicious insiders.
With the increasing amount of cybercrime reporting, one cyber attack is being reported every 8 minutes rather than 10 last year. The Australian Cyber Security Centre defines these as more substantial than previous ones.
According to Statista, the global cyber insurance market is expected to grow tremendously over the next five years. Some factors that come into play as why the market is expected to grow is from the increase in cyber threats, awareness of cyber risks, regulatory requirements, lack of in-house expertise such as IT teams or internal processes and growth in technology.
Cybersecurity spending is rocketing in 2023 according to cybersecurity statistics. Three hundred Australian executives were surveyed and research demonstrates that 80% of Aussie businesses who are employing at least 200 people will increase their cybersecurity spending.
With the rise of cybercrime across the globe, more businesses are prioritising their cybersecurity expenditure into detection and prevention tools, insurances, and awareness training.
IBM research demonstrates the effective use of security AI and automation when combating cybercrime. For example, AI security and automation can assist businesses with threat detection and response. AI algorithms can be used to monitor network activity and detect unusual or suspicious behaviour that might indicate a cyber attack.
This provides businesses a quicker response time and improve incident resolution.
Identity theft can be exploited through various methods, like the use of someone’s name, credit card, address, etc. In response, organizations need to increase their defences against threats to minimise the risk of an attack and protect their critical infrastructure.
All it takes is one successful breach and the cyber criminals will gain access to an organisation’s digital environment. Most cyber security breaches exist due to human error which involves employees clicking on a malicious website, email link or attachment.
Phishing is a type of social engineering tactic where criminals create a fake email or website to trick people into clicking on a dangerous link or giving away sensitive information, like passwords, login details, or financial information.
Adopting digital controls to facilitate continuous oversight and compliance monitoring should be a priority for small and medium sized companies, as 60% of small businesses that fall victim to data breaches or cyber attacks fail in less than six months.
Cyber criminals and scammers have been trying all sorts of tactics, so you can probably expect the number of victims to rise this year. According to the ACCC Australians aged 65 and over fall victim to all types of scams in 2022.
According to the Global Cybersecurity Outlook 2023 report, business and cyber leaders believe global geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next two years. So what changes will these leaders make in response to the risk?
72-73% of business/cyber leaders suggest that they will strengthen policies and practices for engaging direct-connection third parties with data access, followed by strengthening controls with third parties who process data.
Cyber insurance premiums have soared in the past year as claims surged in response to a rise in damaging attacks by cybercrime syndicates. One of the main causes of increase insurance premiums is the growth of ransomware claims. Ransomware is a form of malicious software attack used by cybercriminals to block an organisation’s network for a ransom.
Cybersecurity statistics demonstrate the advances of technology. As technology continues to grow and improve overtime, it presents both benefits and challenges to organizations. While Artificial Intelligence (AI) security and automation can equip businesses with robust cybersecurity defenses, they can also be used against them.
It is therefore imperative for organizations to strike a balance between leveraging the advantages of new technology and effectively managing the associated risks through well-planned development strategies and robust risk management practices
Because of the COVID-19 outbreak, businesses are experiencing an increase in high-level phishing email scams. They are aimed at duping and luring employees into taking some type of action, like clicking a malicious link or opening an attachment containing a virus. Cyber security should be a priority now that remote work is common for many businesses.
Changes in workplace standards meant a higher number of employees working remotely. Cybercrime increased, with phishing being the most common method.
The IBM Cost of a Data Breach report found that the COVID-19 pandemic has had a tremendous impact on the way many organisations do business. This has impacted SMEs with the average cost totaling $137,000.
The more popular video conferencing software Zoom becomes with companies bringing employees into remote work, the more cyber criminals will adapt their techniques to that format. Recently, we’ve seen reports of cyber criminals selling compromised Zoom accounts on the dark web to increase their chances for more data breaches.
Working remotely for the first time due to the pandemic for many employees means not having easy access to important information about cyber security and how to be safe online, such as security and risk discussions within the company and advice that can be offered to co-workers in person.
There has been an increased amount of concern with phishing and malware, so businesses must address these issues with staff by training them on data handling, and reminding them of the company code of conduct and rule breaches. Working from home introduces new cyber risks, so staff must be adequately trained in their responsibilities as well as become aware of cyberattacks.
According to a recent study, more people are using cloud services and iot devices that were never before part of a company’s security perimeter. More cyberattacks and security breaches are now a result of this and IT managers are now struggling to keep up with managing all these new technologies.
According to a securelist report, it’s reported that the DDOS Intelligence system detected 91, 052 DDoS attacks. DDoS also known as a Distributed Denial-of-Service is a malicious attempt to disrupt a computer or system networks.
Recent years have seen an increase in DDoS attacks to the point where business networks have been brought to their knees with work at a standstill for hours on end. We see tens of thousands of unannounced, undetected DDoS attacks per day. These attacks are the most destructive and costly.
In 2021, an attacker deployed the most powerful Distributed Denial of Service attack on record. The bandwidth peaked at 1.5 Terabytes per second. The skirmish, which lasted for about 15-20 minutes, erupted.
According to Kaspersky, the largest share of DDoS attacks take place on Sunday and the fewest attacks occurred on Friday. These types of schedules in the way DDoS attacks occurred demonstrate a lot about the likely attackers.
Much like a ransomware attack, a ransom DDoS attack is where the attacker threatens to carry out a DDoS attack unless the victim pays them a ransom. RDDoS attacks are popular with 1 in 5 customers becoming victims of these attacks according to the survey conducted by Cloudflare.
The number of Distributed Denial of Service (DDoS) attacks is increasing every year, and the industry with the most targets is finance because they have the most amount of data and capital.
Every year, the number of Distributed Denial of Service (DDoS) attacks increases, and the industry that receives the most targets is finance because they have the most amount of data and capital. These attacks can last from a minute to an hour depending on the company’s security controls.
There are many types of cyberattacks in the cyber security industry, one being the ‘multi-vector cyber attack,’ which is a digital attack on a network with many entry points. It’s a more intricate type of cyber attack, making it difficult to protect against.
According to Kaspersky Lab, mobile attacks have plummeted from the second quarter of 2020 to the third quarter of 2021. This is surprising given that there were no major campaigns nor any newsworthy events that should have led to such a significant decline. This means that companies and individuals have to be on the lookout, as this is still a cyber security risk.
Managing mobile device security is a challenging prospect. Symantec discovered that one in 36 devices used in organisations is classified as high risk. Included among these devices were either jailbroken or had some form of malware installed.
Remote working during the COVID-19 pandemic soared and led to the increased reliance on smartphones for remote employees to access corporate assets and work tasks. This poses a risk to businesses with a rise in security incidents through mobile related attacks.
Several frauds and scams are associated with cell phones. A cyber criminal may impersonate your manager or another business and ask for your personal information through a phone call or text. Scammers are careful to disguise their numbers and alter their locations, even worse is when they infect mobile devices leaving your employees at risk.
Australian authorities have seen the increased frequency of scams that come in the form of suspicious phone calls or text messages. These scams are conducted by scammers who pretend to be from popular organisations, providers and supply chains.
For older Australians, their lack of understanding of mobile phones makes them vulnerable to mobile scams because they have less familiarity with modern technology. The advancement of technologies has only made it easier for scammers to target people like them.
All you need to activate a mobile scam is to click on a button or a link in an email. These scams appear to be coming from popular fake businesses. As soon as you click the link, malware will infect your device and will be able to attack your credit card information, sensitive data, text messages, and other important data stored on your mobile device.
Social engineering is the hacking technique of seeking detailed information, typically confidential data like login information, to break into a company. This often involves emails, mobile, and social media communications such as Facebook/Instagram as well as Open-Source Intelligence (OSINT).
Cyber criminals often have high threat intelligence when it comes to social engineering. The method is much easier than infiltrating a secure computer system or a secured computer network. To succeed criminals require in-depth knowledge about the organisation, so they can succeed in deceiving the targeted staff member.
Many Accounts Payable staff are targeted in spear phishing attacks, as they have access to
financial information and the ability to process outgoing payments. For example, a Barracuda study examined that more than 12 million spear phishing and social engineering attacks impacted over 17,000 organisations from 2020 to 2021.
The average cost of a cyberattack is substantial, especially for smaller or middle-sized businesses. As noted by Security Info Watch, an estimated average cost of a social engineering attack is $130,000. As a result, very few businesses can fully recover their funds.
Phishing is a type of online fraud that seeks to steal sensitive information, such as financial or login credentials, from unsuspecting victims.
While not exclusively worrying about cyber attacks, they also have to keep in mind how CFOs and accounts payable teams respond to emails and web link attachments that would induce phishing attacks.
Hackers are constantly evolving and looking for ways to circumvent security measures. Lately, they’ve used social media in new ways, like spoofing messages pretending to be an email from a well-known exec or trying to trick or scam them. This usually entails sending email attachments or asking to phone a customer service representative to acquire things like contact numbers.
Social engineering is a major problem nowadays. Cyber criminals find it necessary to use more low-level attacks like targeting employees instead of organisations as often now that the quality of anti-virus and malware software has gotten so good. As a result, the situation has turned dire in the extreme cases where a company’s highest-level executives or CEOs are attacked in the process known as ‘spear phishing’ or ‘whaling’.
It is frightening to see that data breaches can occur both externally and internally because it means that there are multiple avenues for sensitive information to be compromised. Whether it occurred externally from an organised cybercrime group or internally by an insider threat.
Internal breaches can cause greater business disruption compared to an external threat, often because they have privileged access to sensitive information like login credentials, credit card information and more. They may have a deeper understanding of the organisation’s security measures and weaknesses, making it easier for them to bypass safeguards and steal sensitive data.
According to the data breach investigations report, 50% of data breaches have been discovered to be financially motivated, showing evidence of the participation of malicious insiders, whether cooperating with a cyber crime syndicate or planting malware to infiltrate and take advantage of their company.
In 200-21, cyber criminals have accomplished the exposure of an astonishingly large data leak of over 700 million LinkedIn users, exposing their names, addresses, phone numbers, and email addresses, as well as their LinkedIn profiles. The hack followed the same method used in the extremely damaging April penetration of their users’ information that hackers also uploaded to the dark web for sale.
Typically, a data breach in the healthcare sector has a 329-day lifecycle on average, which is longer than in the financial sector (at 233 days). Some organisations are only able to recover 50% following a data breach, but others may not recover at all. Businesses that prioritise their cybersecurity often fare better in the aftermath of a cyber attack than those that don’t.
Cyber criminals continue to use phishing because it is cheap and effective. Ways that CFOs and AP teams can minimise the risk of phishing are by matching up the email name, address, logos, etc. It’s a good idea to follow up with the person you sent an email to or to use another form of communication, before opening an attachment or clicking on a link.
Lots of confidential information is stored in hospitals, especially in the healthcare industry. Moreover, due to tight timelines, hackers have an easier time conning staff to elicit sensitive information.
This is not new, data breaches are quite costly for businesses. The average cost of a data breach can be calculated by taking into account the direct and indirect expenses of the organisation.
The data breaches of 2021 were not as devastating as the previous year, but the biggest breaches this year were $1.5 billion for Comcast, the Largest ever data leak of Brazilian residents to date (660 million), Facebook (533 million), LinkedIn (500 million) and Byeka (400 million).
The figures for the year reflect a rise in attacks on high-profile organisations in different industries such as the country’s largest oil pipelines and firms that hold the data of millions of American consumers. Since organisations of all sizes are unable to protect themselves, it is of the utmost importance for CFOs to prioritise data protection from cybercrime.
Every company and every person has sensitive data that needs protection. Luckily, it’s never too soon or too late to start protecting your business and or personal information from thieves and criminals. Cybersecurity is all about preventing unauthorised access to, use of, disclosure of or damage to an organisation’s assets (in this case, data) by malicious activity.
Every business needs to have cybersecurity as their top priority, particularly the CFO, who is most targeted. In order to stay ahead of cyber attacks, employees should be vigilant in the following:
– Regularly change passwords
– Examine carefully any emails that may contain a malicious link
– Limit access to sensitive data
– Update software regularly
With cyber crime presenting a large risk to their finances, a modern CFO cannot afford to be complacent. Being the Chief Financial Officer requires that a person have an extensive understanding of the risk involved with cyberspace and the consequences it may have on their duties.
Here is a list of cybersecurity tips and best practices to get you started:
– Use complex passwords across different devices and accounts
– Enable 2-factor or multi authentication
– Check for HTTPS on websites
– Back up data
– Avoid suspicious emails links or attachments
– Use VPNs
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.