New Year is a time for looking forward, but discouraging signs from cybercriminals in 2023 could spell bad news for cybersecurity professionals. Economic forecasters almost unanimously expect a tough year ahead as inflation pressures continue, Russia’s war in Ukraine grinds on, and the spectre of recession rises again.
What does this have to do with security? When economies take a turn for the worse, cybercrime tends to surge. Some experts believe the recession will trigger an increase in cybercrime. We only need to think back to the early days of COVID-19 and how criminals exploited the widespread uncertainty to spread scams, ransomware infections and other threats.
A forecast from security software company Norton expects the worsening economic situation will drive cybercrime activity during 2023. “Economic challenges cause many to change their daily behaviour. Some will seek financial assistance from the government. Others will try to land side hustles to pad their bank accounts, while still others will be desperate enough to hope that surprise lottery ‘winnings’ are real,” the company said.
Layoffs are already happening in parts of the tech industry. In the face of job losses, heavy salary cuts and hard times, the newly unemployed could be tempted by the chance to make some easy money. Research from the World Economic Forum found “young people who leave school during recessions are significantly more likely to become involved in crime”.
Back in October, we blogged about how phishing scams are becoming more common. As we wrote at the time: “Banks and insurance companies are telling customers to be wary of scam messages. The Health Service Executive is warning of fake contact tracing calls. The Gardaí and the Irish National Cyber Crime Centre recently alerted small and medium businesses of an increased threat of ransomware attacks.”
Warnings are coming from all sides, with AIB Bank, Allianz, An Post, Revolut, and others raising awareness about online fraud. For all these different groups to warn the public independently of one another suggests something is up. It’s been a similar story in other countries, too. Last November, UK police contacted more than 70,000 people, warning them they had fallen victim to online scams.
So what can you do to prepare for a barrage of emails, texts, phishing attempts and scams?
1 Check security preparedness
Start by checking you’re ready. A recent survey found that only 22 per cent of Irish businesses are “extremely confident” of the steps they’ve taken to prevent a fraud event. That’s barely more than one in five, out of 210 firms surveyed for the LHK Group, an insurance and financial planning broker.
So to put it another way, nearly four out of five businesses don’t have adequate measures in place to guard against scams or worse. Identify gaps in your defences. That could be old technology that hasn’t been upgraded. If so, draw up a priority list of the most critical systems and deal with them in order of importance. If you’ve identified a weak point as staffers who aren’t aware of cybersecurity risks, see our next tip below.
2 Update your security training
Many scam and fraud-related threats tend to be social in nature; that is, they start by trying to trick a human through a message. So, reviewing your security awareness training will refresh your team’s mind about risks and help them to be more vigilant. If you’re using sample text or screen shots of scam texts, update them to look like and read like the kinds of messages people are seeing now.
Many fake messages include shortened web addresses for victims to click on. In your training, tell your team about independent websites like checkshorturl.com so they can verify message contents for themselves. Virustotal.com is another useful site for checking if web addresses are legitimate.
Remind people that we tend to put email and text messages into the ‘urgent and important’ category. Cybercriminals and scammers know this, and they craft the contents to amp up the pressure we feel to reply. Sometimes, the best thing you can do is pause and wait – especially if you think there’s a risk involved.
3 Double-check the message
Check any suspicious message on a second device. Many of us now get email directly to our smartphones, but phones don’t have a feature to let you hover over an email sender’s name to check it’s genuine. So instead of replying or acting right away, pause and wait until you can verify the message on a laptop or desktop PC. This advice comes from BH Consulting’s short video with shareable security tips to prevent scams or having your logins stolen. We also produced a longer white paper that looks at how to strengthen email security.
4 Ask and you shall be reprieved
The same principle goes for any message that appears to come from a trusted source – whether that’s a manager or a supplier – but asks you to do something unusual like transfer a large amount of money to a new bank account. Contact the organisation to check the request really came from them – but don’t just reply to the original message. Phone them using a number you trust. Or, if a message seems to be from a colleague, drop by their desk and ask if they sent it.
If you’re in the mood for a new year’s resolution, here’s one suggestion. One of the best things you can do – especially if you’re in a leadership role – is create an environment where everyone in the organisation feels it’s safe to raise red flags. Security becomes a lot harder if people feel they’ll be blamed if they accidentally click on a link or report a potential scam. To win at cybersecurity, make it a team game.