Rising Threats from Spear Phishing and BEC Scams Necessitate Stronger Protections
A recent report released in April by the UK Cyber Security Breaches Survey 2024 has revealed alarming figures, showing a surge in cyber-attacks on businesses, a scenario that is merely the "tip of the iceberg," according to industry experts.
Government data indicates that 50% of companies have experienced a breach or attack in the past year. However, Roy Shelton, CEO of Connectus Group, suggests that the actual figures could be significantly higher.
"Attacks are rising and getting more and more sophisticated. Those reported are just the tip of the iceberg. A lot more happen under the radar and are never reported. All businesses need to be vigilant to the growing risk," Shelton commented.
The 2024 survey further highlights that 74% of large businesses, 70% of medium-sized businesses, and 66% of charities with an annual income of over £500,000 have been targeted.
The most common forms of attacks were phishing, affecting 84% of businesses and 83% of charities, followed by impersonation in emails or online, and then viruses or other malware.
In total, it is estimated that UK businesses faced approximately 7.78 million cyber crimes of all types and around 116,000 non-phishing cybercrimes in the last 12 months. For UK charities, the numbers are around 924,000 cybercrimes.
"These figures are based on only reported breaches: I would suspect many are never reported due to fear of brand and reputational damage," Shelton added.
The persistence of phishing, malware, and impersonation attacks underscores the necessity for robust cybersecurity measures. Effective strategies include training staff and deploying low-cost, high-value countermeasures.
Despite the risks, only 51% of businesses and 40% of charities have implemented multiple approaches to minimise the risks of cyber attacks.
Among the tactics employed are security monitoring tools, risk assessments, mock phishing attacks, vulnerability audits, penetration testing, and investment in threat intelligence.
Rising Cybercrime Costs Spur Innovation and Vigilance in Australian Cyber Security Landscape
In Australia, the scenario is similarly grave. The release of the annual Cyber Threat Report 2022-23 highlighted a 14% increase in the average cost of cybercrime per incident from the previous year, with mid-size businesses being particularly hard hit, facing costs of $97,200 on average.
The growing cyber threat has prompted many local experts in the UK Connectus Group and in Australia such as Zirilio, to develop new tools which help provide businesses with advanced 24/7 protection from cyber attacks.
In Australia, the use of advanced social engineering and sophisticated techniques has dramatically affected high-value targets. High-profile incidents, such as the attacks on Latitude Financial, underscore the increasing threat landscape.
Tim Dole, CEO of cybersecurity firm Zirilio, stresses the importance of vigilance and proactive education. He highlights that security awareness training is essential for preventing phishing attacks and protecting sensitive information.
"The increasing complexity of phishing techniques has led to the emergence of spear phishing, where attackers tailor their strategies to target high-profile individuals or organisations.” Mr Dole commented.
As we move deeper into 2024, he stresses the importance of internal organisational education. Companies must educate their employees about various phishing tactics, especially spear phishing, to better prepare them to recognize and counteract these threats in real life.
Reiterating the cunning nature of these attacks, Dole adds,
“Attackers meticulously research and discreetly position themselves to strike, ensuring their intrusions mimic communications from trusted sources. This strategic deception is crafted to inflict maximum financial damage on the victim.”
This highlights the need for a proactive approach to cybersecurity, where knowledge and vigilance play key roles in protecting against sophisticated cyber threats.
Australia Faces Rising Cyber Threats Amid Geopolitical Tensions
The Australian Government continues to highlight the urgent challenges posed by the geopolitical landscape, emphasising the escalating cyber threats facing the nation's critical infrastructure.
Cyber operations are becoming a favoured method for state actors to conduct espionage and foreign interference.
"The Annual Cyber Threat Report illustrates how governments, businesses, and critical infrastructure networks are being targeted by both state and non-state actors, aiming to destabilise and disrupt," noted the Minister for Defence, the Hon Richard Marles MP.
In a recent statement, Minister Marles pointed out the increasing frequency of these incidents: the Australian Signals Directorate (ASD) responded to over 1,100 cybersecurity incidents affecting Australian entities last year.
Additionally, nearly 94,000 reports of cyber incidents were filed with law enforcement via ReportCyber, indicating a cyber incident is reported approximately every six minutes.
This data underscores the continuous and growing pressure on national security mechanisms to counteract these threats effectively.
Escalating Business Email Compromise Scams Expose Urgent Need for Enhanced Cybersecurity in the US
In the United States, the threat of Business Email Compromise (BEC) is particularly pronounced. Recent surveys have pointed out the ease and effectiveness of BEC scams, which involve tricking organisation members into transferring funds or sensitive data.
According to the FBI’s most recent Internet Crime Report, BEC scams resulted in losses of $2.7 billion USD in 2022 — significantly outstripping losses caused by ransomware.
A notable case in January 2024 involved a Nigerian national accused of defrauding two charitable organisations out of $7.5 million through a BEC attack.
The growing global threat landscape calls for an integrated approach to cybersecurity, emphasising both technological solutions and human factors training.
As cybercriminals adapt their tactics, the need for proactive and comprehensive cybersecurity measures becomes more critical than ever to safeguard data and protect against financial losses.
