In order to understand the expectations regarding cyber threats and attacks in the current year, it is useful to check the landscape developed in 2022. In that period, the number of cyber incidents and cybercriminal activities increased significantly. The panorama that has emerged is effectively illustrated by this graphic.
The image shows the main threats that emerged last year according to the ENISA Threat Landscape 2022, summarizing them in eight main groups. Below is the ranking, in order of frequency and severity:
-Ransomware
-Malware
-Social Engineering
- Data threats
-DDoS (Distributed Denial of Service)
-Internet Threats
-Availability threats: Internet threats
-Disinformation
-Attacks on the Supply Chain
The analysis also highlighted the following details:
- the use of phishing as the most common vector for entering organizations’ systems, through increasingly sophisticated techniques and more precisely targeted preys;
- the role of geopolitics (and in particular the war between Russia and Ukraine) behind the increasing number of attacks aimed at destroying critical infrastructure and spreading disinformation;
- a return in the use of malware after a decline observed during the Covid-19 pandemic;
- a year-on-year increase in attacks aimed at compromising data.
Data, the new black gold
According to Eva Velasquez, President and CEO of ITRC (Internet Theft Resource Centre): "More data compromises were detected in the US in 2021 than in any other year since 2003; at the same time, less than 5 per cent of victims resorted to more effective protection measures after receiving news of a breach." The only industry sector in which there was no increase in incidents was the military.
Data compromise attacks are becoming more and more targeted and less massive. According to IBM, the average in 2021 was the highest in terms of costs, at around USD 4.24 million. A key factor is the mass migration to the cloud, driven initially by the spread of remote working and then stabilized through the increasing use of multi-cloud strategies. Also in 2021, the amount of data stolen was around 260 Tb, or 1.8 billion files, documents and emails (source: Tenable).
As noted by Thales, there is a lack of maturity towards cloud data security, which results in the limited use of encryption, in an increasingly complex (real or perceived) multi-cloud approach and in the growth of data produced in the enterprise environment.
Cloud security, the next breakthrough
Cloud-security is therefore the ground on which one of the most important games in the daily war on cybercrime will be played. It is no coincidence that the cloud will collect the largest share of security investments in 2023. The aspects to be considered on this point are not marginal: we will discuss them in future articles.