Blog

2023 draws to a close with a booming cybercrime industry and a pressing need to change tack

As cybercrime evolves into a booming industry, organisations face growing threats with increasingly accessible tools for attackers. High-profile targets like public services and infrastructure are under constant assault, while cloud environments add complexity to security challenges. Preventative measures like staff training and zero trust frameworks are crucial, but damage mitigation is equally vital. Network segmentation, least-privileged access, and strong recovery plans can limit disruption and enhance resilience. By prioritising preparedness, organisations can better withstand the impact of cyber-attacks heading into 2024.

When the British Library suffered a major cyber incident at the tail end of October, only for the information reputedly stolen to appear for sale on the dark web, there was the usual wide media coverage of the incident, and a wide array of reactions from reporters and experts. Surprise, however, was not apparent among them. The targeting and extortion of public institutions is, after all, nothing new to anyone that keeps an eye on the news. With global tensions remaining critical, high-profile targets such as public infrastructure, landmarks, and services are under near-constant attack from bad actors – and these frequent news stories indicate just how often such attacks are successful.

While the frequency of attacks may not be new, what does continue to change is the increasingly codified space that cybercrime occupies. Also in October, the International Committee of the Red Cross put forward ‘8 rules for “civilian hackers” during war’, in an attempt to draw boundaries within what has until now been an undefined grey area – a recognition that such attacks are an unavoidable part of modern conflict that have been left largely unregulated. At the same time, groups focused on orchestrating less politically-motivated attacks are acting more and more like the very businesses they target, with Ransomware as a Service, Phishing as a Service, and pre-built cyber tools made available to any third party that might want to use them.

To make matters worse, it’s highly likely that at least a portion of an organisation’s data isn’t technically held by that organisation at all any more. Cloud and hybrid environments are now the norm across public and private sectors, and just this year we saw a substantial breach on the part of one of the biggest cloud service providers – Microsoft – that led to a hacker group gaining access to email accounts from more than 25 different high-profile organisations.

So, one would be forgiven for going into 2024 feeling dispirited about the state of cybersecurity – but the outlook isn’t entirely hopeless. While we may be looking at an era of increasingly prevalent, increasingly successful cyber-attacks, there are still steps to be taken to ensure your organisation is in the best possible position to deter, manage, and recover from such an attack. As ever, staff training and strong fundamentals will help to ensure that your organisation isn’t among the most vulnerable that can be compromised by the lowest-effort phishing approaches, but no organisation in this day and age should be operating with complete confidence that they are impervious to attack.

Instead, organisations need to be thinking just as much about mitigating damage done by successful attack as they are about preventing the attack in the first place. There’s a good reason that network segmentation and zero trust are far and away some of the most popular topics in cybersecurity at the moment; by focusing on ideas like least-privileged access, organisations can effectively limit the information and lateral movement available to a bad actor that has breached their initial defences.

At the same time, developing strong business continuity and recovery plans are vital for an organisation to continue to function and deliver services during any disruptive event, but doubly so for a cyber-attack where the aim of the event is likely that same disruption. Having staff and leadership with a clear understanding of their roles and responsibilities in such an event can have a staggering impact on both the initial attack disruption and the recovery period after the fact.

By working together with experts and focusing on areas that will make a real difference, there’s every hope that, while 2024 may not see an overall reduction in cybercrime, we may be able to reduce the effects felt by the attacks, both by the public and by the organisations themselves. To talk to us further about your own organisation’s preparedness, network segmentation, business continuity, or anything else, you can get in touch at [email protected].

About the author