by Duwayne Lake, Operations Director of Veco™
New research* reveals that Cyber attacks on UK organisations surged 77% in 2022, with the UK education sector seeing a 237% rise in attacks, compared to 2021.* (Source: Check Point – a leader in cyber security solutions, January 2023).
UK organisations experienced an average of 788 weekly cyber attacks across 2022, marking a 77% increase from 2021. The UK also saw the highest number of cyber crime victims per million internet users at 4,783 in 2022, up 40% over 2020 figures. The country with the next highest number of victims per million internet users in 2022 was the USA, with 1,494, a 13% decrease over 2020.
Cyber attacks are increasing worldwide, with 38% more attacks per week on corporate networking in 2022 compared to 2021. The global volume also reached an all-time high in the fourth quarter of the year, with an average of 1,168 weekly attacks per organisation.
Check Point has said that this escalation is being driven predominately by smaller, more agile threat actors and sophisticated ransomware gangs, many of which targeted healthcare organisations, academic institutions, and the private sector.
This research highlights the growing severity of cyber threats in 2022. Just in December alone, eight UK cyber attacks and data breaches were reported. The most significant incident occurred at LastPass, the private equity owned password manager. Having suffered an initial breach in August 2022, LastPass announced that customer data had been breached in a related incident in early December.
Industry sources are advising that individuals change all passwords currently stored in LastPass. The harsh reality is that password vaults are now in the hands of potential attackers, who will currently be trying to crack master passwords. If your master password is easily guessable, which memorable human generated passwords can be, then there is a risk that your vault could be breached.
Hackers are also widening their aim to target business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits. These make for a rich source of sensitive data given that most organisations’ employees continue to work remotely.
Agents need to be extra vigilant and ensure they have educated their staff on the risks and have implemented the measures that will boost their protection.
Below are some ways in which agents can increase their protection from cyber crime:
Cyber criminals are increasingly turning to text messaging for scam and phishing attempts to gain access to your bank and other accounts, so staff should be wary and vigilant when receiving and actioning text messages
Educate staff to be aware of and alert to ‘phishing’ emails. They often come from a known contact where their email account has been breached and accessed by hackers and scammers, who will send an online link to a document asking you to enter your email address and password to ‘login’, but is in reality just sending these details onto the hackers.
Passwords & Updates
Always use strong passwords for everything, including PC access & email accounts and always use two factor authentication (2FA/MFA) where possible. Any mobiles that contain work related data should have passcodes/pattern locks or biometric locks enabled. Keep all software and operating systems, firmware and firewalls up to date.
If giving suppliers access to your servers, ensure the connections are secure. As a minimum, don’t leave any access wide open to the public internet and use methods such as restricting access by IP address, but preferably using more secure connection methods such as VPN’s. The same applies for remote workers.
Public Email Addresses
Try and avoid making company email addresses publicly available, particularly individual and senior staff email addresses. Hackers will find these on your website, or other publicly available site and then spoof the email addresses.
If you have any concerns about your IT security and would like a no obligation consultancy session with one of our cyber security experts, please email firstname.lastname@example.org or call 01372 389 250.