Key Trends, Threats, and Solutions for a Safer Online Environment
Each October, we celebrate Cybersecurity Awareness Month to emphasize the importance of online safety. 2023 marks its 20th anniversary.
What is Cybersecurity Awareness Month?
Cybersecurity and Infrastructure Security Agency (CISA) created Cybersecurity Awareness Month to educate and promote online safety using Cybersecurity Awareness Month as a driver to start or emphasize ongoing conversations about online security trends and best practices. This month is a crucial initiative, providing a platform to educate, inform, and strengthen our digital defenses, ensuring a safer online environment for all.
What is the Theme for Cybersecurity Awareness Month 2023?
Each year, Cybersecurity Awareness Month adopts a unique theme to guide its efforts. For Cybersecurity Awareness Month 2023, the chosen theme is “Secure Our World: 2023 and Beyond.” National Cybersecurity Awareness Month (NCSAM) is dedicated to emphasizing the critical importance of personal security management. This year, in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), the theme focuses on making our world a more secure place. While specific themes may change from year to year, the core message remains consistent: protect your digital presence, stay informed about cybersecurity threats, and proactively safeguard your online identity and assets.
Top Cybersecurity Trends for 2023
The cybersecurity world is in a constant state of evolution, as are cyberattacks. As cybercrime increases and becomes more sophisticated, it’s critical to analyze the various threats in your environment. The following list is intended to raise awareness about the increasing frequency of cybercrime today, rather than to instill fear. Let’s look at recent security statistics:
- By 2025, the annual worldwide cost of cyberattacks is estimated to be $10.5 trillion. (Cybersecurity Ventures)
- Organizations that employed security AI and automation detected and controlled security breaches 28 days earlier than those that didn’t. (IBM)
- 56% of Americans are unaware of the steps to take in response to a data breach. (Varonis)
- 80% of data breaches result from reused or weak passwords. (FinTech)
On average, 26,000 distributed denial-of-service (DDoS) attacks are executed daily, equating to 18 attacks per minute. (Forbes)
Cybersecurity Awareness Month Focus Points
For its 20th iteration, the month centers on four fundamental practices every individual should incorporate into their daily online activities:
- Power up with Strong Passwords: Use long, random, and unique passwords encompassing a mix of uppercase and lowercase letters, numbers, and symbols. Leveraging a password manager simplifies this process by efficiently generating and storing these strong passwords.
- Multi-Factor Authentication (MFA): Enhance security by going beyond just passwords. Implementing MFA reduces hackability, especially for critical accounts like email and banking. Consider authentication apps or hardware tokens for an extra layer of safety.
- Be a Phishing Whiz: Phishing remains a primary cybersecurity threat. Develop an eye for malicious emails, texts, or calls. Exercise caution before sharing information, clicking links, or downloading attachments from unfamiliar sources. Always verify the authenticity of requests.
- Email Safety Ninja Skills: To spot phishing emails, pay close attention to sneaky misspellings, suspicious sender addresses, and unusual requests or demands. Stay away from emails using alarming language or generic greetings.
- Stay Software Savvy: This might seem rudimentary, but updating software is pivotal. It ensures you’re equipped with the latest security patches, reducing vulnerabilities.
Major Cyberattacks to Review from Last Month
In September 2023, a surge of cyber incidents highlighted the persistent and evolving threats faced by organizations.
Key occurrences in the last month included a severe cyberattack on MGM Resorts, causing significant disruptions to its operations. The Clop ransomware’s MOVEit campaign extended its impact to more than 2,000 organizations, causing continued chaos. Notably, several cryptocurrency companies experienced significant losses from cyberattacks, with one company losing a staggering $200 million in assets.
- On September 10, 2023, MGM Resorts fell victim to a cyberattack attributed to the “Scattered Spider” threat group, which is associated with BlackCat/ALPHV. According to reports, this group infiltrated MGM’s systems by conducting LinkedIn searches for employees and impersonating the IT help desk. MGM Resorts, a prominent player in the hospitality industry, operates numerous hotels and casinos in Las Vegas and prestigious properties throughout the United States, including Mandalay Bay, the Bellagio, the Cosmopolitan, and the Aria. In the aftermath of the attack, MGM Resorts suffered significant consequences, requiring the temporary shutdown of substantial portions of their internal networks. This led to disruptions affecting their extensive network of more than 30 hotels and casinos worldwide.
- The Clop Group’s MOVEit attacks have surged, impacting more than 2,000 organizations. In September, the U.S. National Student Clearinghouse (NSC) reported a data breach that affected 890 schools. NSC collaborates with over 3,500 U.S. colleges and universities, housing data on 17.1 million students. Clop ransomware attackers gained access to NSC’s MOVEit managed file transfer (MFT) server on May 30, compromising files containing extensive personal information. On top of that, BORN Ontario’s MOVEit data breach affected healthcare providers, including the Hospital for Sick Children (SickKids), affecting 3.4 million individuals.
- A Hong Kong-based cryptocurrency company, Mixin Network, disclosed a cyberattack where hackers stole around $200 million in assets by targeting their cloud service provider. The breach, which happened on September 23, led to the temporary suspension of deposit and withdrawal services.
Cybersecurity Awareness Month in October is more than a mere formality. It serves as a call to action for both individuals and organizations to prioritize their online safety. As MSPs, we must take a leading role in this battle against cyber threats. Let’s embrace, educate, and empower for a more secure digital future.