According to estimates from Statista’s Cybersecurity Outlook, the global cost of cybercrime is expected to surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027.
Also, according to the 2022 Javelin Strategy Annual Identity Fraud Study, Identity Theft Losses Totaled $52 billion, affecting 42 Million U.S. Adults in 2021.
As businesses incorporate information security into their business plans and consumers look for ways to prevent identity theft, businesses need to protect themselves, their employees, customers, revenues, and profits.
Cybercriminals have always been motivated by the prospect of stealing both money and information. 2023 will undoubtedly see an increase in financially motivated cyber-attacks on personnel and businesses. Here are the most common cybercrimes both people and companies will likely face in 2023.
On This Page:
Top 5 Cybercrimes for 2023
Malware
Malware is malicious software that allows the cybercriminal to access your computer. Your computer can become infected by visiting a malicious website, clicking on nefarious email links that cause the download of malware, or even by plugging another device into your computer that has already been infected. Ultimately, the goal of malware is to facilitate the theft of personally identifiable information (PII) and your finances.
Ransomware
Like malware, ransomware takes control of your computer, preventing you from accessing the system or stealing the information that is then threatened to be publicly released to cause embarrassment and damage to your brand reputation. The cybercriminal then demands payment in exchange for the return of your system or information. However, paying the ransomware demand does not guarantee your computer system or information will be restored.
Mobile Device Compromise
Mobile devices are being more commonly targeted as we continue to move our daily cyber use from desktop platforms to more portable devices. Cybercriminals target our devices through malware attacks from traditional phishing emails and malicious websites. Additionally, as mobile device use increases, so does our need to power these devices. “Juice Jacking” involves malware being transmitted to your phone or tablet when you plug into a public charging station like those regularly found at airports and hotels.
Spear Fishing
Cybercriminals can target specific individuals by using information that can be found online and through social media sites, tricking them into thinking they are engaging in legitimate business email communication. Although difficult to identify spear phishing emails, the same security practice of not clicking on unknown or unfamiliar links can prevent the download of malware, circumventing the intended victimization.
Business Email Compromise
A more sophisticated type of compromise, although becoming highly common due to the profitability of the crime. A business email compromise is when a hacker can access your email and reviews your email traffic for financial matters. Upon seeing incoming or outgoing invoice information, the hacker will intercept the message and send the intended recipient a separate email that appears as if it is from the original sender with different payment or wiring instructions. Hence the recipient will mistakenly send the payment elsewhere, and the money is usually long gone and transferred overseas before the crime is discovered. A common cybercrime targeted against businesses, the business email compromise is also frequently facilitated against home purchases who falsely believe they are complying with home purchase payment wiring instructions.
Based on the above, every 2023 business plan should understand its risk profile and incorporate information governance policies to protect against risk.
One example of your business risk profile is understanding the type of information your business collects, uses, transfers, and stores. Another example is knowing that your governance, employee education, compliance, and security posture are up-to-date, accurate, and complete.
However, knowing the types of cybercrime listed above is not enough. As cyber thieves and identity theft criminals evolve their tactics and strategies, your business will need to be aware of current and future trends, including the following:
Top 5 Cyber Trends of 2023
Remote Work
While remote work is not a new trend, cyber thieves and identity theft criminals are constantly evolving and getting more creative in targeting remote working employees. As employees work remotely, businesses have more difficulty guaranteeing confidentiality and security relating to malware, ransomware, mobile compromise, spear phishing, and business email compromise. Hence, every business – regardless of employee size – should require secure internet connections, utilize a VPN (Virtual Private Network), and mandate the use of strong passwords.
Human Error
According to the 2022 IBM Cost of a Data Breach Report, 23% of all data breaches result from human error. Increased education and awareness will help consumers and employees be better prepared against the everyday challenges of phishing (fraudulent emails), vishing (fraudulent phone calls and voicemail messages), and smishing (fraudulent text messages) tactics of hackers and identity theft criminals. Implementing regularly scheduled (e.g., quarterly) information security training, including phishing tests, will significantly enhance information security.
Malicious Insider
Malicious insider attacks happen every day and can occur when an employee with privileged access to sensitive (employee or customer) information decides to exploit their privileged access for personal or financial gain. Businesses can mitigate the efforts of a disgruntled or deceitful employee with vigilance, including pre-employment screening and technology monitoring programs to help identify bad actors.
Mobile Phones
According to the year, 60% of cyber fraud occurs via a mobile phone, such as phishing, smishing, and stolen passwords. Understanding that employees and consumers store everything from their work email, personal email, banking information, and contact information on their phones, the mobile phone has become a massive target for cyber thieves and identity theft criminals. Businesses should provide VPN to every employee for their mobile devices.
Internet of Things (IoT)
Hackers are looking to exploit your business office’s weak security and 24-hour connectivity, such as security cameras, connected thermostats, printers, and lighting. Hackers are also looking to exploit remote working employees through their connected thermostats, washers, dryers, refrigerators, and ring doorbells. Whether you are working at the office or at home, these hackers want to recruit your IoT-related devices into botnets that can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. Every connected device increases your attack surface, so make sure you update firmware and use a separate router just for IoT.
One last line of defense for your business is cyber liability insurance. Cyber insurance increases your cybersecurity by encouraging the adoption of best practices. Cyber insurance companies will require a higher level of security as a condition of coverage, and companies adopting better security practices often receive lower insurance rates.
In addition, having cyber insurance along with a higher level of information security can be a competitive advantage because it allows you to be better than your business competitors.
Make 2023 the year of information security and governance for your business. By being proactive – for your business, employees, and customers – your 2023 business plan with a focus on security will help your business mitigates its exposure to future data breach and identity theft events.
About the Authors:
John Iannarelli was an FBI Special Agent for more than 20 years. During that time, he served as the FBI’s National Spokesperson, was a member of the FBI Cyber Division Executive staff, was on the FBI SWAT team, and was an Assistant Special Agent in Charge overseeing all Criminal, Cyber, and Counterintelligence Investigations. He is a frequent on-air law enforcement contributor for the national news media, John is an NSA Certified Speaking Professional (CSP®) who presents on safety and security topics in both the cyber and physical worlds.
Mark Pribish is the Practice Leader, Identity Theft and Data Breach Solutions at Scottsdale, Arizona-based Vero, A CU Direct Company. He has authored hundreds of articles and is frequently interviewed by local and national media as an identity theft and data breach risk management expert. He is a member of the Identity Theft Resource Center Board of Directors and is a graduate of the University of Dayton.
