Organisations must get smarter about educating employees to spot fraudulent tactics
Greater incident complexity, a shift in the way threat actors use stolen data, and a rise in US class actions will drive the cyber threat landscape in 2023, according to Beazley.
Noting 13% year-over-year growth in fraudulent instruction as a cause of loss, its latest Cyber Services Snapshot report predicts organisations must get smarter about educating employees to spot fraudulent tactics.
The report presents global data on incidents handled by Beazley Cyber Services including cause of loss by industry, ransomware vectors, business email compromise, and data exfiltration.
These data points provide a real-time view into incidents reported to Beazley, revealing an ongoing picture of emerging cyber risk.
Fraud incidence rises as criminals become more targeted
As a category, fraudulent instruction experienced big growth as a cause of loss in 2022, up 13% year-over-year. This trend continues to be quite high, especially when it comes to small organisations.
To combat this vulnerability, the report suggests, organisations must get smarter about educating employees to spot fraudulent instruction tactics like spoofed emails or domain names.
Organisations are cautioned to watch for social engineering and spear phishing, bypassing of Multi-Factor Authentication, targeting of Managed Service Providers, and compromising of cloud environments as areas of vulnerability.
“At first glance, things hardly seem particularly new as we enter 2023: threat actors are still using the same kinds of ransomware vectors to attack, and we’re still talking about the same need for education and controls,” said Russ Cohen, Beazley’s head of US Cyber Services.
“But look beneath the surface, and it quickly becomes evident that targeted organisations are facing greater incident complexity than ever before.
”As threat actors bring new sophistication to their techniques and adapt to improved cybersecurity efforts, more and more companies will realize they can no longer count on the default configuration of off-the-shelf IT solutions and tools.”