Top five cyberthreats to watch out for in 2023

January 5, 2023 | 08:24 am GMT+7

More than 60 per cent of all small and medium businesses globally have experienced cyberattacks over the course of 2022.


More than 60 per cent of all small and medium businesses globally have experienced cyberattacks over the course of 2022.

Due to cyberattacks, businesses may lose confidential information, finances and valuable market share, according to the global cybersecurity and digital privacy company Kaspersky.

There are plenty of ways criminals are trying to reach their goals.

Kaspersky experts have analysed vulnerable points firms might have and outlined some major cyberthreats for entrepreneurs that they must be aware of in 2023, including data leaks caused by employees, DDoS attacks, supply chain, malware and social engineering.

Regarding data leaks caused by employees, experts say there are different ways a company’s data may be leaked – and, in certain cases, it might happen involuntarily.

The level of cybersecurity has improved after the pandemic and the initial adoption of remote work by organisations en masse. Nevertheless, corporate computers used for entertainment purposes remain one of the most important ways to get initial access to a company’s network. Looking for alternative sources to download an episode of a show or a newly released film, users encounter various types of malware, including Trojans, spyware and backdoors, as well as adware.

If such malware ends up on a corporate computer, attackers could even penetrate the corporate network and search for and steal sensitive information, including both business development secrets and employees’ personal data.

Distributed network attacks are often referred to as Distributed Denial of Service (DDoS) attacks. The DDoS attack will send multiple requests to the attacked web resource – with the aim of exceeding the website’s capacity to handle multiple requests and prevent the website from functioning correctly.

Attackers resort to different sources to perform acts on organisations such as banks, media assets, or retailers - all frequently affected by DDoS attacks.

Being attacked through a supply chain typically means that a service or programme that businesses have used for some time has become malicious. These are attacks delivered through the company’s vendors or suppliers – examples can include financial institutions, logistics partners, or even a food delivery service. And such actions may vary in complexity or destructiveness.

For example, attackers used ExPetr (aka NotPetya) to compromise the automatic update system of accounting software called M.E.Doc, forcing it to deliver the ransomware to all customers. As a result, ExPetr caused millions of dollars in losses, infecting both large companies and small businesses.

With regards to malware, experts say more than 25 per cent of firms opt for pirated, or unlicensed software to cut costs. Such software may include some malicious or unwanted files that may exploit corporate computers and networks.

Additionally, business owners must be aware of access brokers as such layers of groups will cause firms harm in a variety of ways in 2023. Their illegal-access customers include cryptojacking clients, banking password stealers, ransomware, cookie stealers, and other problematic malware.

Social engineering

Since the onset of the COVID-19 pandemic, many companies have moved much of their workflows online and learned to use new collaboration tools.

Kaspersky experts have uncovered many new ways how phishing scammers are trying to fool business owners, which sometimes turn out to be quite elaborate. Some are mimicking loan or delivery services by sharing false websites or sending emails with fake accounting documents.

Some attackers masquerade as legitimate online platforms to get profit out of their victims, even using quite popular money transfer services, such as Wise Transfer.

The company says cybercriminals will try to reach out to their victims using every way possible – through unlicensed software, phishing websites or emails, breaches in the business’s security network or even via massive DDoS attacks.

However, a recent survey by Kaspersky showed that 41 per cent of firms had a crisis prevention plan and thus, did care about cybersecurity and understand how challenging IT security incident remediation could be. This is a good tendency that hopefully will result in reliable protective measures implemented within these organisations.

To protect businesses from cyberattacks, Kaspersky recommends to implement a strong password policy, requiring a standard user account’s password to have at least eight letters, one number, uppercase and lowercase letters and a special character, don’t ignore updates from software and device vendors, and maintain a high level of security awareness among employees.

Small and medium-sized businesses are great contributors to the global economy. According to the World Trade Organisation, they represent more than 90 per cent of all businesses worldwide and account for 97-98 per cent of businesses in Việt Nam.