Scam alert: Top trends to watch in the cyber security space

With massive data breaches hitting the headlines in 2022, cyber security is one of the hottest topics in tech as we move into the new year. 

Given that Australia was recently ranked the worst in the world when it comes to data breaches (ouch) – not to mention the fact that Australian companies could face fines of up to $50 million for a data breach – businesses large and small have their sights set on shoring up their cyber defences. 

Question is, how do you become more cyber resilient? What do you need to do to protect your business and your customers from an attack? Let’s take a look at some of the trends in cyber security, so you can start planning your cyber strategy for the year ahead. 

First, why bother?

Cyber criminals are getting craftier. And the costs – both financial and reputational – are getting higher for those companies that fall victim to attacks. 

Indeed, the Australian Cyber Security Centre (ACSC), in its 2021-2022 Annual Cyber Threat Report, painted a pretty grim picture of the current threat landscape: “In Australia, we saw an increase in the number and sophistication of cyber threats, making crimes like extortion, espionage, and fraud easier to replicate at a greater scale. The ACSC received over 76,000 cybercrime reports, an increase of nearly 13 per cent from the previous financial year. This equates to one report every 7 minutes, compared to every 8 minutes last financial year.”

With the attacks increasing in severity and frequency – hitting everyone from Optus and Medibank, to Uber and WhatsApp – it’s clear that no company is completely immune to cyber attack. But while you can’t reduce your cyber risk to zero, you can certainly and significantly reduce it. And it all starts by being aware of what you’re up against. 

Here are some cyber trends to watch

While we can’t predict the future (after all, if we could, then we’d always remain one step ahead of the cyber criminals, right?), we can learn from recent attacks and use the insights to help shore up our cyber defences. Drawing on our own experiences at DocuSign as well as broader industry insights, here are some of the big trends to keep a close eye on:

• Phishing and spear phishing. These remain one of the most common ways for nefarious cyber criminals to attack companies and individuals, with a massive 61% increase in phishing attacks from 2021 to 2022.
• Ransomware attacks. As the recent Medibank attack showed, criminals show no remorse in their quest to extort companies in exchange for personal data. Securing devices and servers with things like regular updates, backups, patches and two-factor authentication are key to stopping these attacks. 
• ‘Watering hole’ attacks. These security exploits – whereby the attacker targets websites commonly visited by your employees, and inserts malware with the intention of eventually infecting your own systems – are also becoming increasingly common. 
• ‘Wiper’ malware. With Russian mayors’ offices and courts recent victims, it’s likely that other organisations around the globe will also fall prey to ‘wipers’, which permanently destroy the data on infected systems. Strategies like regular penetration testing, endpoint detection and response, and threat data monitoring are key to protecting yourself here. You can also brush up on the top malware strains here. 
• The human element. According to Verizon, humans are the unwitting cause of 82% of breaches. That is, human error and mistakes like accidentally opening or responding to scam emails. With end users “the biggest gap in security”, a key focus will be on education and security awareness. 

The above list can feel a little grim. But there is good news. There are things that every organisation can do to defend against this seemingly endless barrage of attacks. 

If you’re a small business, a great place to start is by familiarising yourself with the ACSC Small Business Cyber Security Guide, which steps out key strategies to protect yourself against the most common cyber incidents. Larger businesses should pay heed to the Essential Eight, which is a baseline list of risk mitigation strategies recommended by the ACSC. 

With cyber criminals’ tools and tactics evolving all the time, it’s a good idea to check back in with organisations like the ACSC on a regular basis to see what’s new. If any of their recommendations for cyber security have changed, act on the recommendations as promptly as you can. 

It’s also a good idea to familiarise yourself with your software vendors’ security strategies to ensure you’re following best practice with the solutions you use in your business. To get you started, here’s what we do at DocuSign to keep our customers’ data safe.