The Cyber Security Report 2023, which analyzed over 25 billion work emails, also reveals significant changes to the nature of cyber-attacks in 2022 – indicating the constant, growing threats to email security and the need for caution in digital workplace communications.
Phishing remains the most common style of email attack, representing 39.6% of detected threats.
In the potential positive incentive category, Axios and the Wall Street Journal are reporting how Credit raters and analysts have started factoring histories of cyberattacks into decisions about whether a company will be able to repay its debts. U.S. efforts to crack down on ransomware and mandate companies report cyber incidents could end up being a “credit positive” next year, according to Moody’s 2023 cyber outlook shared first with Axios.
The landscape continues to be rife with nation-states – Microsoft issued a report last week focued on those attacks, noting cyberattacks targeting critical infrastructure jumped from comprising 20% of all nation-state attacks Microsoft detected to 40%. This spike was due, in large part, to Russia’s goal of damaging Ukrainian infrastructure, and aggressive espionage targeting of Ukraine’s allies, including the United States. Russia also accelerated its attempts to compromise IT firms as a way to disrupt or gain intelligence from those firms’ government agency customers in NATO member countries. 90% of Russian attacks we detected over the past year targeted NATO member states, and 48% of these attacks targeted IT firms based in NATO countries.
Why do we care?
Let’s focus on the incentives – if a business’s credit score becomes linked to its cyber acumen, and a breach lowers the score, this is a set of financial incentives to be concerned about. One can see how the opportunity would be there for the credit bureaus and how insurers and banks would be interested in this set of knowledge. I can easily see how this could become part of how business is done.