Ransomware attacks have decreased by 41% in the first half of 2023, according to SonicWall data, but other types of threats such as extortion and cryptojacking are on the rise. The report suggests that attackers are pivoting their tactics and diversifying the type of attacks they use. Cryptojacking attacks nearly tripled during the first half of the year, and IoT malware climbed 37%. Additionally, some threat actors have shifted from traditional ransomware to pure extortion attacks.
Google’s Threat Analysis Group reported that in 2022, more than 40% of zero-day vulnerabilities were variants of previously reported vulnerabilities, and patches for Android vulnerabilities were not available for lengthy periods of time. Hackers have also increasingly used 0-click exploits, and there was a 42% dip in zero-days affecting browsers in 2022.
The Financial Times highlights the increasing role of lawyers on a frontline role in responding to cyberthreats. General counsels are particularly concerned about cyber security risk, which can result in liability, adverse PR, regulatory scrutiny, and falling share prices. Cyber security work is akin to crisis management, with in-house lawyers coordinating forensic investigators, PR professionals, and external lawyers to tackle a hack. The advent of GDPR legislation in Europe has led to far greater exposure of cyber incidents, and companies may soon be forced to make even more detailed disclosures.
Mutare’s 2023 Voice Network Threat Survey found that 24% of respondents no longer answer their business phones due to the increase in unwanted calls, and 100% reported negative effects from voice threats such as robocalls and phishing. The report also highlights the need for businesses to take steps to safeguard themselves against outside threats and measure the percentage of unwanted voice traffic they receive.
Why do we care?
First, buried in the security data is a key sales metric. 1 in 4 don’t answer the phone. I spoke with a sales professional last week bemoaning this fact… working at an IT company where a customer couldn’t book a meeting on the website. The dreaded “contact us” form instead. If you’re leaning on the phone, you’re at risk of being a relic.
Also of note, one of the potential sales targets to consider now is the general counsel. Consider their importance in the process, particularly with last week’s SEC ruling. Selling to the general counsel is a very viable option, and far more linked to business outcomes than selling to IT.
