{"id":46971,"date":"2023-01-24T07:22:21","date_gmt":"2023-01-24T12:22:21","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=46971"},"modified":"2023-01-24T07:22:21","modified_gmt":"2023-01-24T12:22:21","slug":"cybersecurity-year-threats","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/cybersecurity-year-threats\/46971\/","title":{"rendered":"What a year of changing cyberthreats can tell business"},"content":{"rendered":"<p>For business leaders, knowing what\u2019s changing in cybersecurity helps you recruit the right people with the right skills today for what you\u2019ll soon need.<\/p>\n<p><a href=\"https:\/\/securelist.com\/ksb-2022-statistics\/108129\/\" target=\"_blank\" rel=\"noopener\">Kaspersky\u2019s 2022 Security Bulletin<\/a> (free download) analyzes which attacks their global cloud service Kaspersky Security Network (KSN) has detected, blocked and disabled over the past year. There are some numbers your business will want to know about.<\/p>\n<h2>15 percent of users had a malware attack<\/h2>\n<p>Kaspersky Security Network blocked malware-class attacks on some 15 percent of users in 2022, or around 1 in 7. This shows just how common malware is.<\/p>\n<p>The <a href=\"https:\/\/www.kaspersky.com\/resource-center\/threats\/malware-classifications\" target=\"_blank\" rel=\"noopener nofollow\">malware class of attacks<\/a> covers familiar cybercrime tools like viruses, trojans and ransomware. The countries where Kaspersky\u2019s software blocked the most malware attacks in 2022 were Tunisia, Taiwan and Algeria.<\/p>\n\t\t\t\t\t<div class=\"c-promo-post\">\n\t\t\t\t\t\t<div class=\"o-row\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"o-col-12@sm\">\n\t\t\t\t\t\t\t<article class=\"c-card c-card--link c-card--hor@xs c-card--small@xs\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__figure c-card__figure--small@xs c-card__figure--medium@sm\">\n\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/ciso-executive-retention-cybersecurity\/45475\/\" class=\"c-card__figure-link\">\n\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2022\/09\/03113841\/328_ciso_turnover-500x500.jpg\" class=\"attachment-card-default size-card-default wp-post-image\" alt=\"ciso turnover\" data-src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2022\/09\/03113841\/328_ciso_turnover-500x500.jpg\" data-srcset=\"\" srcset=\"\">\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__body  \">\n\t\t\t\t\t\t\t\t\t<header class=\"c-card__header\">\n\t\t\t\t\t\t\t\t\t\t<p class=\"c-card__headline\">Related article<\/p>\n\t\t\t\t\t\t\t\t\t\t<h3 class=\"c-card__title \">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/ciso-executive-retention-cybersecurity\/45475\/\" class=\"c-card__link\" target=\"_blank\" rel=\"noopener nofollow\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span>Keeping your CISO engaged will benefit your business. Here\u2019s how.<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<svg class=\"o-icon o-svg-icon o-svg-right\"><use xmlns:xlink=\"http:\/\/www.w3.org\/1999\/xlink\" xlink:href=\"https:\/\/www.kaspersky.com\/blog\/wp-content\/plugins\/kaspersky-emagazine\/assets\/sprite\/icons.svg#icon-arrow-long\"><\/use><\/svg>\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t<\/h3>\n\t\t\t\t\t\t\t\t\t<\/header>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__desc \">\n\t\t\t\t\t\t\t\t\t\t\t<p>With poor retention rates, businesses must act to make sure they don\u2019t lose their Chief Information Security Officer (CISO.) And CISOs can play a part too.<\/p>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<footer class=\"c-card__footer\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__list\">\n\t\t\t\t\t\t\t\t\t\t\t<ul class=\"c-list-labels js-has-reading-time\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"c-list-labels__link\" href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/category\/leadership\/\" target=\"_blank\" rel=\"noopener nofollow\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span>Leadership<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><span class=\"js-reading-time\"><\/span> min read<\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"u-hidden js-reading-content\">\n\t\t\t\t\t\t\t\t\t\t\t\t\tBetween stress, overwork and constant new threats, Chief Information Security Officers (CISOs) face countless challenges. And the security of nations, businesses and society relies on their doing everything they can to rise to the challenges.\r\n\r\nGrowing complex threats and the rapid shift to remote work complicate an already expansive role. Today's CISO needs technical skill and the ability to respond fast to reputation-damaging breaches like ransomware attacks.\r\nHigh stress, low retention\r\nMany CISOs haven't been in their role long. Research by Cybersecurity Ventures in 2020 found nearly one in four (24 percent) of CISOs in US Fortune 500 companies had been in their job just a year. A further 16 percent had been in post for only two years.\r\n\r\nThere's no single reason CISOs move around more than other C-suite executives, but higher stress probably plays a part. UK domain registry Nominet's 2020 CISO Stress Report found 88 percent \u2013 around nine in 10 \u2013 CISOs said they were \"moderately\" or \"tremendously\" stressed. The same report found average CISO time in post was just two years and two months.\r\n\r\n\r\n\r\nSeasoned CISO Matt White, once fashion brand Chanel's Global Head of Information Security Strategy and co-founder of software-as-a-service platform XaaS, thinks CISOs' biggest challenge is lack of understanding from companies and boards.\r\n\r\n\r\n\r\nCISOs have an uphill battle \u2013 under-resourced with budget and staff while battling red tape and bureaucracy.\r\nRelationships make a fulfilling role\r\nWhat can CISOs do to find a role where they feel fulfilled? White suggests considering what a potential employer wants from a CISO. Do they want change or someone to continue the status quo? Although it may be hard to assess before joining, a CISO should investigate how well the organization has established and resourced its cybersecurity.\r\n\r\nWhite adds, \"It's paramount to understanding the type of company, its level of maturity and how supportive the board may be of changes.\"\r\n\r\nIf the last CISO left because they didn't have the financial resources or headcount for a good cyber defense strategy, a new CISO should make sure there's since been change.\r\n\r\nKaspersky research, in association with Longitude, a Financial Times company, found a closer relationship between the C-suite and cybersecurity teams leads to better security outcomes. Over a quarter (26 percent) of survey respondents said they believed \"strong integration between the C-suite and cybersecurity teams will be very important in the next two years.\" This group also reported they were better prepared to deal with the impact of cyberattacks.\r\n\r\nIt's important senior managers get involved in elements of cybersecurity. If CISOs foster strong relationships with C-suite colleagues, they can help those executives better understand challenges facing IT security.\r\nContinuous skill development\r\nWith new threats and cyber challenges cropping up daily, CISOs must keep their skills and technical knowledge up-to-date. But their role also demands a range of 'soft skills.'\r\n\r\n\"CISOs, like all C-suite roles, need continuous development, not just with technical skills,\" says Naveen Vasudeva, Founder and CEO of United Arab Emirates-based CyberTree Paradox, a cybersecurity firm focused on small-to-medium enterprises. \"The CISO must be a diplomat, skilled in communicating technical things simply, so others can understand and take action.\"\r\n\r\nTo thrive in their career and ensure a long tenure at companies they enjoy working for, CISOs should build their skill base. This will mean they're as prepared as possible for challenges that come their way.\r\n\r\n\r\n\r\nBut if a CISO finds they're completely exhausted and can't perform their job because of lack of company support, the best option may be to seek greener pastures.\r\nStrong teams are everything\r\nC-suite executives have a vital role in improving CISO working conditions and retention. Not all C-suite members can gain a comprehensive understanding of cybersecurity. Those who do develop that understanding can show inclusive leadership and better support the CISO.\r\n\r\nA CISO is only as effective as the team they lead. Highly skilled cyber professionals are in hot demand, hard to retain in a competitive market. A Cybersecurity Ventures 2020 study found unfilled cybersecurity jobs grew 350 percent in the eight years to 2021. A CISO may enter a business and find their staff don't have the right skills, making it hard to succeed in their role.\r\n\r\nVasudeva thinks selecting the right team is the difference between success and failure. \"You can't do it all, and you shouldn't. Pick skills in your team you can rely on and help them develop their next moves, so you can develop yours. It's about leadership, not management \u2013 there's a massive difference.\"\r\n\r\nShort tenure hurts CISOs and companies, so everyone involved should address the issue. Kaspersky's 2020 global business survey backs this up, with 38 percent of respondents saying lack of consistent management in IT security is a challenge. Being a CISO for just a year or two isn't enough time to make a real difference or embark on transformational projects, let alone change corporate culture.\r\n\r\nThere is no one way a CISO can fully protect themselves from short tenure, but if they focus on enhancing their skills, build relationships with executives and create a strong team, they will likely find themselves in a strong position. C-suite colleagues have an important role to play in retaining CISOs too \u2013 raise your cybersecurity understanding so your CISO can rely on your support.\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/footer>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/article>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\n<h2>506 million web-based attacks<\/h2>\n<p>Web-based attacks result from users downloading files that then trigger a cyberattack. These might come from websites made by cybercriminals, infected online resources within user-created content (like online forums) or legitimate resources that cybercriminals have hacked.<\/p>\n<p>Cybersecurity education can be a powerful tool in preventing web-based attacks. <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/heathrow-airport-cybersecurity-education\/44618\/\" target=\"_blank\" rel=\"noopener nofollow\">Heathrow Airport has a novel staff cybersecurity education<\/a> that carefully targets those needing it most with 10-minute online learning modules.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/-HShm77Izow?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<h2>1.4 million cryptocurrency mining attempts<\/h2>\n<p><a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/mining-cryptocurrency\/\" target=\"_blank\" rel=\"noopener\">Cryptocurrency mining<\/a> is very much on the rise. Kaspersky Security Network detected around 1.4 million attempts to install mining software in the past year.<\/p>\n<blockquote><p>Cybercriminals hack computers and use their processing power to make money by \u2018mining\u2019 cryptocurrency.<\/p>\n<\/blockquote>\n<p>Mining means digitally solving complex mathematical problems that verify cryptocurrency transactions, which also earns cryptocurrency. It slows devices and <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/it-climate-change\/34996\/\" target=\"_blank\" rel=\"noopener nofollow\">uses much electricity<\/a>.<\/p>\n<p>In November 2022, Kaspersky announced they\u2019d seen a <a href=\"https:\/\/www.kaspersky.com\/about\/press-releases\/2022_crypto-miners-on-the-rise-kaspersky-experts-report-more-than-230-growth-in-the-number-of-malicious-mining-programs\" target=\"_blank\" rel=\"noopener nofollow\">230 percent growth in cryptocurrency mining<\/a> in the third quarter of 2022 compared with the same period in the year before.<\/p>\n<h2>102 million attempts to visit malicious URLs<\/h2>\n<p>Malicious URLs are a common tool in \u2018<a href=\"https:\/\/encyclopedia.kaspersky.com\/knowledge\/what-is-phishing\" target=\"_blank\" rel=\"noopener\">phishing<\/a>\u2018 attacks \u2013 when cybercriminals send emails inducing recipients to click on links, downloading malware.<\/p>\n<p><a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/explaining-endpoint-detection-response\/43657\/\" target=\"_blank\" rel=\"noopener nofollow\">Endpoint security<\/a> is vital in protecting against phishing, as is <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/immersive-labs-interview\/32198\/\" target=\"_blank\" rel=\"noopener nofollow\">employee cyber-awareness<\/a>.<\/p>\n<h2>377,000 attempts to steal money<\/h2>\n<blockquote><p>Kaspersky\u2019s software identified and blocked 377,000 attempts by financial malware to steal from online bank accounts, ATMs and payment terminals in 2022.<\/p>\n<\/blockquote>\n<p>These attacks were often in the form of \u2018<a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/banker-trojan-banker\/\" target=\"_blank\" rel=\"noopener\">banking Trojans<\/a>\u2018. In early 2022 a particularly sophisticated money-stealing Trojan popped up that <a href=\"https:\/\/www.kaspersky.com\/blog\/fakecalls-banking-trojan\/44072\/\" target=\"_blank\" rel=\"noopener nofollow\">masquerades as a banking app and imitates phone conversations<\/a> with bank employees. The app fooled many, highlighting the need to teach employees \u2018cyber hygiene\u2019 \u2013 like remembering to pause and think before downloading anything. Those who provide legitimate apps or financial services might also reflect on how they can show customers their products are trustworthy.<\/p>\n<p>These big numbers in cybersecurity over the past year show how threats to business are growing and changing. Cybercriminals always find new ways to get through consumers\u2019 and employees\u2019 defenses. By combining hiring the right people with robust cybersecurity education and strong security solutions, your business will greatly reduce its chances of a serious attack succeeding. Then, you can spend your time on what you do best.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Knowing which threats are on the rise can help your business stay ahead. Here are some your business should look out for in 2023.<\/p>\n","protected":false},"author":2552,"featured_media":46973,"template":"","coauthors":[3673],"class_list":{"0":"post-46971","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-safer-business","7":"emagazine-category-threat-intelligence","8":"emagazine-category-trends","9":"emagazine-tag-cryptocurrency","10":"emagazine-tag-malware","11":"emagazine-tag-phishing"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/ciso-executive-retention-cybersecurity\/45475\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/ciso-executive-retention-cybersecurity\/27030\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/46971","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2552"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/46973"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=46971"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=46971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}