SonicWall’s data shows that this year ransomware attacks have declined 41% – and malware is down 2%; this is largely because of the arrests of the Hive group, Genesis marketplace and Trickbot.
Despite this, SonicWall’s VP of EMEA Spencer Starkey’s topline message to organizations is: “Don’t let the overall data fool you.”
Yes, the first quarter of 2023 saw the lowest number of attacks since the fourth quarter of 2019 (51.2 million).
However, the second quarter of this year saw the number of attacks rocket to 74% higher than Q1 at 88.9 million.
Indeed, SonicWall predicts that ransomware attacks are “poised for a rebound” later this year.
Speaking exclusively to UNLEASH, Starkey adds that businesses must be careful not to breathe a sigh of relief: “Complacency is the enemy in the cybersecurity game.”
Hackers have simply changed their tactics – “attacks of other varieties have risen as criminals are searching elsewhere for a quicker payday”.
One example is cryptojacking, which saw a 399% increase in 2023.
All of this means that 2023 has, in fact, been a busy, lucrative year for cyber criminals.
High profile examples include the attacks on payroll company SDWorx, SaaS solution MOVEit and professional services giant Capita – these have potentially compromised the personal data of tens of millions of employees across the world.
For Starkey, these incidents “prove that everyone is vulnerable to cyber-attacks”.
“Data has become an incredibly valuable asset to businesses and governments, resulting in the marketisation of data.”
As a result, it is imperative that organizations do not take their foot off the gas – if they want to protect their business, they must remain vigilant, and continue to prioritize cybersecurity, and update their protocols as the cyber-attack landscape evolves.
Cybersecurity is not just IT’s problem
For decades, cybersecurity was seen as a concern for just IT departments. But more and more large- scale attacks that target employee data has brought HR teams into the fray.
“Think of all the data that HR holds; full names, IDs and passports, bank details, data of birth, payroll information, the list goes on… All that info put together creates a high-profile data set of an individual, which in the wrong hands, could be used by bad actors for both nefarious and financial gain,” notes Starkey.
Ultimately, “the biggest asset of any company is their employees” – and it is HR’s job to protect them, and their personal data.
But this begs the question, where should HR focus as they make cybersecurity decisions?
“Compliance must be top of mind”, according to Starkey.
This is important when companies are thinking about their own protocols, but also when they are signing deals with tech vendors – remember, thousands of companies saw their employees’ data compromised indirectly through their partnerships with MOVEit and SDWorx.
“When talking to vendors, businesses need to feel confident that they understand their specific needs and the risks they may face,” shares Starkey.
Vendors need to “demonstrate clearly how their solutions protect employee data”.
Beyond vendor conversations, Starkey notes that HR has a role to upskill employees in the realm of cybersecurity. This is a crucial, in-demand digital skill that organizations need to nurture, not just this year, the European Year of Skills, but long-term.
Cybersecurity upskilling ensures that employees “know how to protect themselves”, particularly if working from remote, less secure locations.
Phishing, a type of malware attack, remains common.
“There must be implementation of strong security policies and procedures, good password hygiene, high-level encryption, as well as single sign-on and access control when it comes to cloud applications,” notes Starkey.
In addition, Starkey recommends that organizations take a high-level approach – “they must look to constantly monitor their network for suspicious activity…the sooner they can flag a potential issue, the risk of an attack dramatically lowers.”
It is also of paramount importance to have a response plan in place – Starkey is pleased how many businesses are doing this now.
Technology partners can help here, but HR’s focus should be working with IT teams, and specifically the CISO, “to ensure they have full visibility on who to call if the unthinkable happens”.
More on HR transformation at UNLEASH
Interested in learning more about HR tech digital transformation and upskilling?
Join our industry-leading lineup of HR heads who’re harnessing cutting-edge tech to propel their organizations to success at UNLEASH World in Paris this October.
Follow this link to see the sessions we have directly targeted to helping your organization keep up to date with the world’s latest digital developments.
Sign up to the UNLEASH Newsletter
Get the Editor’s picks of the week delivered straight to your inbox!