As the new year begins, many people pause to reflect on the past 12 months and prepare for the upcoming year ahead. That pause and reflection can often help us reset our perspective and prepare for cybercrime risks in the new year.
When it comes to evaluating the evolving risks to our personal information, an end-of-year recap can be useful to prepare for the new risk trends that are on the horizon.
That’s why the IdentityForce team and Eva Velasquez, President and CEO of the Identity Theft Resource Center, connected for a recent webinar to compare notes from 2022 to examine what threats might be seen in 2023.
Here are a few highlights from that discussion. The full webinar, Surveying 2023’s Cyber Landscape: Preparing for Next Year’s Risks Now, is also available to listen to on demand.
WAS 2022 AS BAD AS EXPECTED?
At the beginning of 2022, there were serious concerns about increased levels of cybercrime. After all, the previous year had seen a historic number of data breaches, with roughly 295 million individuals having their data compromised. With that much data being exposed, the question of how that stolen data would be used was obvious.
The pace of breaches in 2022 has been below that of last year, so the total number of victims for the year has been tracking lower than last year. Still, there were more than 165 million victims impacted by data compromise from January to the end of September.
A single breach can also alter the numbers dramatically. In August, the number of victims increased by 100 million based on just two breaches.
CYBERATTACKS CAUSE THE MOST DATA BREACHES
Cyberattacks are far and away the biggest cause of data breaches, accounting for 88% of breaches in the third quarter of 2022.
The most common type of cyberattack is phishing — a kind of social engineering attack where criminals send an email pretending to be a trusted person or business to get victims to reveal their personal or payment information. In fact, phishing has been the top method of attack since the start of 2019. The next most common is ransomware.
Based on that breakdown, criminals seem to be focused on tricking people in order to get what they need rather than breaking the cybersecurity defenses that have been put up—which mirrors research from Verizon that showed 82% of breaches originated as the result of a human element, like an employee falling victim to a phishing attempt.
LOOKING FORWARD TO 2023
Based on the recent trends seen by Sontiq, IdentityForce and the ITRC, there are a few trends we expect in 2023:
- Phishing: As noted, phishing has held the top spot for 15 consecutive quarters because it continues to be incredibly effective. As phishing emails continue to evolve and become more sophisticated, they will be even more difficult to spot.
- Social Engineering Attacks: The sophistication seen in phishing is also showing up in the other types of social engineering that criminals use. There’s an increase in the number of complex, multi-channel scams — where fraudsters are using a combination of emails, texts, phone calls and bogus websites to provide a realistic “customer experience” as they collect personal data. As a result, 75% of security professionals rank social engineering as the most dangerous threat.
- Relationship Scams: A relationship scam is when a criminal uses a fake online identity to gain a victim’s trust. This can be a romantic or platonic relationship. They build a relationship over time using the cover of a romantic interest or common interests to manipulate and/or steal from the victim. The FTC says relationship scams generated a record $547 million in losses last year.
PREPARING FOR 2023
Given those threats, what can be done to reduce the risk of a breach or identity crimes in the coming year?
- Go to the source: If you did not initiate the communication, do not engage. Verify, verify, verify.
- Use unique and complex passwords: Passwords should be 12 characters or longer and unique to each account.
- Enable multifactor authorization (MFA): If it’s not mandatory but is offered as a security option, opt in.
- Take your time making decisions: Do not feel pressured to act immediately. Scammers rely on people to act without thinking.
- Talk to someone you trust: If you’re not sure of what to do, ask for help. It could be a knowledgeable friend, relative or co-worker, or you could reach out to the professionals at the ITRC.
Even more insights and recommendations are available in the newly released Protecting What Matters Most — our annual eBook now in its sixth edition! Filled with the latest research and actionable insights from Sontiq’s team of identity protection professionals, it reveals the challenges on the threat horizon and how you can take steps now to avoid them. To benefit from these recommendations and protect all that you’ve built, get your complimentary copy today.