Rising cyber threats: a close look at global and Baltic cyber security situation2023 10 23 · 7 min read
As sectors depend more on data flows, cyber security threats are becoming a bigger priority for countries worldwide. In the Baltic region, cyber security is a growing concern as well.
According to a report by CEPA, the Baltic approach ensures that all cyber security information funnels through a forum of all relevant public, private, military, and civilian sector stakeholders. By establishing an international cyber security council for critical functions, the United States and the European Union set a shared scope for threat collection and a forum for sharing threats.
This article examines the current cybersecurity situation in the Baltic States and worldwide. The piece also explains what is causing the rise in cyberattacks and discusses the key cybersecurity threats that all organisations should be aware of.
Cyber security situation today – what do we need to know?
Cyber security threats are hostile activities aimed at causing data harm, stealing data, or impacting digital life in general. Computer viruses, data breaches, Denial of Service (DoS) assaults, and other attack vectors are examples of cyber dangers. As a result, small companies find it difficult to protect themselves.
According to the Ponemon Institute‘s State of Cybersecurity Report, small and medium-sized businesses across the world have recently experienced cyber-attacks:
- Inadequate security measures. 45% of respondents feel their processes are inefficient at mitigating threats;
- Cyber assault frequency. 66% have been the victim of a cyber assault in the last 12 months;
- Attack context. 69% believe that cyber assaults are becoming more targeted.
The following are the most typical sorts of assaults against small businesses:
- 57% phishing/social engineering;
- Devices that have been compromised or stolen – 33%;
- 30% identity theft.
What causes the increase in cyber attacks?
Understanding the objectives of attacks and the repercussions allows you, as a company leader, to reduce the risk, derive value from your cyber security efforts, and even avoid future assaults. Based to Accenture‘s study, 43% of cyber assaults target small companies, yet only 14% are equipped to protect against them.
The consequences of the cyber security event may continue to influence your firm for weeks if not months. Here are five ways where your company may suffer:
- Financial problems;
- Productivity reduction;
- Damage to reputation;
- Legal responsibility;
- Problems with business continuity.
In the coming years, the Baltic States may experience more cyber espionage incidents. Many attacks involve individuals or small companies acting as carriers of infected data. We are already seeing tactics like social engineering, NFC and QR code scanning, and data theft. Additionally, there is a significant amount of data leaking between different companies. This increase in cyber attacks in the Baltic countries is partly due to the rising number of foreign-owned companies in places like Lithuania, which operate on a global scale.
Top 16 cyber security threats
Social engineering is still one of the most hazardous hacking strategies cyber criminals use because it depends on human mistakes rather than technological flaws.
Cyber criminals can circumvent security systems by breaking into less-secure networks owned by third parties with privileged access to the hacker’s primary target.
Configuration errors – human errors
Even professional security systems are susceptible to software installation and setup errors. In 268 tests done during a cyber security assessment, which included penetration testing, with the Baltic Amadeus, 80% of external penetration testing found wrong exploitable setups.
Weak cyber hygiene
“Cyber hygiene” refers to regular digital habits and practices such as avoiding insecure WiFi networks and applying a VPN or multi-factor authentication precautions. Unfortunately, studies suggest that Europeans’ cyber hygiene practices lack much to be desired.
Statistics from Yubico and Ponemon Institute‘s report show that nearly 60% of firms maintain passwords using human memory, while 42% manage passwords using sticky notes. As a result, such passwords are weak and easily guessable. More than half of IT workers (54%) do not require two-factor authentication to access corporate accounts, while just 37% demand it for personal accounts.
Vulnerabilities in the cloud or cloud breaches
One may expect the cloud to become safer over time. Still, IBM estimates that cloud vulnerabilities have surged 150% in the previous five years. According to Verizon‘s DBIR, web app vulnerabilities caused more than 90% of the 29,000 breaches examined in the study.
Mobile device vulnerabilities
Another consequence of the COVID-19 outbreak was an increase in mobile device use. A larger user base makes hackers’ targets more diverse. In Europe, the biggest problem for people of all ages, even those involved in security, is that personal phones usually remain unprotected.
Internet of Things (IoT)
Because of the pandemic-caused shift away from the office, more than a quarter of the American workforce has brought their job into the home, where 70% of homes have at least one smart device. As a result, assaults on smart or “Internet of Things (IoT)” devices skyrocketed, with over 1.5 billion breaches. Researchers from Demand Sage expect that the number of smart gadgets bought will more than quadruple between 2021 and 2025, resulting in an even larger network of access points to attack personal and business networks. The number of cellular IoT connections is estimated to reach 3.5 billion by 2023, and experts predict that IoT-based assaults against organisations will account for more than a quarter of all cyber attacks by 2025.
As criminal organisations try to avoid the OFAC ban list and employ pressure techniques for payment, ransomware assaults will remain and evolve. Fraudsters may already sign up for “Ransomware-as-a-Service” providers, which allow users to run pre-developed ransomware software to carry out attacks in exchange for a share of all successful ransom payments.
Inadequate data management
Due in part to the exponential rise of data over the previous decade, the same experts from Deman Sage experts anticipate that 2023 will witness a stronger shift away from “big data” and toward “right data,” or an emphasis on storing only essential data. Teams will increasingly rely on automation to sift useful from irrelevant data, which has its own issues.
Poor post-attack procedures
Adopting the subscription model for patch management software is one increasingly prevalent alternative. Products that provide “Patching-as-a-Service” provide continual updates and patches, enhancing patch speed and efficiency. Patch vulnerabilities caused by human mistakes are also reduced by automated patching.
Cyber assaults have been used by governments and state-sponsored entities to obtain access to sensitive information or impair key infrastructure. In 2024, this sort of cyber warfare is projected to become increasingly common.
Insider threats – employees with access to sensitive data can pose insider risks, which can be purposeful or inadvertent. This tendency has accelerated across the Baltic nations over the last seven years. An insider threat may be extremely damaging to an organisation’s cyber security.
Theft of intellectual property
Various companies face a shortage of employees but are reluctant to hire professionals because of their price, so programs or events are created for such people, which they have to solve or describe how they would perform one or another task. But it is usually a problem for the company they are dealing with, and they need a solution. This is how they get data and solutions that they later implement in their environment, while the person who revealed or submitted it remains unemployed.
The risk of automobile hacking grows as cars become more linked. Hackers can use software flaws to gain control of a vehicle’s systems, potentially causing accidents or stealing valuable data.
New AI scams
With the advent of new technologies, cyber criminals are finding new ways to trick people, one of them using AI. As with the rise of the Metaverse, we can expect new scams to exploit users of this technology.
QR code and NFC threats
If not protected with biometrics, NFC technology can allow thieves to make unauthorized contactless payments if they steal or scan your phone. QRishing, a mix of QR codes and phishing, involves tricking users into visiting fake websites to steal their information. This threat has grown due to the widespread use of QR codes during the COVID-19 pandemic. It relies on social engineering tactics that exploit trust and the difficulty of spotting fake QR codes.
What can we expect?
In 2024, cyber security experts will face more challenging tasks due to the evolving threat landscape. This is not just about technical work. It also involves handling complex social and cultural aspects in threat management. As a result, skills like effective communication, relationship building, and creative problem-solving will become even more critical.
If you want to discuss your company’s case regarding cyber security, we are here to assist with consulting and guidance. Feel free to reach out.
How do cloud services help to handle a seasonal peak?2023 11 07
Learn how the public cloud helps manage and optimise trading systems during the seasonal peak.More
Why should your financial institution consider SEPA integration via CENTROlink?2023 10 12
Learn more about the CENTROlink payment system, its key advantages, and how you can access it hassle-free.More
Top 6 tips on setting a robust password2023 07 20
Get six helpful tips and tricks for establishing a robust password.More