Phishing attacks up 61% between 2021 and 2022, what to expect in 2023?

Phishing is a technique used by cybercriminals to obtain confidential information such as login credentials, credit card numbers or banking information. Unfortunately, this practice is constantly increasing and computer security experts have been able to analyze an increase in phishing attacks in 2022.

It is therefore essential to understand the issues of computer security to protect against these attacks. The consequences of a successful phishing attack can be disastrous, ranging from loss of sensitive data to financial fraud.

It is important to keep up to date with the latest techniques used by cybercriminals and to follow best practices in computer security to protect our personal and professional data.

Phishing numbers and trends in 2022

Statistics show a significant increase in phishing attacks in 2022. According to a recent study, this type of attacks has doubled since 2021. It is estimated today, that there have been more than 500 million such attacks in 2022. Cybercriminals are using increasingly sophisticated techniques to deceive users and obtain their confidential information.

The sectors most affected by phishing attacks are financial services, healthcare and information technology. Cybercriminals also target small and medium-sized businesses, as they are often less well protected than larger companies.

The most common types of phishing attacks are email phishing, SMS phishing, and website phishing. Cybercriminals often use emails and text messages that appear to be sent by legitimate institutions, such as banks or utility companies, to trick users into clicking on malicious links or providing confidential information. These last years, le spear phishing, or targeted phishing in French, is increasingly present. Cybercriminals therefore do not choose their victims by chance.

Experts have discovered that one of the most powerful spear phishing devices managed to block more than 500 million attempts to access fraudulent pages in 2022, twice as many as in 2021.

It’s important to stay vigilant and follow IT security best practices to protect against phishing attacks. This includes verifying email and SMS sources, regularly updating security software, and training employees on phishing techniques.

The main reasons for the increase in phishing attacks in recent years

Several factors contribute to the increase in phishing attacks. First, the COVID-19 pandemic has led to an increase in the number of people working remotely, which has increased security risks for businesses and individuals.

Additionally, cybercriminals increasingly have access to sophisticated tools and increasingly advanced techniques to carry out phishing attacks. They also use social engineering techniques to manipulate victims into divulging confidential information.

Finally, the large amounts of data available online make it easier for cybercriminals to target specific individuals or companies. Personal information is often easily accessible on social media and other online sites, making it easier to target and exploit vulnerabilities.

It is therefore essential to take measures to strengthen IT security, such as implementing rigorous security policies, training employees on security risks and using state-of-the-art security software.

The consequences of phishing attacks on a company

Phishing attacks can have disastrous consequences for businesses. First, it can lead to the loss of sensitive data, including financial information, customer information, and intellectual property data. These losses can have a significant financial impact on the business, as well as a loss of trust from customers and business partners.

Additionally, a successful phishing attack can cause malware to spread across corporate networks, compromising the security of the entire system. This can lead to disruption of business operations and loss of productivity.

Finally, businesses that have fallen victim to a phishing attack may be subject to regulatory and legal investigations, resulting in additional costs to the business.

It is therefore essential for companies to implement effective security measures to protect against phishing attacks, as well as to regularly train employees on best practices in IT security. This can help reduce the risk of data loss and disruption to business operations.

The outlook for 2023

In the third quarter of 2022, cyberattacks increased by 28% compared to 2021, a trend that is already established and which does not seem to be abating any time soon. The annual report published in October 2022 by Allianz Global Corporate & Specialty (AGCS) announces an intensification of these incidents in 2023.

Ransomware is the biggest threat to businesses, with increasingly aggressive and sophisticated strategies emerging. Hackers no longer just encrypt data to block access to it, but now use double and triple extortion to obtain ransoms.

Deepfake is also added to the panorama of cyber risks. In 2020, a bank in the UAE fell victim to a scam that allowed cybercriminals to steal $35 million using this technology. Phishing campaigns and scams via collaborative platforms such as Teams or Slack complete the picture of cyberattacks expected for 2023.

In 2023, Europe is moving towards improved cybersecurity. Although the European Parliament approved the update of the Directive on the Security of Networks and Information Systems (NIS 2) on November 10, 2022, the final validation has yet to be pronounced by the Council of the European Union. Then, Member States will have 21 months to apply the legal changes.

These new regulatory requirements aim to strengthen cybersecurity in Europe, by imposing stricter standards on IT security for companies. This should help reduce the risk of attacks and protect user data. Companies will therefore need to be able to comply with the new standards to avoid penalties and fines.