If the cost of $9 trillion isn’t scary enough, consider what it means that the value of cyber-attacks is estimated to increase to beyond $13 trillion in the next 2 years. What this indicates is that if any company, for a minute, thinks that they’re safe, this is an illusion. Despite investment in IT security teams, systems, and software – yes, even AI enabled state-of-the-art technologies – all companies and individuals remain vulnerable.

There’s no doubt that incidents of cybercrime are increasing, the methods are diversifying, and criminals are getting bolder. Of course, Gen AI is helping the subterfuge, crafting more convincing phishing emails, using stolen identities and gleefully keeping one step ahead of security barriers and guardrails.

Most companies keep adding to their security efforts, including training employees on security best practices. Given how prevalent social engineering and internal attacks are becoming, this is a vital part of the puzzle. What’s more concerning are the co-ordinated stealth attacks aimed at maximizing disruption. What are some of the more unusual methods threat actors are using to cause chaos?

Man-in-the-Middle Attacks – Many forms of communication are encrypted which gives the impression to users that they’re secure. This hasn’t stopped attackers who have found ways to exploit vulnerabilities in SSL/TLS protocols, sometimes using certificates they’ve stolen to access conversations between users without them even knowing they’re at risk. Threat actors might exploit this information or even intercept and alter communications. On an organizational level this could result in major reputational risk.

Baiting as a form of Social Engineering Attacks – These are deliberate targeted attacks where something of perceived value is offered to employees, but instead the data is designed to infiltrate company systems, possibly releasing malware or spyware. Employees are unwitting mules acting as the conduit for threat actors to gain access to internal systems.

Pretexting is another way that employees hand over credentials without knowing their actions are putting company systems at risk. This method is often used by threat actors pretending to be IT support or security auditors. They gain trust and verified access which can leave them free to navigate and exploit internal systems undetected.

Supply chain attacks exploit vulnerabilities in connected systems between companies. As much the systems facilitate the flow of information to make logistics, ordering and deliver more effective, it can take just one weak link to place all members in the supply chain system at risk. The amount of data that flows through these systems means that threat actors can exploit multiple companies simultaneously using a single attack method.

With no guarantee of safety, most companies are employing multi-layered security methods. Vigilance in identifying and fixing vulnerabilities remains a high priority, conducting regular compliance audits and having comprehensive incident response protocols are the basics. This is supported by more advanced surveillance, ongoing employee security training and vigilance in assessing potential third party risks.

Perhaps the realization that company systems will always be vulnerable is not a bad thing. Greater awareness and less trust can go a long way to mitigating the effects of a cyber attack.