The year 2022 was a year of cyber threats. For example, companies faced increased threats from ransomware and other cyberattacks. The potential impact on the business activities of companies is enormous: about half of all ransomware attacks on German companies cost the affected organizations more than $100,000. Phishing in particular was considered the number one threat: in September 2022 alone, more than 415,000 phishing websites were detected worldwide. And 2023 is unlikely to be any easier for corporate decision-makers and security managers. That's because attackers are becoming increasingly sophisticated at using social engineering techniques to obtain sensitive data and information. Whether via emails, text messages or even phone calls, cybercriminals are constantly adapting to the latest developments - and with great success. But what trends can be identified? And what does this mean for companies?

Phishing trends: focus on trusted services and current events

Current events such as energy crises, fear of war or inflation continue to be exploited for phishing scenarios that are as realistic as possible. This applies not only to social and political developments, but also to economic decisions made by individual companies. Attackers are increasingly relying on trustworthy services. Those who impersonate Amazon, Google or Microsoft benefit from a trust advantage with their victims. Whether it's supposed tariff changes or cost increases, blocked user accounts or a free upgrade - it's easy to fall for the cybercriminals. Attackers are also increasingly targeting cell phones and mobile applications - a trend that was already apparent last year.  They often then impersonate another person by creating fake profiles on social media and sending infected links or files. This is particularly precarious if the criminals are targeting employees of a particular company in the process. It becomes even more difficult in the case of a so-called business email compromise (BEC), when messages are sent not from a fake profile, but from a hijacked business email account. Finally, business-related phishing emails are particularly promising. In fact, about half of these phishing emails address HR-related topics.

New risks arise with ongoing change

The ongoing transformation of the world of work continues to play into attackers' hands: Hybrid work models and home offices make companies vulnerable to attack. At the same time, the strained economy caused by inflation and geopolitical tensions is putting companies on the spot: they simply can't afford the risk of losing business. This puts phishing and other cyber risks on the management agenda. These have long since ceased to be a purely IT problem - on the contrary. To cope with the threats in the cyber space, many are relying on innovative solutions. For example, the spread of artificial intelligence (AI) is also having an impact on cyber security. Already, around half of companies in Germany and Switzerland are using AI-based security solutions - and the trend is rising. Regardless, it remains true that only holistic approaches can provide sustainable protection against phishing and other cyber risks. This includes all employees and managers. Comprehensive awareness of the existing danger as well as regular training in the correct handling of possible phishing attacks are elementary.