The four most common cyber-attacks facing businesses in 2023

Sophie Grosvenor February 27th 2023 - 3 minute read

‘There’s a gathering cyber storm. This storm is brewing, and it’s really hard to anticipate just how bad that will be.’ Sadie Creese, Professor of Cyber Security at the University of Oxford.

We are only a few weeks into 2023 and already both Royal Mail and sports retailer JD Sports have confirmed cyber-attacks have heavily impacted their operations.

Royal Mail export services were heavily disrupted and were temporarily unable to despatch items overseas. The 507-year-old firm, also one of the world’s largest post and parcel companies, became the latest in a growing list of major companies impacted by cyber-attacks.

Cloudflare, the US cybersecurity firm, reported that DDoS attacks, that overwhelm a server with traffic to cause disruptions or outages, increased by 79% in 2022 compared to the previous year. Fears are growing that 2023 could be worse, businesses need to be prepared. Here are four most common cyber-attacks to impact companies in 2023.

Phishing and Social Engineering

The most common, and arguably the hardest to defend against, are phishing attacks. Small firms are particularly vulnerable to such attacks, as phishing accounts for almost 90% of all breaches organisations face. By posing as a trusted contact, an attacker will ‘phish’ for sensitive information in the form of a malicious link or file.

Unlike technological weaknesses in businesses, phishing relies on social engineering to target humans instead, which makes it harder to defend against. The biggest defence is by spearheading training campaigns to ensure employees are aware of the dangers of phishing scams.


Distributed Denial of Services attacks continue to wreak havoc in the cyber security world, and the number of DDoS attacks are expected to continue to rise through 2023.

DDoS attacks work by disrupting the normal traffic of a server, usually a website, by overwhelming it with a flood of requests to knock it offline.

Such attacks can be devastating for a business. These particular attacks are again much harder to defend against as it can be tricky to differentiate between regular and malicious traffic.

Globally, DDoS cyber-attacks are set to exceed 15.4 million instances in 2023, more than double the figure of 2018. State-sponsored DDoS attacks have been on the rise and are expected to increase in 2023. The war in Ukraine has unleashed a wave of DDoS attacks in infrastructure and communication networks in Ukraine and beyond.

June 2022 saw the biggest DDoS attack blocked by Google. In an attempt that had a peak of 46 million requests per second, a blog post from Google noted the attack was like ‘receiving all the daily requests to Wikipedia in just 10 seconds.’ Unfortunately, much like phishing, DDoS attacks are one of the hardest to defend against. In a ThoughtLab study, 40% of chief security officers did not believe that their organisations were equipped for DDoS attacks.


Malware can encompass viruses and trojans that allow unauthorised access to networks to steal or destroy data. Usually coming as a bogus download link from a website or spam email, malware can not only gain access to systems but has the capacity to cripple devices. By providing backdoor access to company networks or machines, both customer and business data is at risk.

Small to medium-sized businesses can be particularly susceptible to malware, as employees are most likely to be working from their own devices, opening up the risk of attack.

However, unlike the previous two forms of cyber-attacks, malware can be much easier to defend against. By ensuring both web and device security is kept up to date, the chances of a malware attack are greatly reduced.


Ransomware attacks have increased in complexity and regularity in the last few years. A type of malware, ransomware prevents access to certain data or entire devices unless a ransom payment is made.

Ransomware attacks have the ability to bring entire industries to a standstill, having massive knock-on impacts on other sectors and businesses such as when the Colonial pipeline in the US was shutdown for several days in 2021.

Analysts expect the number of ransomware attacks to grow through 2023 as access to powerful ransomware tools is becomes more prevalent. Businesses will need to remain vigilant to minimise the risks posed by such attacks.

In a time where cyber-attacks are becoming more and more frequent, it’s imperative firms take steps to implement the right cybersecurity protocols.

Written by
Sophie Grosvenor

Select a topic: