Cybersecurity threats 2022 – what you need to know
There’s no getting away from the fact that hackers and cybercriminals are getting more innovative. The number of cyberattacks businesses are experiencing is showing no sign of letting up; in fact, they’re increasing at an alarming rate. In 2021 several large corporations were victim of highly coordinated cyber-attacks with pandemic-induced remote working contributing significantly to the opportunity. Here’s what we know about threats for 2022 and what you can do to avoid them.
Remote work / hybrid working
The global coronavirus pandemic might have changed the way we work forever. We’ve moved from a work-from-home order to a new model of hybrid working with alarming ease. While this delivers on flexibility, it can cause chaos with security. When working in an office environment you’re protected by strict security protocols and firewalls as well as a whole host of IT people who monitor the system to ensure breaches don’t happen. They make sure that users aren’t falling into a net of malicious attacks from viruses or malware.
If people work from home on their own broadband connection, it probably isn’t secure and there isn’t an IT colleague to ask: “should I click this link?”. Cybercriminals will very quickly exploit these vulnerabilities and find the little gaps in security by sending phishing emails or text messages that contain tempting links to ‘click here’. Users might quite innocently click a link and without their knowledge they have sent an open invitation to cybercriminals to come in and hack the system.
Double extortion ransomware attacks
Originally, ransomware was a malevolent piece of coding that could encrypt files with public-key RSA encryption. The attacker would then issue a ransom, threatening to delete the files if the victim didn’t pay. In 2022, we’re likely to see an increase of the even more malicious ‘double extortion ransomware attacks’. Hackers steal a company’s data as well as encrypting files and as well as demanding a ransom for decryption they also threaten to leak stolen files and data if an additional ransom is not paid.
Companies around the world are using cloud technology more and more, but data security is still a concern and one that can leave your business vulnerable to attack. Types of attack vary from account hijacking which uses phishing and keyloggers (a program that records keystroke) to determine password and IDs, to data breaches, and using misconfigured cloud storage to steal records.
Don’t panic! There are steps you can take to protect your business
Remote working – The easiest thing to do here is whenever an employee is working from home, make sure they are connecting via a virtual private network (VPN). It’s a completely secure connection between their terminal and your business system and is relatively low cost. Importantly, it’s very easy for IT providers to implement across an entire company.
Ransomware attacks – Educate employees to never click unsafe links or open suspicious email attachments; both could start an automatic download. Best to encourage people to always ask for advice. Also, never use an unknown USB stick and always avoid disclosing personal information by phone, email or text. Make sure operating systems are up to date and use that VPN!
Cloud vulnerabilities – Again, the first thing to do is make sure the connection is over VPN. Secondly, weak authentication – where people use the same password for everything, and/or don’t follow company password protocols – can be countered by two-factor authentication. With this, there is a conventional password that works in conjunction with an app on the users phone that provides the second part of the authentication process by creating a unique code.
The worst thing is to think that cyberattacks only happen to other people. They can happen to any business (those hacked large corporates can vouch for that). Make cybersecurity a priority and build it into your business strategy. By making sure there’s money and resources for security you can stay one step ahead of those innovative hackers.
Dave Salisbury, Managing Director, Zicam Integrated Security Limited.
Subscribe here to keep up to date with Zicam’s news and views.