Like COVID-19, cybersecurity threats aren’t going away any time soon. In fact, most IT experts consider cybersecurity to be the biggest issue they are facing today. Just how big? Consider this: Microsoft’s cybersecurity spending is now expected to exceed $1 billion a year.
If you need more evidence as to the scale of this issue, then look no further than EY’s CEO Imperative Study, in which CEOs viewed cybersecurity as the No. 1 threat to the global economy over the next five to 10 years.
For now, though, let’s just look to the end of 2022. Here’s our thoughts on the five biggest cybersecurity threats of 2022.
1. Remote Workforce Attacks
While the remote workforce was gradually taking hold before COVID-19, the pandemic accelerated the work-from-home movement, which introduced new cybersecurity challenges. COVID-related spam, the mass use of portable media such as USB drives and external hard drives, and the passing of data from work computers to home computers has since brought many a company to its knees. To make matters worse, cybersecurity vulnerabilities have been found in remote desktop software, including Microsoft’s Remote Desktop Protocol, TeamViewer, VNC, and Netop (in February 2021, the Oldsmar, Florida, water system was hacked via TeamViewer, allowing cybercriminals to poison the water supply). Because the remote workforce isn’t going away, BYOD policies are more important than ever, as is the need to lock computer ports to prevent the introduction of viruses or malware to corporate networks.
2. Ransomware
In October, National Security Agency Director Paul Nakasone predicted that the rate of ransomware attacks will not slow down in the next five years. Most ransomware attacks now deploy a double-extortion strategy to thwart an organization simply restoring its data from a backup file. Cybercriminals not only hold the data hostage, but also threaten to leak or sell sensitive data on the dark web.
Using a VPN to encrypt your Internet connection and layering on with real-time threat protection can reduce the risk of a ransomware attack.
3. Phishing
Cybercriminals are using phishing and other types of scams to target business email accounts, which, in 2020, caused losses of more than $1.8 billion, according to an FBI report. Attackers are getting much more sophisticated, using geo-targeted and highly personalized emails to prey on corporate employees. Organizations must continue to be vigilant about phishing attacks to the point of implementing education and awareness programs for its employees; anything less can make you susceptible to a data breach. Although it goes without saying, we’ll say it again here: Avoid clicking suspicious attachments and links, closely inspect the sender’s email address, always check target URLs, and beware of offers that are too good to be true.
4. Insider Threats
Despite all the threats we have lurking on the World Wide Web, we can’t overlook the fact that human error is still one of the primary causes of data breaches. In fact, in its Data Breach and Investigations Report, Verizon reported that 34% of data breaches were directly or indirectly made by employees. The root causes of many of these insider data breaches was not malicious in nature; rather, it was employees connecting infected thumb drives to their network computers or downloading sensitive data to portable media – and then losing the devices. This, we believe, is even more reason to lock your computer ports. If an employee can’t connect a USB flash drive to your network computer, the threat of an unintentional data breach is greatly reduced.
5. Cybersecurity Threats in the Cloud
The work-from-home movement has made cloud services a way of life for many employees, and cloud computing has become a cottage industry. Unfortunately, not all cloud services are created equal – at least from a cybersecurity standpoint – and many lack the proper authentication and encryption necessary to keep data secure.
The leading causes of cloud security incidents are misconfiguration, network vulnerabilities or intrusions, and data leaks. So, if you are considering moving your data to the cloud – or already have – then take a moment to ensure that the provider has robust security measures within its framework.
Don’t stop there, however, because even if your cloud providers are well-equipped to ward off attacks, the end user – your employees (remember threat No. 4?) – can easily be ground zero for a cyberattack through phishing, weak passwords, and more.
The Next Step You Can Take
Cyberattacks have increased exponentially in the wake of the COVID-19 pandemic. No one is immune and no one is safe, which is why every company should conduct an on-site cybersecurity risk assessment.
The FBI reports a 300% increase since the pandemic began. What’s more, ransomware attacks against businesses are now occurring every 11 seconds, according to SafeAtLast, with the average paid ransom roughly $233,217. The global cost will exceed $20 billion. Your company might be next unless you conduct an on-site cybersecurity risk assessment to identify and mitigate risk.
On on-site cybersecurity risk assessment, which determines the likelihood of an attack against your business and its potential impact, should be a critical part of your company’s procedures. An on-site cybersecurity risk assessment can quantify the impact to you company’s reputation, finances, and overall business health.
As technology is continually changing and evolving, companies should aim to undergo a cyber risk assessment at least once every two years or more often if new threats become prevalent.
The Connectivity Center has partnered with several exceptional cybersecurity firms that specialize in cybersecurity risk assessments. Based on your specific needs, we can connect you to the firm that is your best fit. To get started, visit us online.
