Involta's Vice President of Security and Compliance, Mark Cooley, shares the top threats to cybersecurity in 2022.
In today’s world of cybersecurity, it is not a matter of if, but when you will be faced with a cyber attack. Cybercriminals of 2022 are taking advantage of the post-pandemic workplace with more employees working from home. It is imperative now more than ever to make sure your network is protected.
Cyberattacks don’t just affect large businesses either. Every business from small to large is vulnerable to attacks. According to the 2021 Verizon Data Breach Investigations Report, last year, nearly half of breach victims were small- and medium-sized businesses (SMBs). While large businesses may be the main target for cybercriminals, SMBs experience attacks that can be detrimental to their business causing anywhere from tens to hundreds of thousands of dollars to fix.
The key is to be aware of the type of attacks that you may encounter and establish a proactive approach to combating and securing your data and devices in-house and at home. Being reactive with your cybersecurity will allow cybercriminals the opportunity they have been waiting for to walk right through.
What are some top threats to cybersecurity and how vulnerable is your company?
According to the Sophos 2022 Threat Report, three of the major threats that businesses should pay attention to include: ransomware, malware on mobile devices, and attacks on internet infrastructure.
Ransomware is exactly what it sounds like. Cybercriminals are hacking into devices and holding your data for ransom. These hackers have become more sophisticated in their ability to keep you from regaining control. So much so that even after paying the cybercriminal the sum of money requested to release your data, many businesses are still not receiving all of their data back.
The thing is, a cybercriminal can’t demand ransom if they are not able to gain access to your network in the first place. A business that has a lack of security on the front end will be more vulnerable to this type of threat. Some of the gateways a business should pay closer attention to revolve around simple measures to put into place with regards to employee training.
Training your employees to notice a threat can make all of the difference, such as - not opening Spam with malicious attachments, not opening or responding to emails that disguise themselves as “from the President” of the company, or creating strong passwords. Also, backing up your data and making sure your software is up-to-date. A little can go a long way when it comes to cybersecurity.
Malware on Mobile Devices
While cyberattacks may be more prevalent on traditional devices such as desktop computers, attacks on mobile devices have increased in popularity in recent years and are not going away anytime soon. The cyber threats most seen on mobile devices include viruses, spyware, and SMS phishing (aka Smishing) attacks, just to name a few.
In a more casual work-from-home environment, employees are no longer just taking calls using their mobile devices. They are sharing files through mobile applications, arranging travel, and even conducting business and financial transactions. Although the need to work and communicate with one another easier and faster is increasing in demand, a business must acknowledge the vulnerabilities and protect its data.
Businesses can help to reduce mobile attacks by being proactive and promoting policies that will mitigate mobile vulnerabilities. These can include: ensuring all OS and app software is kept up to date, only installing apps from official stores, do not connect to public networks, and enable locking the device with a PIN. The more barriers a business and employees can put in place, the less they are vulnerable to cyberattacks.
Attacks on Internet Infrastructure
Cyberattacks can cause disruption in many ways. One way is by infiltrating the internet infrastructure to potentially force a business to shut down for a period of time. Let’s face it, we depend on the internet to conduct business. Because of this, we use it daily to research, have a dialogue with customers, and save important documents. The internet is a powerful tool and if not protected, can truly place issues on a business that keep it from daily operations.
Another vulnerability that businesses face is called session hijacking. Say you are in the process of researching valuable information for your client and a hacker intercepts your session and disconnects you from the server while proceeding to replace your IP address with an IP address controlled by the hacker. At this point, the server doesn’t know that it is no longer communicating with you and instead continues the session with the hacker. This means you just lost complete control over your server and the internet connection is no longer safe.
While this type of threat and many others might seem daunting and more widely and frequently prevalent, the basic measures to put into place to divert the threats remain the same as it has for many years: train your employees to recognize threats before they occur, create strong passwords and change them regularly, maintain your systems and keep anti-virus software up-to-date, backup your data, and regularly check your systems for suspicious activity. One of the most effective measures you can take to prevent these types of network attacks is to implement multi-factor authentication (MFA) for every login possible that a threat actor could compromise, including for any VPNs used to access your company's network.
To learn more about managing your network security and defending your IT systems, reach out to me here or visit involta.com.
Also, don’t forget to check out Involta’s Cyber Security Master Class on September 21, where you can learn from industry experts on cybersecurity trends affecting businesses – what to be on the lookout for, how to identify bad actors, and what to do if it does.