As the changes brought about by COVID still resonate in the small business world, it is useful to take a moment to look at some significant cybersecurity threat areas that your company should be aware of in 2022. By knowing and understanding these threats, your company will be better able to protect itself as you attempt to maintain or improve productivity in the year ahead.
Social Engineering and targeting of employees
The term social engineering refers to the diverse types of hacking techniques that cybercriminals use to deceive people, such as through phishing and email impersonation. The goal of these efforts is to get victims to unwittingly give up sensitive personal information. In 2022 and the foreseeable future, security experts predict more advanced versions of social engineering involving innovative technologies and tactics will continue to plague businesses and individuals. Hackers also tend to focus their efforts on the most popular online subjects, which explains why cryptocurrency-related cyberattacks rose 200% from 2020 to 2021 along with a similar explosion in COVID-related charity scams.
Because of the need to defend against this onslaught of attacks, small businesses will need to emphasize the practice of good cyber hygiene in their organizations. Cyber hygiene refers to the habits and practices of employees involving the use of technology. Poor cyber hygiene involves behavior such as logging onto unprotected WiFi networks and failing to use simple protection measures such as password management and multi-factor authentication when accessing devices and systems.
A recent study by Verizon revealed that employees will remain the weakest link in your cyber defenses, as they found that 85% of all data breaches were a result of human interaction. To counter this major threat, your small business will need to implement mandatory email and internet behavior protocol as well as effective password management. Your business should also offer your employees robust training in practicing good cyber hygiene to ensure they are comfortable following these important directives.
Hackers focusing more attention on mobile devices
Cybersecurity experts note that hackers have increasingly turned their attention to mobile devices as they realize that more employees and customers are using these devices to conduct business operations and transactions. In addition, the security protections on phones and other handheld devices tend not to be as comprehensive as for laptops and desktops. This weakness is a result of a less attentive approach that many employees take when using their phones and handheld devices in comparison to their laptops and desktops. In addition, too many users fail to protect these devices at the same level with available antivirus and other anti-hacking tools. Since employees and consumers are increasingly using their mobile devices for work and other interactions, your company must ensure that the same level of cybersecurity protection exists on these devices.
Continued remote work
Since remote work will continue to have a major presence in the post-COVID workplace, the enhanced exposure of company networks to cybercriminals will also remain in place. Working remotely makes an employee more likely to try to access the company network on their own devices, some of which may be compromised or are more vulnerable. Cybercriminals will continuously attempt to exploit the opportunities presented by remote workers with more network connections. Your company will need to stress that employees must always follow good cyber hygiene whether in the workplace or at home.
Expansion of less protected IoT
Technology continues to improve and expand the reach of the Internet of Things (IoT) with ever more sophisticated and connected smart devices, equipment, and services. The negative side of this technology expansion is the simple fact that the more internet portals a company or individual has, the more exposure they also have to cybercriminals. In the US, 70% of households currently have at least one smart home device, and hackers are busy targeting these systems. The expansion of this technology combined with the substantial number of remote workers has resulted in a massive wave of attacks on IoT devices. Kaspersky reports that there were more than 1.5 billion breaches in the first six months of 2021, primarily because many IoT devices lack adequate security protocols. Your company should emphasize the same need for caution when using IoT devices, as their internet connections are vulnerable to cybercriminals.
Although it would seem that cloud security would improve with its rapid adoption in many business areas, the opposite has occurred. A stunning research study by IBM found that cloud vulnerabilities have increased more than 150% over the last five years and 90% of the data breaches came through successful attacks on web apps.
To protect against these vulnerabilities, security experts recommend the use of Zero Trust cloud security architecture. The key to this type of security system is that it behaves as though the outer perimeter has already been breached and requires constant security verifications to access various parts of the network. Your company should look to implement this powerful protection, which can help ease the threat of employee errors and initial security breaches.
Sophisticated ransomware attacks
Although ransomware attacks are nothing new, they have now reached new heights of sophistication and ransomware fees have dramatically increased. The average ransomware fee has risen from $5,000 to $200,000 from 2018 to 2020 and is trending upward. In addition, because the average system downtime from a successful ransomware attack is 21 days, businesses lose considerable income along with whatever ransom they must pay. The damage to a company’s reputation and bottom line from data breaches is also costly in terms of lost customers.
To make matters worse, a disturbing new trend involves the growing presence of Ransomware-as-a- Service (RaaS) providers that brazenly offer users pre-developed tools to execute attacks in exchange for a percentage of ransomware payments. These sophisticated yet affordable tools allow small-time hackers the means to attack businesses of all sizes and will lead to even more ransomware attacks.
Your business needs to invest in powerful antivirus tools, firewalls, and ZeroTrust cloud security architecture as well as provide thorough training and communication on good cyber hygiene to combat this imposing threat. In addition, your organization should also consider cybersecurity insurance to mitigate the impact of any successful ransomware attacks.
Work with a Cybersecurity and IT Support Partner
The most important recommendation we can give your small business is to take the time to consult and work with a trusted IT Support partner, such as Network Depot, to best protect yourself against these cybersecurity threats. Your IT partner will help you select and implement the right cybersecurity tools and solutions that will work best for your unique business.
By knowing and understanding these cybersecurity threats and with the assistance of your trusted IT Support partner, your company will be confident that you are well protected. Secure with this knowledge, your organization will be able to keep its focus on achieving your unique objectives.