Here are 12 of the top cybersecurity issues for businesses to be alert for this year, according to our cyber security experts and based on current and emerging trends, along with cyber security tips to combat some of these risks.
The Australian Government’s Australian Cyber Security Centre (ACSC) reported that in the 2020-2021 financial year, cybercrime reports of ransomware increased by 15 per cent. ACSC received almost 500 reports in the 2020-2021 financial year, which averages at more than one cybercrime ransomware report received every day. This of course only includes the reported incidents.
We expect this number to further increase in 2022. With the increasing amount of online and digital activity due to the pandemic, this number may very well continue to skyrocket. Ransomware is where a virus infects computers and devices to lock files behind cryptography (encoded writing), threatening to destroy, leak or publish the files unless ransoms are paid, typically in cryptocurrency.
Ransomware attacks are often attempted via phishing, enticing employees to click a link, via email or another source, which downloads the ransomware or malware onto the computer. Direct infection by physical access USB devices is also occurring. The best way to tackle this issue is to ensure that employees are educated on spotting phishing attacks, suspicious links, and downloads, and ensure only trusted,security-scanned USB devices are used. Of course, it is also critical for any unexpected downloads or unknown programs to be reported immediately to your cyber security services team or IT support team.
- Phishing threats
Phishing attacks are still one of the most pervasive cyber threats to businesses, with many still falling victim to phishing emails. As these continue to evolve and become more and more realistic, it is becoming increasingly hard to instantly identify a fake email on many occasions, particularly for those without enough knowledge on phishing emails and their tells.
Cyber security services experts agree that cybercriminals are using more advanced business email compromise attacks (BEC), and we expect to see targeted phishing become a more frequent threat, with geo-targeted, localised and personalised content.
- Malicious URLs
Whether they are hidden in phishing emails, SMS messages, social media messages or other places online, malicious URLs remain a significant security concern in 2022. According to a report by Security Boulevard in 2020, 1 in every 8 staff members will unknowingly share information on a malicious phishing site.
- Rogue mobile apps
Rogue mobile apps account for around 28% of the top global fraud types, and this is likely to continue to grow with the popularity of app use. Advanced social media targeting for trojan apps is a factor, with those unaware of the risks of downloading a questionable app falling prey. These trojan apps may play on fears using emotive social media targeting to encourage download (such as spying apps) or appear to perform a function for productivity, banking, currency or business operation. For businesses that have employees with devices that access sensitive company data and information, this is a security risk to be wary of.
- Phone and smart device attacks
Cybercriminals target mobile devices for users who engage in business communications, bookings, banking, and access sensitive company data. In 2019, 70% of fraudulent transactions originated in mobile channels. Remote device hacking and physical device theft for smartphones with low security are a risk for malware, data loss, data tampering, and fraudulent transactions.
- Work from home security attacks
As businesses worldwide are working from home increasingly, phishers, hackers and scammers have a wealth of new potential entry points with low security. Many companies will continue to have their entire workforces, or part of their workforce, work from home in 2022, which presents challenges due to the security of the devices used for work from home access. Many work from home and connect to company data points and access points. Those doing so from home computers, laptops or networks without the proper security protocol will significantly increase the risk of attacks through these remote access points.
- Password leakage
Increased work from home and remote access provides a temptation to share passwords and login credentials in a non-secure way, over messaging, email and other communications platforms, further increasing the vulnerability of attack from leaked passwords. A search through hacked emails, for example, could reveal all the passwords and username credentials shared over that platform. With many users unaware of cyber security safeguards to reduce the risk of sharing credentials, the passwords may be almost handed to cybercriminals on a silver platter, with username, password and platform name keywords all contained in one easily-accessed email, once an account is hacked.
There is also a risk if passwords are used across multiple platforms and for a length of time, as one data security breach could result in multiple hacks and large-scale loss. Ensuring safe password handling, high-security passwords, different passwords for each application or tool, and 2-factor authentication are ways to reduce these risks.
- IoT devices
IoT, Internet of Things, refers to physical objects that have technology present that allow them to connect to and exchange data with other systems over the internet and communication networks.
With 5G accelerating the growth of IoT, the threat through these devices will also increase. Hackers can access vulnerable connected devices such as smart TVs, security cameras and DVRs in the workplace and the home. These are devices many businesses would not consider at risk of being hacked and therefore largely unprotected in many cases. For example, IoT attacks have included hacking into connected household appliances such as smart fridges and smart kettles, to access the networks, and from there access connected computers and phones with sensitive data.
Education and awareness is one security method that can assist in reducing the risk of these attacks occurring. It’s also important to conduct a cybersecurity audit of every connected device in a network. This should be done for all IoT that can be connected and given access to the businesses network, as well as any home networks where a connected device or computer on the network has access to company data and systems.
- User awareness deficiency
Cyber security awareness training is crucial with the evolution and ever-growing sophistication of cyber attacks. An alarming statistic from a report by Infosec indicated that about 97% of people in the world could not identify the tells of a phishing email. Educating staff on cyber awareness and the best actions to take when a fake is suspected can help a business prevent many threats and attacks. Internal resources, information sheets and visual aids for cybersecurity awareness training, and training programs conducted by IT professionals and cyber security experts, are essential security measures for 2022.
- Supply chain cyberattacks
There has been an increasing number of software supply chain attacks in recent years. Supply chain attacks can be catastrophic as they can take down the complete software supply chain and all services, which can cause considerable disruptions to multiple entities. As supply chain attacks are a way for cybercriminals to cause maximum disruption, they are likely to continue to grow.
- Cloud storage attacks.
In August 2021, Microsoft cloud services stopped a denial of service attack, but this occurrence highlighted the possibility of cloud storage system breaches and the potential ramifications if this were to be successful.. With some cloud spaces presenting vulnerabilities such as a lack of authentication, encryption and security auditing, IT security needs to be strengthened for businesses to prevent attacks on these storage places. As cloud storage usually involves all data sharing the same space without being isolated into parts, this presents a vulnerability that needs to be avoided with sufficient security measures. 2-factor authentication, security alerts and appropriate password and computer security are important.
- Social-engineering threats
Humans present the option for human error, and as a result, social engineering will always present a considerable cyber threat risk.Throughout the course of a day, usually-intelligent people can do quite absent-minded things. Some examples may be picking up a USB device found in a random location and plugging it into a company machine or connected device, clicking on links or visiting potentially harmful sites. A common security issue faced is from employees forwarding spam emails to IT departments to confirm if they are spam (which could in itself infect the network). Cyberthreats from social engineering is a real issue when few realise the direct ramifications of their actions or the potential for large-scale issues from simple mistakes.
Cyber security awareness training is a security measure of paramount importance in 2022. Ensuring that employees are aware of the most common cyber security threats, trending threats and what to do when they suspect something suspicious, or when they make a blunder, is important.
Frequent staff communication with, and access to, a cyber security expert and IT support is highly recommended to bring cyber security to the top of mind and ensure that employees ask when in doubt. Ensuring that employees have fast and ready access to security personnel and clear reporting lines for security risk is a good measure to put in place.
Cyber security services and cyber security awareness training: Xari Group
Xari Group are your IT support and cyber security experts. We offer a host of cyber security services and cyber security awareness training. Whether you need ongoing support, have a security issue or need security tips and advice, we are here to assist.
In IT and cyber security, prevention is the best cure, so regular and ongoing cyber security processes and audits are highly recommended. Get in touch with our friendly team today to learn more.