Top 10 CyberSecurity Threats for the 2nd Half of 2022
Brett Gallant
Founder, Technology Leader & Cyber Security Expert| Best Selling-Author | Join me on my next Cyber Security Webinar - Secure your spot today!
If you think that cyber threats are limited to the “typical” categories, such as ransomware, phishing, and malware, we’re about to deliver a super-charged wakeup call.?
What if we told you that someone can watch your every move through your cell phone’s camera? Or that a hacker could gain control of your vehicle, increase your speed, and deploy your car’s airbags? Or that your coffee pot and your smartwatch are in cahoots, plotting a hostile takeover of your security system?
These aren’t things that might happen someday, they’re happening right now.?
If you don’t believe us, let’s look at excerpts from an article by SimpliLearn , “With the Digital revolution around all businesses, small or large, corporates, organizations and even governments are relying on computerized systems to manage their day-to-day activities and thus making cybersecurity a primary goal to safeguard data from various online attacks or any unauthorized access. Continuous change in technologies also implies a parallel shift in cybersecurity trends as news of data breach, ransomware and hacks become the norms. Here are the top cybersecurity trends for 2022.
1) Rise of Automotive Hacking?
Modern vehicles nowadays come packed with automated software creating seamless connectivity for drivers in cruise control, engine timing, door lock, airbags and advanced systems for driver assistance. These vehicles use Bluetooth and WiFi technologies to communicate that also opens them to several vulnerabilities or threats from hackers. Gaining control of the vehicle or using microphones for eavesdropping is expected to rise in 2022 with more use of automated vehicles. Self-driving or autonomous vehicles use an even further complex mechanism that requires strict cybersecurity measures.?
2) Potential of Artificial Intelligence (AI)?
With AI being introduced in all market segments, this technology with a combination of machine learning has brought tremendous changes in cybersecurity. AI has been paramount in building automated security systems, natural language processing, face detection, and automatic threat detection. Although, it is also being used to develop smart malware and attacks to bypass the latest security protocols in controlling data. AI enabled threat detection systems can predict new attacks and notify admins for any data breach instantly.
3) Mobile is the New Target?
Cybersecurity trends provide a considerable increase (50 percent ) for mobile banking malware or attacks in 2019, making our handheld devices a potential prospect for hackers. All our photos, financial transactions, emails, and messages possess more threats to individuals. Smartphone's virus or malware may capture the attention of cybersecurity trends in 2022.
4) Cloud is Also Potentially Vulnerable?
With more and more organizations now established on clouds, security measures need to be continuously monitored and updated to safeguard the data from leaks. Although cloud applications such as Google or Microsoft are well equipped with security from their end still, it's the user end that acts as a significant source for erroneous errors, malicious software, and phishing attacks.
5) Data Breaches: Prime target
Data will continue to be a leading concern for organizations around the world. Whether it be for an individual or organization, safeguarding digital data is the primary goal now. Any minor flaw or bug in your system browser or software is a potential vulnerability for hackers to access personal information. New strict measures General Data Protection Regulation (GDPR) was enforced from May 25th, 2018 onwards, offering data protection and privacy for individuals in the European Union(EU). Similarly, the California Consumer Privacy Act (CCPA) was applied after January 1st, 2020, for safeguarding consumer rights in the California area.?
6) IoT with 5G Network: The New Era of Technology and Risks?
With the advent and growth of 5G networks, a new era of inter-connectivity will become a reality with the Internet of Things (IoT). Read about What Is the Internet of Things (IoT) and Why It Matters? This communication between multiple devices also opens them to vulnerabilities from outside influence, attacks or an unknown software bug. Even the world's most used browser supported by Google, Chrome was found to have serious bugs. 5G architecture is comparatively new in the industry and requires a lot of research to find loopholes to make the system secure from external attack. Every step of the 5G network might bring a plethora of network attacks that we might not be aware of. Here manufacturers need to be very strict in building sophisticated 5G hardware and software to control data breaches.
7) Automation and Integration?
With the size of data multiplying every day, it is eminent that automation is integrated to give more sophisticated control over the information. Modern hectic work demand also pressurizes professionals and engineers to deliver quick and proficient solutions, making automation more valuable than ever. Security measurements are incorporated during the agile process to build more secure software in every aspect. Large and complex web applications are further hard to safeguard making automation as well as cyber security to be a key concept of the software development process.
8) Targeted Ransomware
Another important cybersecurity trend that we can't seem to ignore is targeted ransomware. Especially in the developed nations' industries rely heavily on specific software to run their daily activities. These ransomware targets are more focussed such as the Wanna Cry attack on the National Health Service hospitals in England Scotland corrupted more than 70,000 medical devices. Though generally, ransomware asks to threaten to publish the victim's data unless a ransom is paid still it can affect the large organization or in case of nations too.?
9) State-Sponsored Cyber Warfare
There won't be any stoppage between the western and eastern powers in attempts to find superiority. The tension between the US and Iran or Chinese hackers often creates worldwide news though the attacks are few; they have a significant impact on an event such as elections. And with more than 70 elections bound to be held this year, criminal activities during this time will surge. Expect high-profile data breaches, political and industrial secrets to top cybersecurity trends for 2022.
10) Insider Threats
Human error is still one of the primary reasons for the data breach. Any bad day or intentional loophole can bring down a whole organization with millions of stolen data. Report by Verizon in data breach gives strategic insights on cybersecurity trends that 34 percent of total attacks were directly or indirectly made by the employees. So make sure you create more awareness within premises to safeguard data in every way possible.
These cybersecurity trends in 2022 are bound to have more fear in organizations to stack their security measures. It is expected that organizations will spend more than ever with $100+ Billion on protecting their assets this year alone.”?
With infrastructure security a significant part of almost every organization today, it would be a good choice to start implementing cybersecurity measures now. Skilled and experienced cybersecurity experts are among the most in-demand professionals in the IT industry. Be sure you have a cybersecurity plan in place before it’s too late.
While that was a fantastic overview, we feel the need to dive a little deeper into six of these topics. Here we go…
Automotive Hacking
According to excerpts from an article by, israel21c.org , they wrote, “The rise in sophistication amongst vehicle hackers will continue to evolve as the industry continues to adopt advanced connectivity. That means the car has a connection to the Internet, whether to stream music, access Waze or Google Maps or remember your morning Starbucks’ preferences.
Hackers use eight key tricks to gain access to vehicles:
Today, there are more lines of code in a connected car than other highly sophisticated machines, including the U.S. Air Force’s F-35 Joint Strike Fighter, the Boeing 787 Dreamliner, or a NASA space shuttle.”
How to secure your vehicles against hacking
In excerpts from an article by Geiko , they wrote, “Your new car is a technological marvel—it can do everything from read your social media feed aloud to parallel park itself. But all that wondrous tech also makes your vehicle vulnerable to a new threat: hacking. As difficult a feat as it is, hackers have demonstrated that they can achieve wireless control of certain vehicles’ steering, brakes and transmission.
5 Strategies to Keep Hackers from Gaining Access to your Car
1. Keep In Touch With The Manufacturer
“This is the most important thing you can do,” says personal security and identity theft expert Robert Siciliano. Make sure the manufacturer has your most up-to-date contact information and can reach you about necessary updates or applicable tech-related recalls. And periodically check SaferCar.gov to see if your vehicle has any active recalls.
2. Update Your Car’s Software
If the manufacturer tells you that your car’s firmware (the embedded software) needs updating, bring your car to the dealer ASAP. You’ll want the latest software to correct bugs that may make your car vulnerable.? Or, if you’re more of a DIY person, download updates from the manufacturer—and only the manufacturer (make sure by going to their official site), then use a USB drive to install them in your car.
3. Firewall Your Fob
If your keyless-entry fob is near your car, say on your dining room table, sophisticated hackers can use electronic signal-amplifier devices from 100 feet away to unlock your car while it’s parked in the driveway—and maybe even drive off with it. To prevent this sort of attack, cut off the signal from the fob by storing it in a metal box or carrying it in an inexpensive holder that’s specially designed to thwart hackers. Or try a low-tech solution: Lock the car in your garage, if you have one.
4. Turn Off Bluetooth When You’re Not Using It
“If you’re not using Bluetooth connectivity with your cell phone in the car, turn the feature off on your device and the car,” advises Webroot’s Moffitt. Otherwise, Bluetooth is susceptible to data attacks, which can cause a device to crash or expose security holes. “Hackers could get in that way,” Moffitt adds.
5. Hide Your WiFi Password
If your car has a WiFi hotspot service, allowing you to remotely lock and unlock doors and start the engine, don’t keep your password in the car. “You’d be surprised how many people just leave it in the glove box,” Moffitt says.?
AI-powered Malware
As they say, with great knowledge comes great power, and what’s more powerful than Artificial Intelligence? But, just like powerful people, AI can be used for good or evil.?
In exceprts from an article by BullGuard , they wrote, “You may have heard of artificial intelligence (AI) driven malware. It’s painted as the stuff of nightmares, smart malicious algorithms that rule the roost in on-going cyber wars, the spearhead of a dystopian digital world, which can mimick a CEO’s emails down to comma, dashes and verbs, malware that can be released by facial recognition and millions of systems infected when a specific ‘switch’ is triggered.
But how real are these threats and should we be battening down the digital hatches and treating our computers like radioactive devices?
Today there is a lot of talk about AI-based malware simply because theoretical threats do exist and the potential for something really nasty and near undetectable does exist. Some researchers have gone as far as actually developing AI malware to prove the point.
What exactly is AI-driven malware?
AI-driven malware is conventional malware altered via AI to make it more effective. It can use its intelligence to infect computers faster or make attacks more efficient. Conventional malware in a sense is dumb. It is a set of pre-created, fixed code that tries to sneak past defences. In contrast AI-driven malware can think for itself, to an extent.
How does it ‘think?’
AI uses deep learning, for instance an AI algorithm fed with sample data creates its own rules. If, as an example, it is fed with enough pictures of a person it will be able to detect that person’s face in new photos. Applied to malware AI can perform tasks that are impossible with traditional software structures. This means it is very difficult for contemporary endpoint security to identify malware that doesn’t conform to these traditional rules.
Are criminals using AI-driven malware?
There is little evidence to support the belief that criminal cyber gangs are already using AI to help launch and spread attacks. However that doesn’t mean it doesn’t exist and beyond specific AI malware it certainly has the potential to drive through today’s protective measures.
In short, AI in the hands of cybercriminals could pave the way for malware that's harder to detect, more targeted threats and more convincing spam and phishing attacks.”
Mobile is the New Cyber Attack Target
Most people don’t think about their phones as mini-computers. There also seems to be this pervasive herd mentality that believes phones can’t be hacked. But, they are mini-computers… with massive cyber security gaps.?
According to excerpts from an article by Forbes , they wrote, “Unfortunately, only 14% of SMBs are fully prepared to prevent, detect, or respond to cyber-attacks or intrusions.1 Why so few? Most think that hackers wouldn’t want to waste their time attacking a smaller company, and others just don’t have the expertise or budget to put a robust threat management solution in place. Hackers know this about small businesses and use it to their advantage when targeting their next victim.
“It Only Takes One Device to Gain Access to Your Company’s Network”
What businesses may not realize is that mobile security may be their weakest link. A cybercriminal only needs to break into one unprotected mobile device (mobile phone, laptop, or tablet) in a company to gain access to the entire network. Intrusions like this can be crippling to an SMB, costing the company revenue, disrupting its operations, endangering its critically important data assets, and ruining customer relationships. In fact, the impact can be so devastating that when a small business is impacted, approximately 60% are unable to recover and go out of business within 6 months of a cyber-attack.
The increase in employee mobility has revolutionized the way we do business, but it has also created new security risks. On average, mobile users spend approximately 80% of their time outside of the protected corporate network, as they access the web from locations other than the office or company locations.
With this increased mobility, far too many devices are unprotected against increasingly sophisticated hacker techniques – especially when mobile device security patches and upgrades from company IT departments aren’t being installed.
But there are defensive moves that can help prevent cyber-attacks on SMBs. One of those strategies is to adopt a multi-layered cybersecurity solution to outwit the hackers. We’ll address that later, but first, let’s look at why hackers focus on mobile devices.
Top Five Reasons Hackers Target Mobile Devices
1. Steal credentials and passwords. Hackers know that most people use the same passwords across all their mobile devices and applications. If they can figure out the password and get access into the mobile device, it’s easy to move to the user’s laptop and then to the corporate network. Mobile devices are the entryway to a whole world of opportunity for intruders.
Since the pandemic began, phishing attacks have increased 6x with approximately 90% of all breaches starting with a phishing attack3 where a scam artist uses official looking fake emails, to trick an individual into giving away information (passwords, bank details, etc.) With so many emails being read via a mobile device these days, it’s a target-rich environment to steal credentials and passwords. And the fact that mobile users are dealing with a smaller screen, are often distracted due to multitasking, and can’t see a URL bar that might alert them to something suspicious makes them more vulnerable than they would be at the office on a laptop.
2. Obtain company data. Approximately 50% of cyber-attacks on small businesses focus on stealing company information and/or customer proprietary data, such as Social Security numbers and credit card information.1 If an employee is using their mobile device for email or to access corporate data, the hacker may be able to easily seize it. Because all email and attachments reside in one folder on mobile devices, hackers know exactly where to find and download data.
3. Conduct reconnaissance. When cybercriminals gain control of your device, they can also turn on your microphone or your camera, and spy on you. If the CEO is using their mobile phone to negotiate a big deal, once the hacker has compromised the phone, they can hear every word. A lot of powerful movers and shakers live by their mobile devices, and the last thing they would want is someone knowing their every move.
If the hacker has access to your device, they also have access to your contacts and your calendar and can figure out just the right time to turn on the recording function. It won’t be during your dentist visit; it will be when you’re meeting with a client or a potential client. If that hacker has targeted you individually because of your position in your company, what they learn in their spying could be incredibly valuable to a competitor or even a foreign government.
4. Land and expand. That is, to go beyond control of the device to higher value objectives, such as the corporate network. There are many ways that someone who has compromised a mobile device can gain corporate access. There is the simple approach, which is to use the device that the hacker now controls to send texts and emails posing as the legitimate user to gain further information or cause disruption. Or, through control of the device itself, the hacker can leverage the mobile devices’ connections to the corporate Wi-Fi network when the user goes back to the office and re-connects.
A hacker can also take advantage of the guest network in a target company’s lobby. Once they log onto the network, they can see if there are more people connected than are actually waiting in the lobby at that time. This is a good indicator that employees may be using the guest network to go outside the company firewall and access apps and sites that the corporate network is blocking. The hacker can then easily trick a user into downloading what appears to be a game, take control of their device, and set up super-admin privileges for themselves that open up the entire network for malicious use.
5. Deliver malware. Ransomware and malware can provide direct financial gain to a hacker. That was the case with the WannaCry ransomware attack in 2017 that informed recipients that their device was encrypted and instructed the victims to send payment in Bitcoin to unlock their device.
The hackers behind WannaCry specifically targeted Android devices. They accessed a Wi-Fi network, scanned all the connected Android devices, and determined which ones were susceptible to their ransomware. They infected one phone and then–when the user got back to the corporate office and logged onto the company network–they were able to lock up entire companies and demand ransom payments.
Protecting Your Business and Users from Bad Actors
Thanks to the pandemic and the growth in mobile workers, small business cybersecurity has never been more important. To protect your business from a potentially catastrophic cyber-attack, you need to enforce a zero-trust mentality to guard against potential threats. That means taking a proactive approach to threat management–and how you monitor the people, systems, or services accessing your network.
There are many ways for hackers to gain access to your network for any one of the five reasons we mentioned above. Each avenue requires a specific cybersecurity solution to ensure your data is protected. As you review the cybersecurity solutions for small businesses, as well as the needs of your company, make sure you look for options that provide these four types of protection:
Every device that accesses your network poses a risk to your business. If you start with these options in mind as the framework for what you need to protect your business from the growing number of cyber-attacks that are coming your way, you’ll be on the right track.”
领英推荐
The Cloud and Cyber Vulnerability???
As cyber security experts, we are definitely advocates for cloud backups, but we would be remiss if we didn’t draw your attention to some potential threats when it comes to using the cloud. We would also be negligent if we didn’t suggest that you have redundant backups in other forms and locations.?
By “other forms” we mean redundant backups on hard drives and additional cloud platforms. “Locations” mean exactly that. For example, if you only use hard drives, and they are all stored in the same location, you could lose everything during a cyber attack or natural disaster. Additionally, if you only use one cloud storage backup, and that company is hacked all of your data could be wiped out.?
Let’s take a deeper dive into some cloud vulnerabilities and considerations…
In excerpts from an article by Triskele Labs , they wrote, “The popularity of cloud computing has seen a meteoric rise in recent years, thanks to big players like Amazon, Google, and Microsoft, who all provide cloud computing platforms. The technology, which began as a backup storage option, has now become an all-inclusive computing platform that has fundamentally altered the way organisations use, store, and share information.
As cybersecurity professionals are aware, however, anything that becomes popular in the digital world will inevitably become a target of malevolent cyber actors—and cloud computing platforms are no different.
In recent years, the number of attacks on these platforms has increased rapidly. Incidentally, cloud cyber attacks accounted for 20% of all cyber attacks in 2020, making cloud computing platforms the third most-targeted cyber environment.
All of this begs the question: Are cloud computing cyber attacks the latest cloud computing cybersecurity issue??
Unfortunately, the answer is yes.
Fortunately, as cybersecurity professionals, we know that any cyber threat, including threats to the cloud infrastructure, can be mitigated with adequate security controls and practices.
In this post, let’s look at some of the biggest data breaches in recent times, what causes these breaches in cloud cybersecurity, and how organisations can prevent these from occurring in the future.?
What is a cloud attack?
Any cyber attack that targets off-site service platforms that offer storage, computing, or hosting services via their cloud infrastructure can be classified as a cloud cyber attack. This can include attacks on service platforms that utilise service delivery models like SaaS, IaaS, and PaaS.
For example, on January 22, 2020, Microsoft announced that one of their cloud databases was breached back in December 2019, resulting in the exposure of 250 million entries, including email addresses, IP addresses, and support case details.
According to the computing giant, the cause of this data breach was a misconfigured network server that was hosting the critical information. While this is not the biggest, it was one of the most shocking cyber attacks due to the high-profile nature of the target.
The causes of cloud computing cyber attacks
According to McAfee, data in the cloud may just be more vulnerable than data on on-site servers. These vulnerabilities are compounded by lapses across both Cloud Service Providers (CSPs) and end-users.
Misconfiguration
CSPs provide different tiers of service depending on how much control an organisation needs over their cloud deployment. These offerings include Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
Organisations have to configure these deployments according to their requirements to ensure more robust cybersecurity.
Unfortunately, most companies do not have an adequate cloud security posture to ensure the safety of these services, leading to vulnerabilities in deployment. According to IBM, misconfigured servers are responsible for 86% of compromised records.
Knowledge of the specific deployment you’re using will help you configure it according to your security needs with the security tools provided by CSPs.
Compromised user accounts
Weak password protocols are a leading cause of compromised user accounts. Many users who work with cloud services do not have strong password protection, as they either use weak passwords, reuse older passwords or don’t change their passwords regularly.
As cybersecurity professionals, we encourage users to change their passwords regularly, at least once every 60–90 days.
API vulnerability
CSPs provide application programming interfaces that allow users to interact and work with their cloud computing service. These APIs include extensive documentation to allow users to understand and use them effectively.
This documentation, however, can be obtained by hackers too and can be used to exploit the APIs to gain access and exfiltrate sensitive data stored in the cloud.
Also, any vulnerabilities in the integration and configuration of these APIs will leave a backdoor open for cybercriminals to exploit.
Eliminating security oversights in the implementation and configuration of APIs can be done by sticking to the documentation. Organisations also need to strictly monitor the functioning of the APIs to identify any vulnerabilities.
Malicious insider activity
Even if organisations implement the most secure cyber ecosystem, a malicious user can negate these security protocols and leak critical information.
The activities of malicious insiders are often hard to detect as they might already have access to critical information. In fact, over the last few years, the number of security breaches as a result of insider threats has seen a sharp upturn.
To negate insider threats, organisations can implement stringent access controls to limit the amount of information accessed by individuals inside your organisation.
Prevent cloud cyber attacks by implementing powerful cloud security measures
Every day, a greater number of organisations adopt cloud services to facilitate their move to a remote work environment and increase collaboration between global team members.
As adoption increases, so do the vulnerabilities. By understanding cloud security basics and some of the most common vulnerabilities that occur therein, we can limit our risk of becoming a target of cloud cyber attacks.”
IoT with 5G Network: The New Era of Technology and Risks
In this section, we’ll be exploring the devices you may have purchased to make your daily life easier. Yes, IoT devices are certainly convenient, and they are not only here to stay, they will multiply faster than rabbits. The funny thing is, you may not even realize how many IoT devices you currently own; much less how they pose a threat. Let’s take a deeper dive…?
According to excerpts from an article by Aspire , they wrote, “The internet of things or IoT, is on the rise. The number of connected devices is set to increase from 700 million to 3.2 billion by 2023. While there are several factors contributing to this rise, the most important will be the development of 5G networks. 5G networks will go a long way in improving the performance and reliability of these connected devices & data transfer speeds.
The commercial success of any IoT device is ultimately tied to its performance. It is dependent of how quickly it can communicate with other IoT devices, smartphones, tablets, software in the form of app or website and more.
According to reports, 5G will be 10 times faster than current LTE networks. When it comes to smart home devices, this increase in speed helps to reduce lag and improve overall speed in which connected devices send and receive data and notifications. Besides smart home devices, all IoT devices will enjoy greater speeds including those with healthcare and industry applications.
5G – The fifth-generation mobile network offers:
5G is a new global wireless standard. It delivers a new kind of network and is designed to connect almost everyone and everything together. When combining 5G with IoT, it should enhance the operational capabilities of these devices. But it also introduces new risks.
IoT with 5G
There is a big difference between a 5G implementation and IoT implementation. This is essentially around the standards that are available for either of the architecture.
5G is highly regulated and is built upon a recognized set of standards which have been issued by industry groups such as the Third Generation Partnership Project and the United Nations International Telecommunications Union.
“IoT devices are largely unregulated and have no generic standards that they follow.”
With the concept of edge computing, processing has moved closer to where the data is. Instead of having to send the data across the network into the cloud and then do the processing and then send it right back, you will be able to shift the whole control plane and allow the data to move between the IoT devices. But this of course has changed the cybersecurity landscape and it has now become a decentralized model.
An IoT device is made up of sensors, hardware that connects the sensors and a layer of software. The software does the computing and managing of hardware and the sensor data. Then there is a communication interface, which allow connection to the 5G network.
Creating a generic security architecture is very difficult as there are so many ways to design, build and use an IoT device. Some of the models that have been proposed include the Industrial Internet Reference Architecture, Cisco’s Internet of Things reference model etc.
Security risks associated with an IoT system
Current risk methodologies and risk assessments are not designed or fit for the purpose of identifying the IoT related risks, in a thorough and repeatable way. These devices will be connected to the 5G network and will be pervasive and ‘on’ all the time. The kind of attacks that they’ll be vulnerable towards are still pretty much standard ones that affect ordinary on-promise networks – eavesdropping, impersonation, man in the middle attacks, denial of service, replay, repudiation etc.
So, if we examine a smart home implementation, where there is a voice activated device that’s connected to an IoT connected lock on the front door. You need not get up and open the door, instead you do that with a voice command. But it also means that the thief or burglar who has identified that you have left the house, can come up to the front door, open the letterbox, and shout the same command and get free access to your home. So, the issue here is a lack of authentication at the IoT device and that device not necessarily having the ability to recognize only the homeowner’s voice.
5G will still suffer from the 4G vulnerabilities. It is not possible now to roll out a dedicated 5G network all at once. At someplace 5G is partially implemented side by side a 4G hardware and software components, for an extended period. So, to achieve a strong IoT security baseline it will take a multi layered approach.
Going Forward
Security teams will need to understand how 5G works and where the computing power will happen and how the computing decisions are made. The very nature of 5G networks means that the volumes of data will be order of magnitude greater than what they are now.
The traditional approaches, that lot of organizations, now have is not going to work moving forward. The volume of data is going to be so vast and the ability to triage that data cannot be done by human operators.
So, you must start thinking around what techniques can be put in place within the IoT, 5G environment in an automatic repeatable and reliable way. Strategies need to be thought about how you’re going to securely manage these IoT devices.
Another key thing that needs to be thought about is a risk management framework, that will incorporate fully the IoT and 5G environment. Define a strategy so that you can reduce your risks especially if you are anticipating that you’re going to use 5G enabled IoT devices.”
Human Error and the Role it Plays in Cyber Threats
We have written countless articles that include this topic… The single biggest threat to your business’s cyber security? You and the people you work with.?
In (vastly abbreviated) excerpts from an exhaustive article by CompariTech , they wrote, “We can take all the precautions and preventive measures possible to minimize the risk of cybercrime impacting ourselves or our businesses. But at the end of the day, all it takes is simple human error to put everything in jeopardy. Whether it’s a link click, download, missed update, or misconfiguration, everyday mistakes can lead to big problems.
Let’s talk about the biggest threats…
Trusting Public Wifi
45 percent of workers in the US believe that public wifi is safe when they are in a trusted location. Globally, we’re a bit more savvy, with 26 percent of users worldwide trusting public hotspots.
Public wifi hotspots are notoriously unsecure. Hackers prey on unsuspecting users to steal information such as passwords, financial details, and other personal information. Really, no one should be connecting to a public network without connecting to a suitable VPN for public wifi first (to encrypt your internet traffic and keep it hidden from snoopers).
Failing to Lock Smart Phones
Globally, 42 percent of respondents use a biometric lock (for example, a fingerprint scan) and 24 percent use a four-digit PIN to unlock their device, but 10 percent have no lock on their device at all. This is in spite of the fact that 41 percent of workers admit to using their smartphone for both work and personal activities.
Sharing Access to Company Devices
50 percent of respondents admitted to allowing family or friends to use their work-issued device. While the motives behind this may be harmless (the most common reason is to check email), you just never know what someone might mistakenly click on.
Ignoring CyberSecurity Guidlines
More than half of respondents said that employees ignored policies and guidelines surrounding cybersecurity. It appears employees are simply modeling their executives though, as 85 percent of CISOs admitted to loosening cybersecurity measures so that employees could work remotely.
(Re)using Weak Passwords
With so many online accounts to deal with (HYPR says many of us manage more than 30 each), remembering all these passwords can be tough. As such, it’s no surprise that people tend to reuse (easy to remember) passwords on multiple accounts. However, this can be a risky practice. If a set of credentials is compromised, for example, in a data breach, cybercriminals can use a tactic called credential stuffing to use that username and password combination to hack into other accounts.
It’s all too easy to have a lackadaisical attitude toward cybersecurity… until it’s too late. If your organization has a purely reactive approach to information security, there needs to be a culture shift. You can implement initiatives to remind workers about security actions and policies, for example, via posters or emails.
You should also encourage discussion around cybersecurity and ensure that employees know where to direct any questions they may have. Bear in mind that culture changes often trickle down from the top, so higher-level employees, in particular those in the IT department, need to set a good example.”
At Adaptive Office Solutions , cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.
When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime.?
To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at [email protected]