Top cybersecurity threats for 2022 and how to protect against them

Welcome and thank you for reading Managed Cyber Security As A Service, a monthly series where we share insights regarding Cyber Security and how organisations can benefit from it.

Want to stay informed?

Subscribe to this series using the button above and let us know what you want to hear about next week using?#ManagedCyberSecurity?in the comments below. And if you are curious about HackNo and how you can benefit from Managed Cyber Security in your organisation,?learn more here.

Top cybersecurity threats for 2022 and how to protect against them??

ARTICLE BY: Anthony Green - FoxTech

Since the beginning of the pandemic, threat actors have been quick to exploit the growth in home working practices. Small businesses also reported an increase in attacks, and with 60% closing within six months of falling victim to a data breach, establishing a comprehensive cybersecurity strategy has never been more important.

Anthony Green, discusses what businesses should watch out for in this year:

“In 2022, with many organisations implementing flexible working policies, and bringing personal devices into the office, it’s important to understand how cyber attackers might continue to exploit our changing working practices. It is often easier for attackers to breach home network devices, so when personal devices are being used to access company data at home, or brought into the office and connected to company networks, it can expose their system to threat actors searching for vulnerabilities to exploit. With hybrid working policies expanding companies’ cyber risk, it’s vital to be aware of what the threats are, and how to prevent attackers gaining access.”

To help businesses plan their cybersecurity strategies, follow this guide to the top predicted cybersecurity threats for 2022, and what organisations can do to protect themselves.

Ransomware

Ransomware was the defining force of cyber attacks in 2021. threat actors infiltrate a system, steal sensitive data and demand a ransom for its return. Ransomware attacks surged by 144% in 2021 from the previous year, and the problem is only expected?to develop in 2022.

Anthony comments:

“A spate of high-profile ransomware attacks in 2021 has led many organisations to review their cyber risk controls and implement more effective strategies against data loss. While this might make it more difficult for cyber criminals to mount traditional ransomware attacks in the short term, attackers are incredibly agile, so we are expecting their strategies to shift in the coming year”

To prevent your business from falling foul to a ransomware attack, there are two things to consider

• Preventing an attacker from gaining network access – investing in an external security assessment is the most reliable way to discover your vulnerabilities. Cybersecurity experts can then configure your security tools to protect you from the latest methods of attack.
• Catching an attacker before it’s too late – it can take months for an attacker to gather the data they need to demand a ransom. Working with an external, specialised cybersecurity company that can monitor your system and quickly alert you to any suspicious activity can be the difference between a minor incident and devastating financial loss.

“Constant systems monitoring – by someone who is aware of developments in attackers’ tactics – will be more important than ever, as cyber criminals are looking for new ways to circumvent security operations. Currently, businesses are subject to 10,000 attempted attacks a day, but it often takes months for threat actors to infiltrate an organisation’s most well-protected data. Catching a threat straight away, and acting quickly to mitigate the effects of a breach, will prevent attackers from stealing enough sensitive data to deliver a ransom.”

Phishing

Over 75% of cyber attacks start with someone opening a malicious email. These emails are designed to extract data from the recipient, usually a password, which is used to gain further access to an organisation’s network. Once an account takeover has been successful, threat actors are able to mount more sophisticated attacks.

So how can businesses protect themselves from phishing scams?

Anthony comments:

“Security awareness training is essential. Only 14% of UK companies perform cybersecurity awareness training, but educating employees on how to spot phishing scams is crucial. Things such as shortened links, an impersonal address, or anyone asking for private information, can all indicate that an email is not legitimate, even if it appears to come from a trusted source.”

The NCSC provides free security awareness training available here: https://www.ncsc.gov.uk/training/top-tips-for-staff-scorm-v2/scormcontent/index.html

It is also imperative to set up Two Factor Authentication on email accounts and ensure the secure configuration of your email service.

Business Email Compromise Attack

In 2022, when so much business will be conducted through online conversations between remote workers, organisations need to be aware of business email compromise attack – also known as ‘conversation hijacking.’ These attacks are well-researched, and highly personalised, making them difficult to detect and very effective.

This kind of attack usually comes once access has been gained through a phishing attempt. A hacker reads through breached emails to learn as much as they can about business practice and payment details.

Next, they will use this information to craft seemingly authentic messages which can be sent to both employees and customers, with the aim of tricking them to transfer money or update their payment information.

“A scam that we are seeing more and more frequently is when a hacker impersonates an organisation’s CEO to redirect large payments to their own accounts,” says Anthony. “Once this money has been lost, it is almost impossible to retrieve, so it really is crucial to prevent threat actors gaining access in the first place – and to have your accounts frequently and carefully monitored by cybersecurity experts who can spot an intruder before the final attack has been mounted.”

Credit goes to the thehrdirector.com for keeping us updated with the latest articles regarding Cyber Security Threats.

This section has been included by HackNo, and is not part of Anthony Green’s article.

Ensuring that Cyber Threats doesn't become your challenge, reach out to HackNo and find out how we can take the Cyber Threat challenge out of your day.

A full explanation of our services can be found at:

https://hackno.net/penetration-testing/

For any questions, you may contact:

Richard Webb - Director of HackNo – Cyber Security

https://www.dhirubhai.net/in/richard-webb-aus/

This article has been shared by HackNo as an article of interest to our community and is being shared with permission.

If you also have an article, you feel may benefit this community, please make contact, we love sharing for the benefit of everyone.