Top Tips to Protect Your Organization Against the Biggest Security Threats of 2022
The U.S. Cybersecurity and Infrastructure Agency (CISA) kicked off 2022 with a series of emergency guidelines to warn of emerging threats such as exploits of Windows vulnerabilities, blockchain code flaws, open source software supply and vulnerabilities. The threat of phishing, QR code scams and network intrusion attacks will also peak this year. Let’s look at some helpful tips for businesses to defend against such threats as they prepare for the year ahead.
From the compromise of the colonial pipeline to attacks on DoD contractors and threats designed to take internet services offline, malicious actors are making the most of the global shift to remote and hybrid working. Consider recent data from the healthcare industry: the HIPAA breach reporting tool recorded more than 700 significant breaches in the United States in 2021 alone, as organizations grappled with the parallel issues of pandemic pressures and of data protection.
New year, same threats?
If it’s not broken, don’t fix it. This seems to be the expected approach for attackers in 2022 – why change compromise vectors if they still work as expected? As a result, companies will likely see a mix of familiar frameworks and new techniques as hackers seek to strike the ideal balance between brute force and subtle security vulnerabilities.
For example, businesses should expect a continued increase in ransomware attacks. Given the potentially disastrous results, if critical systems are suddenly taken offline, many organizations now choose to simply shut down networks, pay, and hope attackers keep their word rather than take a chance with lost data or destroyed.
Business Email Compromise (BEC) attacks also remain popular. According to Ciaran Rafferty, Managing Director of Email Business at HelpSystems, “The challenge of Business Email Compromise (BEC) attacks for enterprises should not be underestimated. An Agari report from HelpSystems earlier this year found that BEC attacks were the costliest for organizations and that requests for transfer from BEC scammers are on the rise.
As noted magni Sigurðsson, Senior Director of Sensing Technologies at Cyren, meanwhile, new attacks such as those using QR codes are becoming more common. “QR codes are particularly attractive to cybercriminals looking to use them in their phishing campaigns,” says Sigurðsson, “because they eliminate the need to include URLs or attachments that could be intercepted during scanning by the email gateway, which means attackers are much less likely to be detected. QR codes, being mobile-friendly, also increase the chances that an unsuspecting victim will follow the malicious URL using a personal or untrusted device.
Learn more: What is a cyber threat? Definition, types, hunting, best practices and examples
Four Tips for Protecting a Hybrid Remote Workforce
Security is not a one-size-fits-all solution — what works for your organization may not be ideal for another. Additionally, what works for your organization today may not be relevant in a few years. Standardization is also a challenge, as one company’s tolerance for risk can far exceed that of another, depending on the type of data it stores and the nature of the compliance regulations applicable to its industry.
While this precludes creating a comprehensive approach capable of defeating any security threat, evolving defensive strategies offer ways to strengthen overall protection.
Embrace Zero Trust
Zero trust is the idea that trust is earned, not assumed. In practice, this means deploying security controls that consider any resource or access request as potentially hostile until proven otherwise. Digital authentication and behavioral analysis tools can help organizations identify legitimate users and deny access to potential attackers.
But as Joseph Carson, Chief Security Scientist at ThycoticCentrify, notes, “This approach is not fire and oblivion. As companies begin to look at what Zero Trust really is, it’s becoming clear that it’s not just a solution you buy and install or a task you check as complete. Zero Trust is a journey and a mindset of how you want to run your business securely. You are not becoming Zero Trust – you are practicing a Zero Trust mindset.
Prioritize identity management
Digital identities are now the front lines of effective data defense. Why? For according to Carson, identity is “one of the artifacts organizations can still control. This means that access has become the new security control for the organization’s perimeter. In 2022, enterprises must regain control by making identity and access security a top priority. Privileged access has become the digital polygraph test to verify that identities are genuine before allowing authorization to resources.
Opt for multi-factor authentication
Single-factor authentication, such as username and password combinations, offers some protection against attacks, but its effectiveness is understandably limited, as malicious actors can take advantage of techniques such as attacks. by brute force or social engineering to obtain user credentials.
Therefore, it is worth opting for two-factor or multi-factor authentication (2FA or MFA) to strengthen the overall protection. An effective MFA implementation requires the combination of two or more authentication “factors” to verify user identity.
Passwords and usernames take advantage of the knowledge factor – this information is something that users to know. Many two-factor authentication systems implement the possession factor, or something that users have. This can be a one-time SMS or authenticator app code or take the form of a USB token that must be logged in to verify identity. The last factor is the user and usually refers to biometric security measures. These may include facial or fingerprint scans provided at the time of login to prove identity. By utilizing two or more of these factors, organizations can significantly reduce their risk of compromise.
Build security from the inside out
Effective security starts with your greatest potential threat: employees. In most cases, insider threats are unintentional; Well-conceived phishing attacks can fool staff, accidentally post critical information on social media, or share login credentials with colleagues to speed up project completion. However, these unintended actions can lead to external compromise and leave companies unable to find out what happened, when and where.
The result? Effective security starts at home. From regular staff training and review to security assessments that include simulated phishing and ransomware attacks, better defense starts with creating a model of shared responsibility within your organization.
Learn more: Cyber Threat Analyst: Top Job Skills and Expected Salary
Keep it secret, keep it safe
No defense is completely infallible against evolving cyberattacks. Whether reusing old techniques or creating new approaches to compromise, attackers have the advantage of surprising and challenging businesses when it comes to protecting data.
However, it’s not all bad news. By taking steps to improve access, authentication, and identity requirements—and building defensive frameworks from within for maximum impact—enterprises can reduce their risk of compromise in 2022.
What other strategies could help strengthen protection against emerging cybersecurity threats? Let us know on LinkedIn, TwitterWhere Facebook. We would love to hear from you!