2021 was a veritable gold mine for cybercriminals. Between employees working from unsecured home networks and phishing scams built around pandemic fears, they cleaned up. Some experts think cybercrime cost the world $11.4 million each minute in 2021.
The bad news: 2022 is expected to be even worse. But don’t panic. Even if the threats in 2022 are more advanced (and more expensive), knowing where to keep watch will help you preempt and prepare.
Whether targeted at our food supply or energy sectors, supply chain attacks can send the country into chaos. The fallout can disrupt entire industries, bankrupt businesses, and put people in harm’s way. As data breaches and malware risks grow, the focus is on protecting vulnerable networks. Expect to see more government and private sector collaborations next year.
What you can do: Individual businesses may consider implementing extra protections like zero trust architecture, multifactor authentication, and tightening their shadow IT rules.
Global ransomware attacks increased 151% in the six months of 2021 compared with 2020. They’re getting more costly, too. The average price of resolving a ransomware attack more than doubled from $761,106 in 2020 to $1.85 million in 2021, according to Security Intelligence. And that’s nothing compared to the record $70 million demand set in the summer of 2021. The real rub? 92% of companies who pay it, never even get their data back.
What you can do: Invest in virus scanners, content filters, and phishing training for your staff.
From AI-altered pictures and videos to voice skins and clones, nefarious characters will continue slowly eroding societal trust by disguising the real from the deep fake. These problematic creations could be used to destabilize stock markets, discredit politicians or other public figures and stoke religious conflicts.
What you can do: Invest in artificial intelligence that can spot deep fake videos or blockchain technology to help identify manipulations.
The digitization of our money has created new inroads for cybercriminals to defraud us. It’s also created a layer of protection for them to demand ransomware payments since transactions made on the blockchain can be done anonymously. Beware of scams like wallet phishing, fake crypto exchanges, and dubious coins or tokens like $SQUID.
What you can do: Protect your company’s crypto assets by safeguarding your private key or seed phrase, investing in cold (hardware) crypto wallets, and making sure your antivirus software is up to date.
A mind-bending 86% of online global citizens have been exposed to fake news, says independent market research firm IPSOS. As COVID-19 continues to evolve, so will these misinformation campaigns. Expect to see them front and center in phishing and whaling attempts and during political events like elections.
What you can do: Design a disaster remediation plan that includes the contingency and establish a committee to monitor and address fake news about your brand.
Check Point Software’s Mobile Security Report 2021 shows almost every organization globally experienced a mobile malware attack during the past year. The rise was driven in part by the mass movement to hybrid and remote work, a practice expected to expand beyond 2022.
What you can do: Teach your staff how to spot and avoid malicious mobile apps and encourage them to keep their security patches updated at all times.
If your cloud service provider doesn’t utilize encryption and secure authentication, you could be in trouble. Even something as simple as neglecting to check and update your configurations could be the perfect storm for a catastrophic data leak.
What you can do: Have a data backup plan, ensuring that any important information lives in two, geographically diverse locations. Secure your APIs.
Lack of awareness usually isn’t malicious, but it can pose a huge threat to your security. Intentionally disruptive insider threats can be more difficult to spot – until it’s too late. Because both have direct access to your data, they can impact your entire system knowingly or unknowingly.
What you can do: Foster a transparent, supportive work culture to defuse hostile internal actors and run regular data compliance exercises with your staff.
Looking ahead and planning is a good place to start. But most businesses won’t be able to think of everything. Remain proactive, and that might be ok. Continue to monitor and build new layers of protection throughout 2022 to minimize your organization’s attack surface.