Cybersecurity in 2022 is already shaping up to be a major challenge, as waves of predatory criminals have continued to take advantage of remote workforces and strained IT departments in the ongoing wake of the coronavirus pandemic and its effects on business as usual.
Previously a buzzword that only federal entities and the writers of modern science fiction needed to be overly concerned with, “cybersecurity” has swiftly risen to become a top priority for government agencies, large corporations, small companies and individuals alike.
The following list details some of the biggest cybersecurity problems expected to continue to plague organizations in 2022, as well as some steps you can take to both prevent hacks and mitigate the damage that one may cause.
Problem: cybersecurity in 2022 will remain a moving target
Cybersecurity is inescapably tied to the fluid and continually evolving technological environment that it exists in. As computing advances, workforces shift and more software, apps and online resources continually emerge, those that seek to do harm or profit at the expense of others are constantly probing for weaknesses, exploits and other ways in which to steal data, launch ransomware attacks or otherwise wreak havoc and disruption.
Solution: stay informed, educated and updated
Because maintaining good cybersecurity is not a set it and forget it endeavor, administrators, business owners and security-minded individuals should keep a close eye on resources that stay privy to developments in the arena.
Weekly check ups with news aggregator sites, cybersecurity blogs and government agencies can keep you abreast of what threats today may bring and also give you some insight into any emerging bugs or exploits.
A constant awareness of cybersecurity dangers should also extend to staff.
While most people fear savvy hackers that can breach their network with advanced computing and coding skills, phishing scams and basic social engineering tricks are also employed with great success on unsuspecting victims.
Phishing scams have become increasingly tricky to differentiate from legitimate emails.
Be sure that your staff is trained and able to spot suspicious links that may appear in messaging that is purported to have come from a trusted source.
Make sure that sensitive information or login credentials are never shared over the phone and keep your employees in the know with regard to any new schemes that they may encounter.
Update your software, firmware, apps and operating systems regularly.
Developers push new updates regularly that don’t just add bells and whistles to existing products but also fix issues that may allow hackers to access data. Setting up automatic updates across all devices and apps is recommended, as this will take some of the burden off of network administrators.
Unsupported or outdated hardware can be modernized without breaking the budget if you rely on reputable dealers who supply refurbished equipment.
Problem: cybercriminals are becoming more organized
In 2021, ransomware victims handed over more than $600 million to hackers.
What this has translated to is the phenomenon of the hacker or ransomware gang.
These organizations operate under names like Conti or Lapsus$ and, according to a large leak of data from the former, some function in much the same way as perfectly legal software development companies do with full time staff, contract workers and all of the politics and mundanity one might expect from a mundane office environment.
With this degree of streamlined organization, aided in some circumstances by governments that look the other way or even sponsor their activity, these gangs are able to breach and infiltrate substantial organizations, many of whom store data related to client or partner companies.
The recent hacks of Accellion and Keseya, and the fallout that affected hundreds of their clients, illustrate the connected nature of our digital infrastructure and how damaging it can be when a third party entrusted with private information is compromised.
Solution: be selective about what data you store with a third party
Consider what data is absolutely critical to doing business in the event of a cyberattack and make an effort to bolster security around that information in particular so that you are not left in a position where you are unable to access it.
Tightly regulate third party access to data and the processes that are integral to the functioning of your organization.
The implementation of Zero Trust Network Access (ZTNA) has become a popular way to help restrict system access, as well as contain any threats that may arise.
Both Accellion and Keseya were reputable, dependable companies.
However, a good track record can only go so far and it’s important to maintain your own restrictions and boundaries to mitigate damages in the event of the hack of a third party organization with links to your data.
Problem: remote workers will continue to put stress on cybersecurity in 2022
As the workforce has become deeply hybridized, employees require access to important data and business networks no matter how they may connect.
From poorly secure home offices to coffee shops and airports, people using personal devices for work have created a critical challenge when it comes to developing an all encompassing cybersecurity policy.
Someone clicking a link that infects their personal device with malware could inflict disastrous effects on an entire company.
Solution: regulate the devices that people use to connect to your network
Cybersecurity is much more difficult, if not impossible, to maintain unless there is a strong degree of universal standards put in place across all endpoint connections.
Be sure that any phone, tablet or computer that can connect to your network sticks to companywide regulations with regard to antivirus, anti-malware and VPN software.
All software across all devices has to be updated on a regular basis. Avoid the scourge of “shadow IT” by maintaining rules regarding what apps are used to share data and communicate with.
Laptops and mobile devices should also have privacy screens installed, as some data theft is still carried out with old fashioned snooping!
Additionally, some administrators create a secondary network that is designed for use specifically with vulnerable Internet of Things (IoT) devices. These networks maintain no connections to critical data or the systems needed to conduct business.
Problem: attacks on the cloud are escalating
Usage of the cloud allows companies to be more flexible, sharing data easier and allowing employees access no matter where they are located.
Predictably, storing data in the cloud has created new opportunities for criminals to breach systems.
In the event of the hack of a company that provides cloud services, this can set the stage for a security nightmare across a wide range of unrelated organizations.
Solution: establish Zero Trust security architecture
Once again, Zero Trust security architecture can make the difference between a protected system that allows administrators to protect from and contain threats and a network outage or data theft that could have dire consequences.
Zero Trust protocols continually verify and assess the trust attributes of users to help ensure that anyone accessing your cloud is authorized to do so.
Another option is to simply not use the cloud at all.
While cloud computing and services continue to become adopted, making the change may not be right for your organization. Between the involvement of a third party and the costs associated with the service, you may find that you are better off sticking with traditional network and data storage options.
More tips for cybersecurity in 2022
Practice good password hygiene by using impossible to guess, randomized credentials. Change your passwords frequently and never use the same one across multiple accounts or devices.
Use a VPN to keep your web activity private.
Consider the pros and cons of investing in dark web monitoring to see what stolen data may already be available online.
- The Cybersecurity Trends You Need to Know About In 2022 by Jamie Wilson, 24 Feb 2022, Cyber Defense Magazine
- Ransomware victims paid more than $600 million to cybercriminals in 2021 by Adam Janofsky, 10 Feb 2022, The Record
- Why Third Parties are the Source of So Many Hacks by Isa Jones, 14 January 2022, BankInfoSecurity
- Cybersecurity in 2022: Preparing for the Unexpected by CNP Technologies
- Cybersecurity Policies In The Age Of Remote Work by Steven Leipold, 15 March 2021, Forbes
Top 10 Cybersecurity Threats in 2022 by Embroker Team, 8 April 2022, Embroker