Stealing the Show: Top 10 threats in cybersecurity and how to protect your business
Online criminals and hackers have gotten bolder and more sophisticated, threatening everything from a company’s payroll processing to website security and confidential customer information.
Add in the rise in remote work and online ordering, and data theft has become a major concern for large and small businesses.
The TCBN reached out to area cybersecurity professionals to understand the threats to watch out for in 2022. They also offered some tips to avoid a data breach and make sure your business is protected in the New Year.
The best defense is a good offense – and that includes going back to the basics when it comes to protecting your online information. For businesses, that means investing in adequate IT support, implementing strong security features and training employees to do the same.
It’s not a matter of if a malicious threat or security breach will happen, but when, and how companies can minimize the risk to operations and protect confidential information, said Kevin T. Bozung, co-founder of Safety Net in Traverse City.
“With the sophistication of the hacking industry, and even nation-state organizations perpetrating this, we need to accept and get comfortable with the idea that it’s going to happen,” Bozung said. “We need to spend more time focused on our response and recovery capabilities.”
For employees who work remotely, a home office or a coffee shop doesn’t provide the same level of protection as a secure business network. Public networks, or any unknown or unsecure network, open the door to hackers, malware and viruses. Public Wi-Fi users should be aware their computer is at risk and implement solid security tools and configurations to protect against a possible data breach.
“We don’t talk so much about the basics these days because I think we assume everybody’s got it, but often we find that’s not the case,” Bozung said. “Everybody should be utilizing antivirus, web content filters, firewalls, password policies, user removal processes, restricting user privileges and end-user training.
“Like the old adage, you need to be able to walk before you can run.”
1. Data breaches through email: Most businesses that experience a security issue are exposed via their email platform. Hackers gain access to mailboxes through various means because mailboxes are generally accessible from anywhere on the internet.
The best defense is multi-factor authentication (MFA), which statistically stops more than 80% of these intrusions from happening, Bozung said. Many of these tools are free, so it’s a relatively easy security feature to implement. Microsoft offers this feature at no-cost, integrating it with the Office 365 platform.
“We are recommending that MFA be enabled in as many places as possible, not just email, but also for your bank accounts, retirement accounts and password vaults,” Bozung said.
2. Security vulnerability exploitation: Hackers can detect weaknesses or vulnerabilities in a secure system and force software to act in ways it’s not intended to or inject malicious code into a website to steal sensitive data. This is done through broken authentication, SQL injections, cross-site scripting, cross-site request forgery and security misconfiguration.
Bozung said it’s the second most common cybersecurity issue Safety Net sees. A good example is the Microsoft Exchange vulnerability that was announced this year, which affected organizations all over the globe.
“The solution to the problem isn’t sexy or very fun, and that is timely and complete patch management,” he said. “Systems need to be configured where possible to automatically download and apply security patches.”
If they can’t be set automatically, a business needs to designate someone to monitor and manually apply if necessary. It’s important for businesses to have tools and processes in place to monitor all network systems to look for unpatched vulnerabilities and can take action.
3. Weak backup systems: Businesses also should have offsite backup for all websites and network systems that’s secure and monitored by an internal IT team or IT professional services firm. It’s fairly easy for hackers to find the backup system, gain control and compromise it prior to launching a full-scale attack.
“We’ve seen it happen,” Bozung said. “Having an air-gapped, by this I mean totally separated, offsite backup, is critical in order to retain a recovery capability.”
4. Ineffective malware protection: Zero trust application control is the next evolution of malware protection and businesses should use it, Bozung says.
“Rather than trying to detect and remove viruses, we’re locking down systems so they can’t get installed in the first place,” he said.
IT companies have the technology to stop viruses and malware immediately. Zero trust is a cybersecurity strategy that continually verifies devices, services and individuals rather than trusting them. These security features won’t allow changes to a computer’s files and applications unless they are on a preapproved whitelist of known safe applications and files.
5. Software supply chain attacks: This is an emerging threat that targets software developers and suppliers. Attackers attempt to access source codes, build processes or infect and direct apps to distribute malware. Attackers target unsecure network protocols, weak server infrastructures and risky coding practices.
Last year’s SolarWinds breach is a sign such attacks will be on the rise, said Shaun Bertrand, chief services officer for CBI who also serves as an instructor at tccyber, a cybersecurity learning and professional development community hosted by 20Fathoms.
Consumers should back up data to avoid any fallout from these attacks.
“For businesses, it’s imperative to develop effective incident response processes that address this specific threat,” Bertrand said.
6. Rise in deepfakes: This up-and-coming threat uses artificial intelligence to create fake but convincing images, audio and video hoaxes. The AI technology can replace the likeness of a person with another in a video or other digital media.
“We expect to see social engineering and phishing attacks leveraging this new vector,” Bertrand said.
Consumers and businesses should be aware of this pending threat and how to spot a deepfake. Bertrand predicts “it’s almost a guarantee that we will see these attacks begin to surface in 2022.”
7. Application security threats: These threats are the second most widely used attack vector next to phishing attacks, Bertrand said. These include microservices, APIs and application-based threats.
“The recent log4j vulnerability highlights why organizations need to better understand the risk that their internal and third-party applications present,” he said.
Organizations can protect themselves by taking a more dedicated and proactive approach to application security.
8. Cloud security risks: With more businesses moving information to the cloud, they should brace for breaches and threats that target the cloud.
“Most organizations should understand that the most probable risk to the cloud involves inadvertent data loss through misconfiguration,” Bertrand noted, recommending that businesses double-down on efforts to ensure their cloud environments are secured and well-configured.
9. Cyberattack outsourcing: Most hacking groups are well-organized and function like an enterprise business. They work with a number of affiliation groups to increase their efficiency and success.
Hackers rely on other affiliates to optimize how quickly they can achieve their objectives, Bertrand said. As an example, once a ransomware hacking group successfully compromises an organization, they work with hacking group affiliates to dig through financial and personal data to determine what ransom the company is capable of paying.
These outsourced hacking groups will increase in 2022, which will make their attacks more efficient and effective, Bertrand says.
10. Cyber liability insurance policies: Insurance carriers have offered cyber liability insurance policies for several years, but they are tightening requirements for coverage. Early on, policy application questionnaires were pretty basic, making it relatively easy and affordable for businesses to obtain a policy, Bozung said.
Applications have gotten much more detailed and businesses are being denied policies if there are too many technology protections missing. Carriers want to know about security plans and protections such as MFA (multi-factor authentication), endpoint detection and response (EDR), vulnerability scanning, patch management policies, domain name security (DNS) protection and more.
“From our perspective, the insurance carriers are spot on with the things they’re asking about in their application,” Bozung said. “They have a pretty great data set after all since they are the ones paying all these loss claims.”
Safe Space: Online security tips for small business owners and employees who work remotely
- Avoid public networks as much as possible.
- Control and manage the security tools and settings of endpoint devices (computers and laptops).
- Carefully control access to personal and work data.
- Put some added security into your home network, such as investing in a wireless router with security settings such as web content filtering.
- Make sure your wireless router has a strong password.
- Make sure the wireless SSID has a strong password using strong encryption and change that password periodically.
- Periodically review all of the devices attached to your wireless router and that you’ve authorized them.