Businesses are under more pressure than ever as we roll into 2022. Delays and shortages are massively impacting the supply chain, while the pandemic continues to impact productivity and employee wellbeing. In this ever-changing business climate, cybersecurity is more important than ever. Criminals take advantage of crises to look for weaknesses in businesses’ defenses. But, by partnering with an experienced IT managed services provider, you can fend off even the most determined cyberattacks.
Here are five cybersecurity threats you’re bound to hear more about in 2022 and what you can do about them.
Ransomware is a specific type of malware that locks up a company’s internal systems, only returning control once a ransom is paid. In most cases, businesses cannot complete any tasks or work until the ransomware is removed or the criminals are paid. In other cases, criminals may steal sensitive data and threaten to make it public. 51% of American companies were targeted by ransomware in early 2021, according to Statista.1
While some cybersecurity experts state that ransomware attacks won’t have as significant an impact in 2022, that’s only based on the assumption that businesses work with cybersecurity experts to improve their defenses.2 Talk to an IT expert about potential risks, such as homeworkers who might not have the same level of cybersecurity. You can also create a recovery plan should the worst happen.
2. Cyberattacks on Supply Chains to Increase
As businesses increase their onsite cybersecurity, criminals or bad actors look for weaknesses elsewhere to exploit. Logistics partners and suppliers may have weaker defenses when it comes to cybersecurity. The SolarWinds cyberattack of December 2020 had and continues to have a significant impact across the United States.3 Hackers manipulated infrastructure management software, deliberately disrupting the supply chain and potentially affecting over 18,000 businesses.
You should talk to your partners about their cybersecurity strategy and make sure it aligns with your own. Discuss potential weak spots such as remote access or open-source code, and liaise with an expert to mitigate the risks.
Malware has been a threat for many years. However, in 2022 and beyond, malware sitting under the operating system of a device or system could become the norm. These types of malware are called rootkits or bootkits and can directly attack the firmware of a device.
Ensuring you have access to the latest anti-malware tools is essential.
4. Phishing and Social Engineering
Phishing is one aspect of cybersecurity that takes advantage of the most important part of your business – your employees. Bad actors will trick your team members into opening attachments, clicking links, or even disclosing sensitive data such as passwords.
Prevent this by ensuring you have rigorous cybersecurity training. Have in-house policies around attachments and the use of external devices and clear ways to identify company communications. Have a schedule to check your cybersecurity policies to ensure you’re adhering to current regulations. Regularly liaise with an IT expert to ensure your training covers all the latest methods of phishing and other scams designed to attack your business.
Deepfake technology gives criminals the ability to create audio or even video that is extremely authentic. They may emulate the voice of a trusted employee or manager, or they could even create a video of a business meeting that appears to show information that’s actually not true. Schemes like these can cause businesses to take actions that they otherwise would not. A business may transfer funds to the wrong person or even business-critical data about an ongoing project.
In 2020, a bank manager in Dubai transferred $35 million to bad actors.4 They had combined accurate-looking emails and an AI voice replicator to sound like the company’s director, with whom the bank manager thought he was dealing with. As AI becomes more powerful and deepfakes ever-more convincing, attacks like this will only increase.
To help fight this, businesses can have additional security features in place to ensure identification.
- Codewords that change weekly or even daily could help, ensuring only organization members can make certain transactions.
- Having a system where those types of transactions have to be carried out with two or more employees present can create a time buffer zone for the information to be checked.
- Processes whereby the company in question is contacted via a different channel, can prove whether or not the person is genuine or a bad actor.
While cyber threats can be scary, especially for smaller businesses, there are plenty of ways to stay alert and ahead of the criminals. Contact Artemis IT today to learn how we’ll help you fight the most challenging current and emerging cybersecurity threats.