The pandemic brought a seemingly endless wave of challenges to almost all businesses. Most of these challenges were unique to each industry, but there was one unavoidable hurdle that all businesses no matter the industry had to overcome, Cyber Security. As lockdowns became stricter and working remotely became the standard businesses were forced to rapidly digitalise almost overnight, unfortunately doing this so suddenly left many businesses open to a number of cyber threats that still persist today.
Despite the Pandemic drawing to an end, many businesses have found they’ve made big investments in their IT over the last two years and most will continue to utilise these new technologies even after the pandemic. Worryingly, many business owners feel this sudden expansion has left their business at risk with a report conducted by PWC stating “86% of business owners agree that the complexity of their organisation's IT infrastructure was creating concerning levels of risk, with third-party cyber risks being a glaring blind spot”. Additionally, some businesses have even adopted a permeant remote workforce, but with staff not trained to safely manage data risks from their remote workplace and cyber-criminals becoming more sophisticated by learning how to capitalise on this greater online presence the need to be in control of your business’s cyber-security is more important than ever.
We’re likely to see security threats become more sophisticated and therefore more expensive over time. Experts predict that the global costs of cyber-crime will reach £8.4 trillion by 2025, up 15% from £2.4 trillion in 2015. Throughout our experience helping businesses stay secure, we've learned that a proactive approach to monitoring cyber is the key to avoiding a cyber-security attack.
In this blog, we’ll shine a light on the 6 main cyber-security risks we face in 2022 and offer our proactive solution to this glaring issue.
1) Poor Cyber Hygiene
“Cyber hygiene” refers to regular habits and practices regarding technology use, like avoiding unprotected Wi-Fi networks, settings strong passwords, and implementing safeguards like a VPN or multi-factor authentication. Unfortunately, research shows that people’s cyber hygiene habits leave a lot to be desired.
Nearly 60% of organizations rely on human memory to manage passwords, and 42% of organizations manage passwords using sticky notes. More than half of IT professionals do not require the use of two-factor authentication for access to company accounts, and just 37% of individuals use two-factor authentication for personal accounts. Less than half (45%) of people say they would change their password after a data breach, and just 34% say they change their passwords regularly.
A great way to begin increasing your cyber hygiene is to adopt a password manager like BitWarden. To learn more about how useful password managers can be and why we use BitWarden please feel free to head over to our recent BitWarden blog here.
2) Social Engineering
“Amateurs hack systems Professionals hack people” - Bruce Schneier, cryptographer.
Social engineering remains one of the most dangerous hacking techniques employed by cyber-criminals, largely because it relies on human error rather than technical vulnerabilities. This makes these attacks all the more dangerous, it’s a lot easier to trick a human than it is to breach a tried and tested security system. Worryingly hackers are aware of this, a report by DBIR found that 85% of all data breaches are caused by human error.
One of the most common forms of social engineering is phishing. Phishing is when a cyber-criminal sends an email impersonating a reputable company in the hopes you click a button/link that will in turn infect your device with a range of different malware. Phishing is often delivered via email, where a user is somehow tricked into clicking a link or providing that can lead to an explanation. The best way to combat social engineering attacks is education. Teaching staff the importance of cyber-hygiene and how to identify potential threats will be the biggest line of defense against these criminals.
3) Internet of Things (IoT)
It seems every piece of technology we adopt into our business or homes, whether it’s a printer, CCTV camera, or even just a smart meter, is linked in some way to all your other internet-connected devices. A study conducted by ‘Mediapost’ found that 70% of households have at least one smart device, and with more people working from home than ever, it’s unsurprising that attacks on smart or “Internet of Things (IoT) ” devices reached new records with over 1.5 billion IoT related breaches occurring between January and June of 2021.
All this combined with people's tendency to have poor cyber hygiene (as Highlighted in our worst passwords of 2021 blog), gives cyber-criminals a whole host of vulnerabilities they can exploit using IoT devices. Additionally, ‘TownSteel’ has found that more than 70% of households have some type of IoT, meaning the rate of IoT attacks is only going to increase.
Clearly adopting IoT devices into your home and business is unavoidable, so how do you stay safe? The best defense is to simply keep on top of your cyber hygiene this includes doing all of the following:
- Change default passwords and settings
- Use multi-factor authentication
- Keep software updated
- Use strong Wi-Fi encryption
- Monitoring your network activity
4) Third-Party Exposure
Nearly all businesses have partners, and when these partners use your business’s applications or accounts, they’ll often be given high levels of permission allowing them to access all kinds of important data. For years cyber-criminals have been getting around security systems by hacking less-protected networks that belong to these third-party partners that give access directly to their main target (your business!).
After researching it seems third-party breaches will become an even bigger issue, 'Upworks' 2021 workforce trends report has found that over 50% of businesses are more willing than ever to hire freelancers as a result of the shift to remote work caused by the pandemic.
5) Ransomware
Ransomware is a form of malicious software (malware) that locks and encrypts files and documents on anything from a single PC all the way up to an entire network, including servers. Cyber-criminals will then demand some form of payment from a victim, usually via bitcoin, if they want to regain control. Virtual currencies such as Bitcoin are generally used because it means the identity of cyber-criminals can remain anonymous and is difficult to trace.
Ransomware is by no means a new threat and unfortunately, the cost of falling victim to one of these attacks has become significantly more expensive over the last few years. Between 2018 and 2020, the average ransom fee skyrocketed from £4,000 and now to £812,000. Ransomware attacks also cost companies in the form of income loss whilst hackers hold system access for ransom, operations will pause but outgoing payments will not, which can cause the costs to mount up with little to no income coming in.
Ransomware has become a preferred method for criminals due to its availability and convenience, so much so that cyber-criminals are now able to subscribe to a "Ransomware-Paid-Service-Provider", which allows the user to deploy pre-developed ransomware tools to execute attacks in exchange for a percentage of all successful ransom payments. What this means is that for small-time cyber-criminals this is a significantly more affordable means of attacking, which means the number of ransomware attacks will inevitably continue to increase.
6) Poor Post-Attack procedures
Incidents happen, and sometimes a breach or attack can be unavoidable as there are so many avenues to attack from, despite this, having an efficient ‘post-attack’ procedure could be what stops it from happening again.
Holes in security must be patched immediately following a cyber-security attack. In a 2021 survey of 1,263 companies that had been targeted in a cybersecurity breach, 80% of victims who submitted a ransom payment said they experienced another attack soon after. In fact, 60% of cyber-attacks could have been prevented if an available patch had been applied.
What’s even more shocking is that 39% organisations that fell victim to a cyber attack were aware they were vulnerable before the cyber-attack occurred, if these businesses had taken the time to put the right safeguards in place copious amounts of money, time, and stress could have been saved.
The coming year will see the aftershock of 2021’s cybersecurity attacks, which spiked due to covid-19. The patch management capabilities of the organizations that were targeted in 2021 will determine whether they fall victim to another attack in the coming year.
The Proactive Solution to Your Security Concerns
Over the last two years, nearly all businesses have increased their online presence, which makes it unsurprising that cyber-security ranked as the number-one IT funding priority in 'Red Hat's' 2021 Global Tech report. This can all seem daunting, having to run a business whilst also managing your cyber-security can become overwhelming. Many businesses rightfully find that their time is better spent focusing on their roles and the operations of their business; this is why it could be time for your company to partner with a trusted MSP that takes cyber-security seriously, taking the pressure off your shoulders.
Do you want to reduce your business exposure to these threats but don't have the time or know where to start? We're here to help, at entrust IT we go further than other MSP's by proactively looking out for your business, rather than simply reacting to problems as they happen we monitor your systems to ensure potential problems are dealt with before they ever become an issue.
with over 15 years of experience working with small and large companies, putting the right security solutions in place for them, we could be the trusted MSP your business needs. To find out more, please feel free to contact us on 0330 002 0045 or email enquiries@entrustit.co.uk, to be put in contact with one of our experienced consultants.
