What 2021 Taught Us About Cybersecurity (And What To Expect In 2022)
The year 2021 will largely be remembered as the second year of the pandemic, and rightly so. COVID-19 disrupted lives and caused severe economic hardship, even going into 2022.
However, that’s not the only trend worth considering in 2021.
Since the start of the pandemic, the rate of cyberattacks grew 400%—the fact is that a rising tide lifts all ships. As cybercrime becomes more prevalent, your organization becomes a more likely target, no matter its size.
Cybercrime In 2021
As countries all around the world went into lockdown and businesses were forced to let employees work from home like never before, cyber bad actors saw an opportunity.
Criminals and Nation-state actors like China and Russia exploited the users as they accessed data and systems remotely, Even some of the best-protected networks in the world were breached.
Companies like SolarWinds and Microsoft suffered crippling hacks that reverberated down the supply chain of their customers, including over 10,000 private companies and government agencies like the United States Department of Justice and even the Department of Defense.
In light of this massive breach, the Department of Homeland Security initiated an emergency review of the entirety of the cyber landscape in the U.S. and is expected to make significant recommendations within the next few months, including setting minimum levels of cyber protection that all organizations will have to implement.
Given how often big-name data breaches make headlines these days, you probably think cybersecurity is only a concern for big businesses. Whether it’s Colonial Pipeline or Kaseya, the one thing they all have in common is that they’re operating on a scale much larger than your organization is.
Are you letting your small size give you a false sense of security?
The Small Business Cybersecurity Dilemma
For small businesses, the situation is especially dire. According to a study conducted jointly between Cisco and the National Center for the Middle Market, over 50% of small businesses have no cybersecurity strategy or plan in place and for those that do, most have not reviewed the plan in over a year.
A cybersecurity strategy and plan, once created and adopted, must be reviewed at least annually to ensure that current threats are being included.
Cybersecurity is not a one-and-done solution; the threat landscape evolves at a rapid pace and frequent reviews ensure that the plan will help reduce an organization’s cyber risk profile. That’s why you need to be aware of the greatest threats to your business and plan against them.
The Top 2 Most Dangerous Threats To Your Business In 2021
Experts anticipate ransomware and Internet of Things (IoT)-based attack vectors will be the most prevalent threats to the business world this year. By understanding how these threats work, and how best to defend against them, you can mitigate the chances of becoming a victim.
Ransomware Continues To Evolve And Proliferate
Ransomware is a type of malware or trojan that infects a network and blocks access to data stored on those networks by encrypting all the files in a way that is difficult, if not impossible, to decrypt.
The hackers who deploy the malware agree to provide a unique decryption key in exchange for a payment, usually in Bitcoin or some other cryptocurrency, making tracing and prosecuting the hackers difficult.
The malware is mostly spread using emails with embedded links that are sent out en masse to thousands if not millions of email addresses that can be readily obtained for less than $100.
The hackers anticipate that at least some of those emails will be opened and some of the links clicked, downloading malware to the unsuspecting user’s PC and starting the encryption process. Overall, it is a very easy process to manage, and the rewards are exponentially higher than the cost.
The best way to defend against ransomware is to work with an IT company (like Technijian) whose team can implement a range of cybersecurity protections that will keep your data protected and your business in operation, no matter what happens.
Recommended security measures include:
- Access Controls: Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories. Furthermore, only those needing local admin rights are to be provided with that access.
- Firewall: Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users or suspicious connections from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
- Network Monitoring: Your IT company should be keeping an eye on your systems around the clock, identifying and suspicious activity and addressing it immediately to prevent any negative effects. The ideal way to handle this is with MDR, an outsourced service that provides organizations with threat hunting services and responds to threats once they are discovered. MDR fully manages your cybersecurity defense, both keeping an eye out for threats, as well as providing the expert team to address them when they occur.
- Data Backup: If you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that. That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary. Be sure to:
- Back up data on a regular basis, both on and offsite.
- Inspect your backups manually to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
- Separate your network from the backup storage, so the encryption process is unable to “hop” networks to the backup storage device. This keeps your backup data from being encrypted.
Inherent IoT Vulnerabilities
Did you know that there will be 75.44 billion IoT devices installed worldwide by 2025?
This technology, from wearables to office space appliances, has become a big part of the business world—do you know what it is and how it works?
Smart technology, (also known as IoT) is a natural evolution of the Internet, consisting of a range of new “smart” and “connected” products and technologies used in commercial, consumer, and government environments. It could be your Wi-Fi-enabled coffee maker that you can set with a smartphone app or a smartwatch that tracks exercise activity for you to review.
On both the consumer and office side, vendors are rushing to meet the growing market demand for new products that are always-on, connected, and available. The ever-expanding network of smart devices offers a range of convenient benefits to consumers and offers exciting applications in the business world.
Whether it’s a smart fridge, a smart display menu at a Mcdonald’s restaurant, or the smart console in a user’s car, IoT devices can vary greatly in purpose and usage. However, it comes with its share of security concerns as well.
Statistica estimates that only 28% of business executives are intending to invest further in security for smart technology. Furthermore, 90% of businesses experienced at least one breach of their OT systems in 2020.
How can you mitigate the risks?
For today’s businesses, there is a critical need for cyber risk management to keep up with the industry’s ever-rising innovations. Users that are concerned about the security risks of their smart devices and networks can start to improve their defenses simply by treating their devices like they would any others, and follow these key cybersecurity best practices:
- Password Management: Just as a user shouldn’t leave the default administrator login and password set on their router, their laptop, or other hardware, they shouldn’t do so with the networked robotics either. Smart technology users should make sure to set unique and complex passwords for all devices that are connected to the organization’s network and update them every 90 days.
- Use Isolated Networks: Isolating OT and other smart technology to their own private networks will make it easier to provide protection against breaches—if someone is able to hack into your smart technology, it won’t give them access to the rest of your network.
- Network Monitoring: Using a more layered approach to network security can incorporate hardware devices, such as professionally configured and maintained network firewalls to help identify whether the information is coming from a listed/safe device, or from a device outside of the trusted network. Additionally, network visibility and reporting can incorporate out-of-the-box best practices to recognize whether a device has become exploited by targeting suspicious data traffic and monitoring whether or not the commands are originating from the listed device or by an endpoint outside of the network.
- Updates and Patch Management: Just as patches and updates need to be applied for conventional software and hardware in use, the same is true of smart devices. The firmware that these devices operate on will need to be kept up-to-date with the latest patches issued by the developers to make sure that they are kept secure against recently discovered vulnerabilities.
- Commercial Grade Firewalls: As we mentioned, this type of security hardware adds another layer of protection between hackers and your smart technology, ensuring it’s kept safe from common types of attacks. Make sure you invest in commercial-grade firewalls, which are developed with business use and purposes in mind, as opposed to limited consumer firewalls.
Need Expert Cybersecurity Guidance?
Don’t let basic cybersecurity put you at risk, and don’t assume you have to handle advanced cybersecurity all on your own—Technijian can help you assess your cybersecurity and develop a plan to enhance it.
You can start improving your cybersecurity by getting in touch with our team.
Thanks to our friends at Pure IT in Calgary for their help with this information.