Contributed by Andrius Ulenskas, Hyve Technical Director.
The past year presented new cyber security challenges to businesses and consumers alike. Cyber criminals targeted areas of uncertainty that stemmed from the continuing COVID-19 pandemic, the increase in remote work and vulnerabilities within organizations.
Twenty-twenty one proved that cyber security criminals move fast. For 2022, it is essential that potential issues are sounded out ahead of time in order to be as cyber prepared as possible.
Although largely a measure enforced by COVID-19 lockdowns and restrictions, remote working has generally been considered a success, with employee productivity and mental health both positively benefitting from hybrid set-ups. The speed at which remote working was adopted, however, opened up new vulnerabilities for cyber criminals to exploit, and though new measures are being adopted by some, many organizations are using the same security strategies as they were at the start of the pandemic.
As companies continue to draw up their hybrid working plans, user complacency can become an issue, with many not even realizing that users are leaving the door open to cyber attacks.
One major issue in this regard is how a mix of home and office equipment and networks can lead to users forming bad cyber security habits. A survey found that 56% of senior IT technicians believe their employees have picked up bad cyber security habits while working from home. Data that is secure on an office-based device can be vulnerable on a personal one, and transferring between the two can give way to breaches. Preferably, sensitive data should only be handled via secure devices, but if access via a remote device is necessary, i.e. needing to log in to your work email on your phone, then setting two-factor authentication is a way to ensure there is an extra layer of security.
Social engineering attacks
The use of AI has opened new doors for cyber criminals when imitating brands. In particular, improvements in deepfake technologies have led to effective deception. Employers can help their employees avoid these types of threats by implementing technology that allows them to monitor use of work computer equipment and systems. This would allow IT teams to warn users of links that could lead to an attack.
The number of people facing ransomware attacks reached new heights in 2021, and this will only continue to increase in the new year. Cyber criminals are constantly looking for new access points that they can strike from. In particular, the use of IoT can lead to all sorts of attacks if not properly secured. Implementation of IoT can help productivity soar within a business, but an increase in the level of connectivity does not always result in an increase in the level of security.
The more internet accessible tools we use in our day-to-day lives, the greater the chance there is to be exploited, especially as many personal devices aren’t patched in the same way a work computer is. Automation cannot always be assumed, and checking for updates should be a regular occurrence across all connected devices. Research is key when it comes to working across different devices and applications.
For individuals: Make sure to read up on what data an app or a software asks you to handover, and deny permissions if it is irrelevant to the app’s functionality or seems too risky. Similarly, if you want extra protection and are seeking out a VPN, look for trusted providers that highlight anonymity policies and protection mechanisms as key features.
In 2022, it is important that users, consumers and businesses alike are able to keep their cyber security strategies dynamic in order to take on the modern challenges that cyber criminals present. As attackers become smarter and look to pounce on lackadaisical internet habits, education in this area becomes of increased significance.
Corporations can look to make ongoing cyber security training a part of their upkeep routine, especially in cases where hybrid working situations are in place. IT teams within companies should look to limit exposure by evaluating the organizational demands, constantly maintaining a record of the number of devices carrying sensitive data, and look to address any potential slip-ups by regularly communicating with employees. Users must assume their base security is not enough, and can do stay ahead of attacks by implementing firewalls and VPN across their devices.
Lastly, to learn more about managing cyber risk in a rapidly changing world, please join Check Point at the premiere cyber security event of the year – CPX 360 2022. Register here.