Cyber security threats are constantly evolving and creating new and unique areas of concern.
Alongside an increase in ransomware and phishing attacks linked to COVID-19, organisations must consider how the rapid shift to remote working may have increased the risk of a cyber incident.
For example, it is likely organisations have bypassed existing cyber security procedures and possibly taken shortcuts — expanding existing issues with shadow IT. This now needs to be reviewed. But there are other risks at play, and it is worthwhile looking at these in more detail.
What is becoming clear is that a flexible cyber security strategy that combines technology, people and processes is essential to staying secure in light of the latest cyber security trends.
Here we’re going to take a look at four cyber security risks organisations face in 2022, and some strategies that can be employed to combat them. Let’s get started.
Additional resources: If you need help explaining the value of additional cyber investments, check out our toolkit — Board Presentation Template: Cyber Security and Threat Management.
Risk 1: Social Engineering
Social engineering attacks use psychological manipulation in order to gain confidential information. This includes techniques such as baiting, scareware and phishing. Specifically, phishing emails are among the most significant security threats facing organisations, and will remain one of the primary threat vectors hackers will use in 2022.
COVID-19-related phishing emails are just one of many examples of ways in which social engineering cyber-attacks are on the rise, and increasing in sophistication and relevance. Last year when restrictions began in March, email scams related to the pandemic surged 667%.
Examples like the above show the value that cyber criminals see in utilising public fear and confusion around current events when launching their attacks. We expect to see more of that, and the expansion to a wider range of contexts.
Strategies to Combat This Threat
- Security through education: The probability of social engineering attacks can be reduced significantly if people are involved in security awareness training that can help them identify social engineering techniques.
- Ensure everything is up-to-date: While social engineering is in the human domain, hackers often seek to determine whether you are running out-of-date or unpatched software they can exploit. So ensure everything is up to date.
- Engage in people-focused training: Non-technical employees are the first line of defence for organisations looking to avert more and more sophisticated breaches. Security training cannot, however, be confined to IT staff; it’s important to train employees across the organisation on these new modes of attack.
Specifically, with reference to phishing, there are additional steps that can be used to protect organisations from such attacks. These include:
- Enable spam and virus filters: By minimising the number of malicious emails and messages reaching your organisation, you reduce the chances that one succeeds.
- Carry out file type and file analysis: Using deceptive naming conventions like PDF.zip or PDF.rar are common ways to slip unsuspecting individuals a malicious payload. A combination of training and screening can help minimise this risk.
- Set up sandboxing: By isolating different systems or endpoints you can minimise the impact of a breach, if one were to occur.
- Use URL inspection: Like with deceptive file naming conventions, malicious URLs often look to mirror official sites. For example, “www.gov.uk.io”. Again, screening and training will limit your organisation’s exposure to risk.
- Performance and reporting: By ensuring that you have analytics about emails and other user activity you can more easily control behaviour, target training and backtrack after an incident to identify the source of the breach.
Risk 2: Ransomware
Ransomware is on the rise. The average recovery cost has more than doubled in the past year — rising from $761,106 to $1.85 million in 2021. Ransomware attacks can cause a computer itself to become locked in an attack, or the data on it deleted, encrypted or even stolen. Fundamentally, ransomware attacks aim to spread throughout a network and cause the maximum possible disruption in order to encourage victims to pay up. The 2017 WannaCry attack on the NHS was a very successful example of how this might occur.
The current ransomware landscape does look worrying. Social distancing has limited employee facetime — making cyber security training difficult. Work-from-home has also forced a lot of organisations to adopt BYOD policies, which introduce more risk to operations. But these are critical challenges to overcome. If we needed proof of how devastating ransomware can be, the US Colonial Pipeline hack is a prime example, resulting in shortages at petrol pumps, states of emergency declared and the US Government calling for calm.
Strategies to Combat This Threat
A defence-in-depth approach is essential in order to mitigate ransomware threats. This means using layers of defence with several mitigations at each layer.
- Be prepared: Make sure there is a disaster recovery-type plan in case of a ransomware attack. Even if you think it is unlikely to happen, plan anyway.
- Develop an internal and external communication strategy: It is crucial that in the event of a breach, the correct information reaches the right stakeholders.
- Stay up-to-date with the latest operating system and application patches: Neglecting this area makes you particularly vulnerable to ransomware attacks, making it a critical strategy to consider.
- Make regular systemised backups: The key to not paying a ransom is maintaining backups to restore data that ransomware has encrypted.
Risk 3: Impact of Remote Working
When employees are working outside of office space, the usual network protections are no longer adequate. Bring Your Own Device (BYOD) and remote working can force many organisations into a less-than-secure position, with employees accessing sensitive information through unsecured networks and devices.
The cyber security risks that have increased due to remote working include:
- Brute force attacks: An attack that seeks to overwhelm your defences with repeated and automated attempts to guess password combinations correctly.
- Phishing attacks: A specific subset of social engineering attacks that uses fraudulent messages to trick users.
- Malware: Software that’s designed to disrupt, damage or gain unauthorised access. This might be uploaded to your system through any number of strategies including both phishing and malicious insiders.
- Ransomware: A specific type of malware that seeks to block access to computer systems until a ransom is paid.
- Business email compromise (BEC): This is a type of social engineering attack in which a compromised internal email is used to impersonate official communications and extract information or access.
Realistically, hybrid working is here to stay. It’s critical that the risks of remote working are accommodated rather than ignored, and effective solutions put in place. Fundamentally, organisations need to find new ways to secure and embrace new, flexible working patterns.
Strategies to Combat This Threat
Overcoming remote working challenges requires creating agile and responsive security systems that are able to accommodate new devices and applications while minimising risk. Fundamentally, this hinges on your ability to achieve defence-in-depth by employing a combination of technology and people-led processes to contain remote threats before they impact your system at large.
Managed Detection and Response (MDR) is an incredibly effective way to overcome the challenges of remote working. If you’re unfamiliar, MDR delivers active threat monitoring and response as a service — creating a flexible and effective cyber security solution. Although similar outcomes can be achieved using in-house monitoring, the expertise and efficiency of MDR simplifies execution and brings benefits including:
- Economies of scale: MDR providers deliver more efficient access to expertise and technology by delivering access to larger operations and existing infrastructure.
- On-demand access: It’s more resource intensive to respond to an incident than monitor activity. MDR providers enable you to have access to the resources you need, when you need them — without the need to employ specialists full time.
- Side-stepping the skills shortage: More than a quarter of UK businesses have an incident response skills gap, and that’s on top of the established cyber security skills shortage. MDR lets you avoid this problem and access the skills you need, when you need them.
Suggested reading: If you want to learn more about the impact of remote working on cyber security, take a look at our blog — Has Remote Working Created a Massive Cyber Security Threat? And what to do about it
Risk 4: Attacks on Cloud Services
The increase in remote working has led to more cloud-based infrastructure and services being used. As a result, cloud services are now a prime target for cyber criminals, creating new cyber risks and avenues for attack.
Data breaches, human error, malicious insiders, account hijacking, and DDoS attacks all present challenges to cloud services and cyber security more generally. Relying on third-party service providers introduces additional compliance considerations — making it critical that you appraise both your partner’s’ and your internal operations. Research shows that an average of 51% of organisations have been exposed to at least one cloud storage service to attack.
Strategies to Combat This Threat
- Be aware and act on new cloud security intelligence: Have access to cyber intelligence reports and conduct regular risk assessments.
- Ensure access control in place: Using a password manager to create and use unique and strong passwords across your organisation and accounts is critical. You also need to ensure that joiners apply best practices and leaver accounts are removed.
- Balance between efficient operation with security optimisation: Everything cannot be locked down — there will always be a balance to be struck between operational, legal and IT considerations. To get everyone on the same page, a risk assessment is the best place to start.
- Implement network segmentation: Segmenting the network to protect sensitive information makes it difficult for hackers to move about — even once they have access.
- Build-in data encryption: When your data is encrypted, even if an unauthorised person gains access to it, they will not be able to read it. Look to create and implement a policy for encryption-at-rest for storage and endpoint encryption between devices and servers.
Avoid Complacency and Invest in Planning
In 2021, we saw an increase in the variety of cyber-attacks. Cyber security is a journey, not a destination, and has to be an ongoing, iterative process that adapts to new threats.
As a result, even with the context of budget and skills constraints, it’s crucial to build on existing knowledge and make investments in the right areas in order to mitigate cyber security risks.
A practical cyber assessment approach, and partnering with a managed security provider, will be crucial for organisations in overcoming these threats.
Here at Six Degrees, we can provide the knowledge and expertise to help deliver a range of flexible, on-demand services to combat the cyber security risks facing organisations in 2022. Ready to begin your cyber security journey? Get in touch today.