2021 has not been a good year for business cybersecurity. An increase in cybercrime fuelled by the pandemic continued and worsened. Among the worst incidents was the Colonial Pipeline attack that cost five million dollars in ransom.
Automobile manufacturing giant Kia Motors was hit in February. And even Accenture, one of the world’s biggest IT firms, got hacked. On all three occasions, companies experienced a ransomware attack.
But that doesn’t mean only corporate giants are cyber attack targets. According to the 2021 Verizon Data Breach Investigations Report, one in five data breach victims is an SMB. Furthermore, cybercriminals focus on small businesses with low cybersecurity budgets.
Businesses almost recovered from the pandemic and the rapid shift to the WFH model. Now it’s time to fix security loopholes. The two main reasons for a cyberattack are lack of awareness and training. To solve these issues, it’s critical to know what you’re up against.
Biggest Cyberthreats for Businesses
The first ransomware incident occurred in 1989. It was distributed via floppy disks among World Health Organization’s AIDS conference participants. Floppy disk infected the computer with a virus. After 90 boots, it encrypted the system and popped a ransom demand.
Today, the principle remains the same. It’s not uncommon for ransomware gangs to target the health industry. The goal of a ransomware attack is to get unauthorized access to a computer network. Once there, the virus is distributed, and encryption begins.
Unlike the 1989 hack, contemporary encryption algorithms are almost impossible to break. For example, the Russian ransomware gang Conti paralyzed Ireland’s healthcare sector. The attack occurred on May 14th. Even though Conti later provided the decryption keys, it took half a year to restore all the servers.
Discussed cases are merely notorious examples. Cybersecurity experts predict small and medium businesses will experience more attacks. Limited budget and lack of cybersecurity protocols are cited as the main reasons.
Protection against ransomware is a complex process, but here are the main tips:
- Minimize the risks of the initial breach. A vast majority of viruses are distributed via email. Educating employees on identifying Phishing scams is a solid first step.
- Have a workplace password management structure. The unfortunate Colonial Pipeline attack was a result of a compromised password. Instruct employees on safe password management to avoid unnecessary troubles.
- Regularly back up your data in a secured Cloud. Even if ransomware hits, you can restore the encrypted data from the Cloud. Remember not to store backups on the same server because they will get encrypted.
- Segment your network. There’s no need for all devices to be connected the same way. Restrict access to the most valuable information from other network segments. It will prevent ransomware from spreading uncontrollably.
2. Credential Stuffing
Credential Stuffing statistics are troubling. The attack became popular during the pandemic when many were working from home.
Hackers assumed they could hack home devices to gain entry to business information. Employees who work from home often use their home devices for work tasks, making this hack easier.
Credential Stuffing relies on weak and reused passwords. Cybercriminals obtain datasets of leaked username-password combinations. Then via additional software, they target hundreds of thousands of accounts with the same combination.
Employees who use the same password for social media and work-related accounts might grant hacker access.
It would be best to have clear business password management guidelines: no weak or reused passwords, easy-to-guess, or most-common passwords. Enable multi-factor authentication wherever possible.
Your employees should take additional steps to verify their identity. Then they can access sensitive business information. Lastly, discussed password managers provide sufficient Credential Stuffing protection.
3. Social engineering attacks
Social engineering is not a “typical hack.” It’s directed against a person instead of an operating system. But hackers successfully use it to wreak havoc.
Computer systems are built with security in mind, but humans cause errors. It is easier to trick a person than hack a multi-million dollar security system.
What’s more, social engineering became much more straightforward. People share a lot of personal information on social networks. Cybercriminals scrape this data and use it to forge convincing Phishing letters.
The well-known “Nigerian prince” scam is now more personalized. Hackers can use first and last names, phone numbers, and even location data. Without cybersecurity training, an employee is likely to click on a Phishing link.
These are the most significant cyber threats for businesses in 2022. Remember, cybersecurity is a process. Yes, it’s costly, but not as nearly as the negative consequences. Taking the first steps is more manageable and affordable. It gives you time to install better solutions.