By Joshua Skeens, Cerdant, a Logically Company
Cybersecurity, like Twitter trends or fashion, has fads that come and go, but some songs remain the same. 2021 brought a wave of ransomware and the understanding that remote work is here to stay, as well as the realization that malware usage took a dip (likely thanks to the popularity of ransomware) but phishing campaigns are still as prevalent as ever.
When in the thick of it, dealing with security concerns, ransomware attacks, and more, it can be difficult to pull back and take a stab at what’s likely ahead for the new year. Here are some insights on how 2022 will look from a security standpoint.
Attackers are having too much success with ransomware to even consider pulling back on deploying it as a valid attack measure. There are actually ransomware-as-a-service offerings out there, where people can pay for and outsource successful ransomware attacks; it’s pretty safe to say that trend alone signals that ransomware is becoming a more prevalent concern for cybersecurity experts.
Ransomware is going to continue to not only have a financial impact on businesses, but it’s going to continue to be used as an extortion tool as well. When businesses stop paying the ransom, the bad actors have started extorting companies with their data – a trend that has been successful thus far and will likely continue into 2022.
While working from home is a great thing culturally and economically, there are important security concerns that will likely endure well into 2022. Most of these concerns surround the Internet of Things (IoT) and the lack of security that comes into play when people working from home leverage their home network to get back into their corporate network – which happens more often than you might think.
If someone working remotely leverages their in-home network to access their company’s secure network, and that remote worker has washers, dryers, refrigerators, thermostats, or other gadgets connected to their wireless internet, the chance for a bad actor to exploit that vulnerability is sky-high. Bad actors can leverage that type of technology to get into users’ equipment and get into a corporate infrastructure from there.
It’s a tactic MSP professionals have seen before, and it's likely going to increase in prevalence into 2022 as the attack surface for remote workers continues to broaden. That’s why companies must leverage VPN technology to get their employees working from home back into the corporate infrastructure. If you're leveraging home employees’ technology to allow them to get back into the corporate network, supply them with a next-generation AV that will allow them that extra layer of security.
Data Breach Concerns
Data breaches just keep happening, no matter what companies do; while there are multiple ways bad actors are gaining this access, the two main data breach points are easily mitigated – something companies should take note of going into 2022.
First, bad actors are commonly executing data breaches through a user account. We all know people who use the same password on multiple accounts – maybe you’re guilty of it too – but when a bad actor gets ahold of that single password and uses it to access an employee’s email or systems, that’s a really easy way to see security go horribly wrong. That’s why multi-factor authentication is vital, especially as more employees work remotely and may need to access their data while on the go. In addition, employees need to use different passwords across accounts (which can be annoying) but it is still vital to a good security hygiene
Second, while we’re all bogged down by emails, some emails are much more insidious than others. Leveraging technology to filter out sandbox links for end users and scan attachments before users can open them is paramount going into 2022, as those links and attachments are simple, easy ways for bad actors to breach your security systems. Leveraging advanced technology to redirect embedded links to a sandbox for secure examination and scanning attachments before users open them is of paramount importance.
These methods have never been more popular, and organizations must be aware and rise to meet these challenges through implementing multifactor identification systems and solid email scanning technologies.
Cloud Vs. Legacy Infrastructure
Businesses are continuing to operate with a mostly- or fully-remote workforce and, as a result, are looking toward infrastructure solutions that operate on the cloud, rather than through legacy infrastructure that is becoming obsolete in the absence of an in-office organization. That said, securing the cloud can be tricky, and if more people are using the cloud, that’s where the attackers are going to go.
If you’re looking at implementing a cloud-based system in 2022, be aware that the cloud is often just someone else’s internet. It would behoove you to put your own data security and backup practices in place to ensure the security of your data.
While 2022 likely signals the rise of more cyberattacks, it is also poised to be a year in which businesses treat security as a priority rather than an afterthought – which is exactly what should be happening at this juncture. Security may be costly, but it’s an investment well worth making, and one every enterprise should entertain as we look ahead to a new year full of challenges.
About The Author
Joshua Skeens is Chief Technology Officer at Cerdant, a Logically Company.