As businesses continue to find creative ways to operate and collaborate remotely, they’ve also exposed a larger attack surface to hackers seeking access to their sensitive data. Looking ahead to 2022, it’s never been more important to include cybersecurity in your yearly strategic business planning.
Research from Gartner finds that 47 percent of organizations plan to continue allowing their employees to work outside the office full time for the foreseeable future. A significant majority — 82 percent — say they will allow employees to work from home at least one day a week. And according to Verizon’s 2021 Data Breach Investigation Report (DBIR), the cybersecurity impacts are already being felt. In the analysis of more than 29,000 incidents, Verizon found that web apps — such as cloud-based email and other tools used by remote workers — accounted for over 90 percent of breaches. Desktop sharing came second, which may also be a result of remote collaboration. Overall, the report concluded that external cloud-based assets are more common in cybersecurity incidents and breaches than on-premises assets.
Unsurprisingly, 65 percent of IT and security professionals surveyed by the Ponemon Institute in June 2021 said they found it easier to protect company data when staff were working in the office. As many employees continue to work remotely, this increases the risk of device exposure: 64 percent of IT and security professionals said they were worried about remote workers’ screen privacy.
Businesses can’t afford to lose out on the benefits of mobile devices, so they need to get ahead of cyberattacks. The first step is to start educating your workforce (or reeducating them) about security best practices. Then develop a defense-in-depth strategy to mitigate the growing number of cybersecurity risks that are expected to emerge over the next 12 months, including these cyberattacks:
1. Multi-extortion ransomware
In the early days of ransomware, attacks often involved cybercriminals compromising people’s devices, rapidly encrypting their files and then demanding payment — or else deleting them. This started changing in 2019 with Maze ransomware, where “double extortion” meant attackers would also threaten to leak people’s private information online or sell it to a third party.
According to Sophos, ransomware threats now include at least 10 different types of pressure tactics, such as emailing employees with threats to disclose personal information to their business partners or the media.
Security policies that require internet connections to use a virtual private network (VPN) can reduce the risk of ransomware, as can training employees to avoid untrustworthy websites.
2. Supply chain partner phishing schemes
One of the oldest tricks in the book is sending employees an email that seems like it’s from a legitimate sender, providing them a link that contains malware. But Forrester suggests that the problem could be exacerbated by companies’ recently increased reliance on their supply chain partners, in addition to more team members working remotely.
Among reported kinds of cyberattacks, phishing attacks have jumped 72 percent in the last two years — from 18 percent of cyberattacks in 2019 to 31 percent today — according to Forrester data. Educating remote workers on how to avoid these threats is a good place to start, but Forrester recommends organizations also apply the Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocol as a means of guaranteeing that the messages in mobile users’ inboxes are actually from verified senders.
3. Deepfake-based data breaches
Most people are spending more time on video calls than ever before, often with filters and background effects applied. In some cases, this could increase the risk that you’re talking to an imposter rather than the person you’re expecting.
With the power of machine learning, deepfakes can realistically simulate your well-known contacts. Deepfakes have often gotten media attention for impersonating politicians and celebrities, but attackers could use the same means to pose as an employee’s manager or anyone else they trust. If the deepfake is successful, they could trick an innocent employee into handing over security credentials or transfering data to a malicious source.
Like phishing attacks, avoiding deepfakes often comes down to thorough security training. Organizations also need to assess their degree of risk based on how much they rely on video-based communications.
4. Cyber-physical weaponization
Not all work happens remotely, of course, and the range of business apps that can run on mobile devices extends beyond communication and collaboration tools. Smartphones, tablets and laptops are increasingly connected to larger processes such as manufacturing equipment, heavy machinery and water treatment plants.
Mobile device management for beginners
Get started with MDM so your organization can spend less and do more — securely and efficiently. Download Now
There are many advantages to managing operational technology through the internet of things (IoT), but this also poses a risk when rogue actors find a way to take control. Gartner predicts that within five years’ time, these cyber-physical environments will endanger people’s lives — which may call for dedicated teams to mitigate threats, based on specific skills in IT and operational technology.
5. Outdated or permissive access policies
The pivot to remote work in 2020 happened so quickly in some cases that businesses may have failed to consider the effect of decentralization on their cybersecurity.
This could be why IDG Research’s recently published Security Priorities Study showed 46 percent of organizations are now interested in zero-trust technologies, a 31 percent increase from 2020.
While zero trust can include everything from multifactor authentication (MFA) to encryption and analytics, more businesses are expected to pair these cybersecurity investments with updated polices — based on principles of least privilege — into 2022 and beyond.
If your company uses a Bring Your Own Device (BYOD) policy, make sure your devices are secure with this free comprehensive guide. And discover how Samsung Knox protects the most secure phones with defense-grade mobile security.