Cybersecurity is a quick-moving and ever-evolving discipline, with cyber criminals and providers constantly trying to outpace one another. With dire consequences should an organization’s security slip, here are the top 3 cybersecurity pain points to be aware of in 2022 and on.
Shift to Remote Working
With the arrival of the COVID-19 pandemic in 2020, companies were forced to adapt to working from home with little time to plan or prep. As the pandemic slowly fades out, working from home seems to be here to stay for many organizations, and presents cybersecurity risks and challenges.
Cloud Hosting Platforms
For teams working remotely, cloud platforms such as Google Drive and Amazon Web Services facilitate communication and collaboration but can be minefields for cyber risk.
The vulnerability of these platforms is highlighted due to the increased entry points for attacks and the potential for misconfigured settings leading to unauthorized access, insecure interfaces, and account hacking if passwords are compromised or two-factor authentication is not set up.
For effective utilization of convenient cloud platforms, cybersecurity professionals need to understand the backend workings of the interfaces and undergo sufficient training for relevant certifications. The haphazard implementation of these platforms across an organization, without the proper security or preparation, could leave a company open to attacks.
Lower Security Levels
As one may expect, home offices tend to be less secure than centralized office locations. Company offices have more secure firewalls, routers, and access management systems, not to mention a team of security professionals on-site.
Comparatively, home security is often limited to default provider settings, leaving an opening for more knowledgeable bad actors to take advantage.
In addition, while one of the benefits of working remotely is that one may work from anywhere with a Wi-Fi connection, connecting to non-secure public networks may unintentionally provide access to hackers. Coffee shops, libraries, and airports are all places where anyone can connect anonymously to a shared network and get up to anything they like, including hacking.
Increased Number of Access Points
With the line between work and life blurred, the use of personal devices in a working capacity has become pervasive. Personal mobile devices are used for two-factor authentication, corporate messaging systems (such as Microsoft Teams, Slack, Zoom), and checking company email. Where employees once used only a single desktop in the office, there are now multiple devices signing on simultaneously to a single controlled account, often with varying security levels.
While not intentionally risky, the use of non-controlled personal devices can present vulnerabilities due to weak passwords, ineffective firewalls, loose settings, and the transfer of files between devices for convenience (using a personal tablet instead of a work-issued laptop while on a plane, for example).
These obvious entry points are in addition to the ever-expanding IoT network. IoT refers to any device that connects to the internet to share data other than computers, phones, and servers. This can include tools such as smartwatches, fitness trackers, smart kitchen appliances, and voice assistants (such as the pervasively popular Amazon Echo and Google Home). With an anticipated 64 billion IoT devices by 2026, the entry points for bad actors are plentiful. (1)
While the original shift to remote working in early 2020 was rushed and accomplished with devices that may not have been properly secured, with the WFH shift gaining permanence organizations are assessing risks and vetting platforms, software, and devices that enable remote teams to connect securely.
Rise of Artificial Intelligence
Despite the persistent cultural mental image of hackers being a single individual in a dimly lit basement, in the digital age cyberhacking has become a lucrative, multi-billion dollar industry. (2)
And, with the rise of advanced technology such as artificial intelligence, machine learning, and automation, the industry has seen an exponential increase in the number, frequency, and complexity of cyber attacks.
To make matters worse, a high level of expertise in malicious software is no longer needed to execute a devastating coup. There is now off-the-shelf, highly complex ransomware that can be purchased and repurposed for a fee that, in the face of potentially millions paid in ransom for a catastrophic data breach, has a significant ROI for the users.
Remote working has exacerbated vulnerabilities. Ransomware attacks can come from any digital point of access and have been gaining complexity using social engineering. By targeting isolated employees working remotely from a seemingly authoritative source via any number of digital access points with automation software, bad actors have scaled both their attempts and success rates.
Common Cyber Attack Tactics
Smishing: sending text messages purporting to be from reputable companies.
Vishing: making phone calls or leaving voice messages purporting to be from reputable companies. Most notably used as part of a Twitter hack in 2020 targeting the company’s customer service representatives working remotely.
Phishing: sending emails purporting to be from reputable companies or people.
Whaling (a.k.a. Spear Phishing): attackers use phishing methods to go after a large, high-profile target, such as the c-suite.
The number and frequency of these attacks are increasing year over year, and organizations that do not plan ahead leave themselves vulnerable. Rigorous employee training and well-communicated best practices can help prepare employees, but having knowledgeable cybersecurity professionals in place as the first line of defense is vital.
Lack of Internal Resources
Recent years have seen the proliferation of digital transformations in the form of new platforms (i.e., the cloud), technologies, and software. This, paired with recent waves of new regulations on the digital space due to growing privacy concerns and recent high-profile breaches, has left the cybersecurity industry struggling to keep up.
For many organizations, whether small or large, current staff training levels leave companies unprepared for new digital risks and compliance requirements, highlighting the cyber skill gap concerning newer technologies and platforms and worsening vulnerabilities.
This lack of knowledge, staffing, or both makes these companies figuratively sitting ducks in the murky waters of the digital world that is growing more fraught with each passing year.
According to Check Point Research (3), cyberattacks have increased 50% each year, reaching the highest levels since reporting began, with education and research industries being the most frequently attacked sectors. For organizations lacking the internal resources to prepare for these onslaughts, breaches can be almost inevitable.
The Cost of a Breach
The price paid for lax digital security can be a hefty sum as well.
According to the Ponemon Institute and IBM’s Cost of a Data Breach Report, the average total cost of a data breach increased from $3.86 million to $4.24 million in 2021. (4)
For the industry to keep up with current demand, estimates project that an additional 2.72 million skilled workers are needed to fill employment gaps. (5) But, with the ongoing market trend labeled “the great resignation” (or “the great reshuffle”), companies are having difficulty recruiting and retaining top talent.
In a digital world where automated attacks can quickly overwhelm manual monitoring attempts, having adept and skilled professionals in place is critical to a company’s continued prosperity and longevity.
How To Mitigate Cybersecurity Risks
To address these cybersecurity pain points, organizations need to reinforce their cyber protocols and ensure that their team is skilled, supplied with appropriate software and platforms, and has the bandwidth necessary to handle the deluge of attacks. This can be accomplished either by outsourcing to third-party providers or investing in internal infrastructure and employees.
External Talent Recruiting
The market in 2022 is red-hot, to say the least. With frequent cohorts of cybersecurity graduates training in the latest technologies and platforms and high amounts of turnover as skilled workers trade up for more convenient and lucrative jobs, the talent pool is both deep and competitive.
Partnering with established training organizations to hire top-level graduates can help your company ensure that new team members are up to date with current technology and regulations.
Upskilling Current Employees
For companies with an existing team that is interested in retraining or cross-training, upskilling can also be an option. Employee loyalty is a hard-won and well-earned honor that, when built upon, can prove to be the foundation that carries your organization forward into the digital age with ease.
Utilize technical training organizations to address technical skill gaps, improve employee retention, and build on existing internal expertise.
For more information on how technical recruiting, upskilling and retaining, or hire-to-train programs offered by Flatiron School can help level up your cybersecurity team, visit our enterprise page.
Together we’ll discover your organization’s true cyber potential.
Sources:
(1) https://www.businessinsider.com/internet-of-things-devices-examples?r=US&IR=T
(2) “Cybersecurity: Hacking has become a $300 billion industry,” InsureTrust