Top 5 Cybersecurity Threats in 2022 (And How to Protect Your Business)
This article looks at the top trends in cybersecurity to watch out for in the new year. The sector is fast-moving, and hackers are constantly improving their abilities on pace with cybersecurity providers. Here are some of the major attacks that have happened this year and what to look out for in the future.
Cybersecurity in 2022 and 2023
The level of sophistication we’ve seen with cybersecurity attacks over the past few months is overwhelming. The sheer volume and impact of breaches have been incredibly disruptive across all sectors.
With the introduction of new technologies and their increased use amongst the general population, networks’ vulnerabilities also increase. The Internet of Things is a perfect example. Now a fact of life, IoT devices surround us. From mobile phones to home appliances, to manufacturing and construction, and even how we work out, cybercriminals have more points of access to our data than ever before.
Sensitive data is shared digitally more frequently, so the entire network ecosystem is affected when an attack or breach occurs. While most companies think of conventional endpoints like laptops or personal computers, they overlook that smartwatches monitoring sensitive health data, for example, are connecting to the same network and also need protection.
Forbes recently reported on the alarming cyber statistics for mid-2022 that everyone needs to be aware of. Surprisingly, despite the increase in significant threats, nearly half of United States businesses don’t have a cybersecurity risk plan. We think that’s crazy.
Cybercriminals can increasingly penetrate secured networks and, in turn, their network resources. Breaching network perimeters can take place in just two days, making attacks incredibly difficult to identify unless you have a dedicated security team constantly monitoring every network endpoint.
Major Cyber Attacks This Year
2022, has been a strange year. After coming out of our lockdowns and accepting new realities, it has flown by, while at others, it feels interminable. Cyber Security this year is experiencing a similar shift. How can organizations keep up with the exponential threats that have emerged and continue to emerge? To prepare for the year to come, we like to review some of the major breaches and ensure we are poised to address similar attacks in the future. Here are some of the major attacks that we’ve already experienced.
Lapsus$ Digital Extortion Bender
Digital extortion gang Lapsus$ went on a bit of a hacking spree in 2021 and continued in 2022. They claimed responsibility for stealing data and compromising some major technology companies, including Samsung and Microsoft. While the tech companies played the breaches down, it is clear that they had vulnerabilities that a gang of presumed teenagers was able to hack into.
The group apparently figured out how to use phone-based tactics to obtain personal email information and pays employees of large organizations to give them additional access to company networks and data. They also hijack cryptocurrency exchange accounts to extort information from company employees.
Russian Cyber-Gang Conti’s Attack on Costa Rica
Another major attack happened in April 2022. Russian cyber thugs targeted the Costa Rican government and were able to hinder tax collection and export systems for over a month. They forced the country to declare an emergency.
The Conti Gang sought $20 million from the Costa Rican government in exchange for keeping personal data secure. The move showed a shift in focus from the United States to proxy countries, creating even more chaos than usual. Some experts think this may have to do with supporting Ukraine, but in our experience, most cybercriminals aren’t taking political sides. They want compensation.
Concealed-Carry DoJ Breach in California
Following the launch of a Firearms Dashboard Portal this year, California Department of Justice officials had to admit they had experienced a major breach that exposed many citizens’ data. Concealed weapons permit holders in California’s data were stolen, and authorities could not confirm exactly what data was compromised. That is not a good look for local government and had State Attorney General Rob Bonta unimpressed.
Top 5 Threats to Prepare for Heading into 2023
More than halfway through 2022, we can see the trends that will continue during the rest of this year and 2023. Don’t let your organization fall prey to the tricks that have already occurred this year, crippling national and local governments and major corporations. Here is our list of the top 5 threats to be aware of.
- Geo Phishing
Geo-targeted phishing threats, or geo-phishing attacks, are incredibly pervasive. They are similar to traditional phishing attacks, but cybercriminals have become much more sophisticated and use highly localized content and software to get into accounts. These attacks target local communities and use individualized language to trick a device or network user into clicking a malicious link that opens the network to all types of malware.
- Remote Working Attacks
Human error remains the number one vulnerability in cyber security. Without proper training, your workforce can be your biggest enemy regarding cybersecurity. As we saw with the Lapsus$ extortion attacks, humans can also be targeted, and extortion schemes will continue to trend in 2023. With remote workers using personal devices for two-factor authentication, and mobile app versions of messaging clients, they are particularly vulnerable to being targeted by hackers.
- Higher Education Threats
The same happens with remote higher education institutions. Cyberattacks are targeting prestigious institutions with remote and online learning on the rise. Cybercriminals seek to extort universities and students, posing severe threats to institutional reputation and student professional development.
- Social Engineering
Social engineering attacks, like geo-phishing attacks, use highly personalized communication strategies to trick users into breaking typical security protocols. Hackers use baiting tactics to pique someone’s greed or curiosity or conversely harass them with false information to induce them into giving up some network vulnerability, whether conscious or not. These attacks can happen online, in person, or via interpersonal interaction. The scams are based on how humans interact, and they have worked well in 2022 so far.
- Third-Party Exposure
Third-party exposure attacks happen when an organization works with external service providers that may not have the recommended levels of cybersecurity. We see this a lot, and in 2022 some major attacks saw sensitive medical data compromised and significant supply chain disruptions.
Protect Yourself From a Breach
Develop a comprehensive cybersecurity strategy and plan to ensure your network, devices, and data are protected. Start with a comprehensive vulnerability assessment to identify risks, and then invest in penetration testing to see how weak your systems may be to attacks. Consider a control review to evaluate the technical, administrative, and physical safeguards your organization has in place now; finally, consider consulting or partnering with an external executive security officer to develop a comprehensive plan.