The COVID-19 pandemic increased the speed at which individuals and businesses have moved online. E-commerce sales increased by 43% in 2020, and while only 5% of employees worked from home before the pandemic, that number increased substantially and is expected to remain at 20% to 30% post-pandemic.
With more and more people online and businesses operating on the cloud with remote workers accessing company data 24/7, the risks posed by online threats have increased considerably. With this in mind, here are the most dangerous cyber threats of 2022 and how to deal with them.
1. Ransomware Attacks
Ransomware attacks have long been an issue, but within the past two years, the number of ransomware attacks has skyrocketed. Not only that, but the payments that have been demanded for the release of access and data have grown, in some cases reaching over $200,000.
To protect against ransomware attacks, companies should:
- Ensure all computer hardware and software are up to date to avoid potential vulnerabilities in security
- Enable click-to-play plugins so that Java and Flash can’t run unless a link is clicked
- Remove old software, which includes programs and apps designed for an older operating system than the one currently in use
2. Database Exposure
This is the exposure of part of an organization’s database, which can then be easily hacked or stolen. There are many ways database exposure can occur, including social engineering attacks and the use of malware.
To protect against database exposure, companies should:
- Ensure all physical hardware is locked in a secure and protected room
- Ensure there is a firewall protecting the database, as well as a web application firewall
- Limit server access to only those people who require access and have the proper credentials to gain that access
- Ensure all data on the server is encrypted and regularly backed up
3. Credential Stuffing
This is an attack that is used to steal a user’s login credentials in order to gain access to an organization’s network, systems, and data. It most commonly occurs when the same login credentials are used for multiple accounts.
To protect against credential stuffing, companies should:
- Implement 2-factor authentication for all accounts, so users need to input their password and confirm their identity via phone or email verification
- Ensure the use of different passwords for each account, program, and system employees have access to
- Avoid sharing passwords with anyone, and with shared accounts, only share passwords verbally and avoid sending them via email or another form of electronic communication
4. Phishing and Smishing Attacks
Phishing and smishing (SMS-based phishing) are increasingly becoming a problem as more and more people are online and using mobile devices. During a phishing attack, a person is directed to a fake website that appears legitimate, where they are tricked into providing personal and financial information and login credentials. With smishing, the same thing happens via SMS text messages.
To protect against phishing and smishing attacks, companies should:
- Ensure their employees keep an eye out for suspicious or unusual instant messages, emails, and SMS text messages, particularly those that begin with something like “Dear Customer” and have poor grammar and spelling
- Ensure their employees avoid clicking suspicious links or providing sensitive information online without first contacting the source of the request directly
- Install anti-phishing toolbars on all company browsers that will alert users to phishing sites
5. Man-in-the-Middle (MITM) Attack
A MITM attack occurs when a hacker gains access to a line of communication through hijacking an email, eavesdropping over Wi-Fi, or IP or DNS spoofing. As communications are sent to the recipient, the attacker can intercept the information that they can then steal, modify, or use.
To protect against MITM attacks, companies should:
- Ensure all Wi-Fi connections used by employees are secure and that no sensitive data is ever shared over public networks
- Ensure employees never use websites that are not secure by only using websites that display HTTPS in their URL
- Ensure all internet devices and connections have the latest security updates installed
Reach out to Platinum Technologies today to find out how we can help protect you from the most dangerous cyber threats of 2022 and beyond.