As IT teams and businesses brace themselves for more and more sophisticated cyber attacks in 2022, Jonathan Wood, CEO of risk management platform C2 Cyber offers his thoughts on how businesses can best protect themselves in this interview on the Professional Security website.
1 – Ransomware will continue to be the number one cyber threat:
Ransomware attacks surged during the COVID-19 pandemic while the majority of employees worked from home. However, ransomware will become even more sophisticated in 2022, with hackers using penetration tools to customise attacks in real time. We can also expect ransom demanded by attackers to increase, even exceeding the $40m paid out by US insurance giant CNA Financial, the highest ransom amount to date. As a result, insurance for ransomware is becoming harder to arrange without demonstrating to the underwriter your security maturity (including your supply chain).
Recommended action: With organisations understandably focussed on the challenges of the pandemic, little seems to have improved in terms of posture and readiness to defeat these attacks. But to protect your system from ransomware, there are a number of steps you must take. Firstly maintaining backups of important data is the single most effective way of recovering from ransomware. Your backup files should be appropriately protected and stored offline, and routinely tested for efficacy. Secondly, review port settings with your cloud provider and disable unused ports and thirdly, make sure all of your organisation’s operating systems, applications and software are updated regularly. Applying the latest updates will help close the security gaps that attackers are looking to exploit.
2 – Hackers will work undetected inside victims’ networks for longer
Cyber attackers can normally get away with working inside their target’s network for an average of 11 days after breaching before they’re detected. But as hackers become smarter, this dwell time will increase giving them longer for reconnaissance to map your network and find access points and open ports, and then execute data exfiltration, before they’re spotted.
Recommended action: Ensure you have an effective intrusion detection system (IDS) in place to monitor and detect suspicious activities and generate alerts when hackers are detected. This will stop them from entering your network and carrying out reconnaissance without you realising.
3 – Exploiting vulnerabilities across the supply chain will be the number one route of choice for hackers
The increasing reliance on remote and potentially offshore third-party suppliers combined with the exponential rise in digitisation across the supply chain means it will be the number one route of choice for more and more hackers. There are trends towards on-shoring and ‘domesticating’ the physical supply chain for goods, but this must not be confused with services. More than ever these are being delivered in a flexible, global way (accommodating lockdown’s and border closures) and actually making service provision more resilient.
Recommended action: As organisations have hundreds if not thousands of suppliers who pose varying degrees of risk, you need to get ahead of any attacks by identifying the risk level of each supplier. Then pinpoint the areas that need action among the high risk category and ask the suppliers to make the required updates. These actions will be critical to safeguard your organisation from attacks. In fact, supply chain security is now considered so important, that the National Cyber Security Centre added it as one of its ten steps to cyber security.
4 – Mobile malware attacks will increase as more people use mobile wallets and payment platforms
The most common method hackers use to spread malware is through apps and downloads. In 2021, 46 per cent of organisations had at least one employee download a malicious mobile application. As mobile wallets and mobile payment platforms increase in use, hackers will adapt their approach to exploit this growing trend. The apps you download from the app store are usually safe, but apps that are ‘pirated’ often contain malware.
Recommended action: Ensure employees only download sanctioned apps from the app store onto corporate mobile devices, and avoid apps that are pirated or come from less legitimate sources.
5 – Cryptocurrency will become a key point for cyberattacks globally
Cybercriminals use various techniques to hack digital wallets and steal crypto assets without the user’s knowledge. One tactic used by hackers is offering free airdropping of malicious Non-Fungible Tokens (NFTs). When they release an NFT to a victim, a follow-up message appears that demands a signature for connecting to a wallet. Once the user signs, a second prompting message requiring a signature will follow. If the user accepts it, the hacker will then have access to the user’s wallet and funds. So, as reports of these attacks become more frequent with hackers ‘mixing’ or tumbling between currencies to obscure the proceeds of crime, we can expect to see a significant increase in cryptocurrency related attacks next year.
Recommended action: Securing your wallet is essential when it comes to protecting your digital currency against cyberattacks. There are a number of ways you can do this. Firstly use a cold wallet, also known as a hardware wallet, which doesn’t connect to the internet. Secondly, use a secure internet connection when trading and avoid public Wi-Fi networks and thirdly don’t get phished. Phishing scams via malicious ads and emails are commonplace in the cryptocurrency world, so always avoid clicking on any suspicious and unknown links.
Join Informed Sauce’s ransomware awareness session on 2 December in London. Short talks from the Met Police’s Cyber Crime Unit, Commvault and Infinidat will be followed by a room-wide, moderated open forum discussion on how to combat the scourge of cyber crime and best protect your business.
For details and to sign up, visit the event microsite – https://informedsauce.com/events/infinidat/anatomy-of-a-ransomware-attack