The New Year is upon us, and we all hope it will be a prosperous time for small businesses. Of course, we have to live in the real world, where there are always new and evolving threats to cybersecurity and IT Operations.
Below are some of the biggest computer security threats businesses need to prepare for in the upcoming year and beyond. You’ll note that some of these are long-standing issues that have faced IT and security for years. These threats continue to grow and evolve, and this means that the IT team needs to do likewise!
Many companies are using the cloud for various purposes, such as data storage, productivity applications and even artificial intelligence. However, the cloud is not always as safe as one would hope. Cloud jacking has become a common way for hackers or nation states to cause damage to a company. Cloud jacking is when an outsider takes over elements of your cloud for (mostly) the express purpose of data or personal information theft. It is a common form of cyber-attack.
When they infiltrate the cloud, they can wreak havoc. They might get into employee emails, watch real-time conversations, spy on the company, upload fake emails and memos, etc. They could even add files that have malicious files embedded in them. There is no end to the amount of chaos that this type of attack can cause.
Malicious software is still one of the most common types of cyberattacks that happen on company assets. The malware can cause slowdowns on the machines, or it might stop them from working entirely. Malicious software can add spyware, viruses, adware, and more to computer systems, even Macs (such as the recent Pegasus breach).
It’s unfortunately easy to download malware without realizing it. Clicking on a link or downloading a file from an unknown source could allow malware into the system. Clicking on a popup ad or downloading an email attachment from someone you don’t know might also be a way in for the malware. We highly recommend Multi-Factor Authentication (MFA) as a basic (and typically free) preventative measure for starters.
When the malware has been released, it can allow thieves to get access to company passwords, banking information, credit card numbers, customer information, personnel files, and more.
More and more workers are using their mobile devices for work tasks. Some of these employees might be remote workers, but it’s more than just them using these devices. Many people today have work phones, work tablets, or laptops. Many companies have private company information and data that can be accessed using those mobile devices. It’s no wonder that hackers are starting to spend more time targeting those devices.
Mobile malware has been gaining traction in recent years. Any company that makes use of mobile devices, or who has workers who are using their devices to access company data need to be wary. They need to be sure these devices are malware-free and kept safe. You'll find that there are specialized packages specific to mobile devices that offer protection that isn't always available for the workstation-focused vendors.
Ransomware is a type of malware that can be extremely difficult to remove. When installed, it will encrypt the computer, so users no longer have access to their system or the files within it. This will essentially lock them out of the system, while encrypting their files. The only way to get back into the system and to regain access to files is to pay a ransom, as the name suggests.
We recently signed on a new client that had tens of thousands of their files encrypted which resulted in 100+ hours of manual un-encryption -- 200 files at a time. Yipes. That's when you're happy to have a managed services provider, as opposed to paying hourly!
The amount of the ransom varies, typically based on your domain name and revenue, as does the manner in which the thieves want payment. Some might want Amazon gift cards. Others might instead request Bitcoin or another cryptocurrency. Here’s the catch. Often, even after paying the ransom, the users do not get access to their system.
Ransomware is a larger problem than many realize. Over the last couple of years during the pandemic, 58% of companies in the United States said that they lost some revenue because of ransomware.
Even in 2022, compromised passwords can cause a substantial number of information security problems and data breaches. A password might be compromised in any number of ways. It often happens when someone enters their login information into a fake website. People tend to use the same password for multiple accounts, so if a thief has access to one username and password for one account, chances are it could work for several accounts. What if it works for their work password?
If you think it’s unlikely, you might be interested in knowing that more than 50% of people admit that they reuse passwords on multiple platforms and that they use the same passwords for work and personal accounts.
One of the other ways that passwords become compromised is by using simple username and password combinations that are easy to guess or crack. This can provide relatively easy access to private accounts and information. Of course, there is also the possibility that someone simply writes down their password, loses it, and it falls into the wrong hands. This tends to be rare, but it can happen.
These are just some of the biggest threats that IT security teams will have to deal with in 2022 and beyond. There are other potential problems that the IT team will need to watch for. To help make matters easier, companies should consider having a cybersecurity safety policy in place that all the employees follow.
Something else to consider is the ongoing pandemic. While things may not seem as bleak as they were in 2020, there are coronavirus variants to worry about now. These have the potential to cause periods of lockdown where more people have to work from home.
As the industry learned, it’s often possible to help people get set up to work from home, but it presents a host of security challenges. While many departments now have the knowledge and technology in place to get employees up and running from their homes, they need to consider how to handle new security issues.
IT departments need to know and understand all of the worrisome threats that could cause serious problems for companies large and small. By strengthening cybersecurity and staying proactive, companies can stay a step ahead of these threats. Many companies have problems handling all of their IT challenges on their own, including handling cyber threats. Outsourcing and working with a professional managed IT solution could be the perfect option.
Resources:
https://www.gcit.net/blog/computer-security-threats-business-it
https://www.securitymagazine.com/articles/96146-5-cybersecurity-threats-for-businesses-in-2021and-3-tips-to-combat-them