At a glance...
Cybersecurity has been a challenge since the last years of the 20th century thanks to the dot com boom. It is true to say that the growth of cybersecurity menace is directly proportional to the growth of technology. All in all, there exist several cybersecurity solutions from various tech companies. These solutions evolve periodically to accommodate changing cybersecurity challenges.
In the last two decades, cyber threats increased exponentially as a result of Web2 which allows users to publish content on the web. The user-generated web is an ideal “hunting ground” for cybercriminals as most internet users lack cybersecurity awareness.
Stay with me as we look at the top cybersecurity threats in 2022. I believe cybersecurity awareness is the most effective way to protect yourself from these threats. After all, it is impossible to shield your data from what you don’t know.
1. Social Engineering
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It relies on human error instead of technical vulnerabilities making it one of the most dangerous cyber security threats in 2022. It is much easier to trick a human than it is to exploit technical vulnerabilities in a system.This year social engineering crimes are expected to go up due to factors like;
- Evolution of social engineering tactics.
- Growth of cryptocurrencies such as Bitcoin and Ethereum.
2. Third-Party Exposure
Attackers target less-secure networks owned by third parties that have access to the target network. Third-party exposure allows cybercriminals to attack secure networks that cannot be breached directly.
An example of a third-party exposure incident occurred in early 2021 when hackers targeted Facebook, Instagram, and LinkedIn by hacking Sociallarks, a third-party firm contracted by these three tech companies. The attackers managed to leak personal data from 214 million accounts from these three companies through Sociallarks’ privileged access to the companies’ networks.
Cases of third-party exposure are expected to go up in 2022 due to the growing trend of tech giants contracting freelancers to perform tasks that were once assigned to full-time employees. The COVID-19 pandemic has forced organizations to adopt remote working strategies. Ergo, tech companies will continue to rely on third parties to get work done.
3. Configuration Errors
Errors in software setup and installation are common in most systems including professional security software. Such misconfiguration errors pose security risks to personal computers and workstations as they can be easily exploited by cybercriminals.
Research conducted by Rapid7, a cybersecurity firm based in the United States shows that 80% of the external penetration tests conducted found exploitable misconfiguration mistakes.
Mental health issues brought by the pandemic have impacted work performance which may contribute to these errors. Hence, configuration mistakes are likely to go up in 2022.
4. Poor Cyber Hygiene
Cyber hygiene is an informal term used to describe regular safe habits to practice when accessing the internet. These habits include the use of VPN, implementing two-factor authentication (2FA), and the use of strong passwords.
Around 60% of organizations count on human memory to manage passwords and 42% of organizations manage passwords using sticky notes. Over 50% of IT departments do not require the use of 2FA to access organization accounts. These numbers point to poor cyber hygiene.
As remote working becomes the new normal, this problem is expected to persist. Systems accessed with weak passwords are now accessed from insecure home networks increases the risk of cyberattacks.
5. Cloud Vulnerabilities
Cloud vulnerabilities have increased by 150% in the last five years. Cloud security is one of the fastest-growing cybersecurity market segments due to factors like remote working, increased use of cloud computing, and lack of cybersecurity awareness.
6. Mobile Device Vulnerabilities
Mobile devices usage reached an all-time high during the COVI9-19 pandemic. From remote working to touchless payments, mobile devices have been essential for day-to-day activities. With such a large number of people using mobile devices, cybercriminals have a larger target of victims.
Towards the end of 2021, cases of cybercriminals targeting Mobile Device Management Systems (MDMs) were reported. This is ironic since MDMs are meant to help companies manage company devices in a manner that protects corporate data.
7. Ransomware
Ransomware attacks not only cost companies money, but also they interfere with business operations with the average system downtime after a ransomware attack being 21 days.
Today ransomware is quite sophisticated, widely available, and convenient for hackers. As a matter of fact, you can subscribe to Ransomware-as-a-service (RaaS) providers to deploy ready-made ransomware tools.
In the past, ransomware attacks were executed by experienced and skilled hackers. Now, services like RaaS allow amateurs to deploy ransomware tools to potential targets. Therefore, such attacks are expected to increase this year.
