Top Tips to Protect Your Organization Against the Biggest Security Threats of 2022

The U.S. Cybersecurity and Infrastructure Agency (CISA) kicked off 2022 with a slew of emergency directives to warn against emerging threats like exploitation of Windows vulnerabilities, supply chain code flaws, and open-source software vulnerabilities. The threat from phishing, QR code scams, and network intrusion attacks will also peak this year. Let’s look at some useful tips for businesses to defend against such threats as they prepare for the year ahead.

From the Colonial Pipeline compromise to attacks on DoD contractors and threats designed to take Internet services offline, malicious actors are making the most of the worldwide shift to remote and hybrid work. Consider recent healthcare sector data: The HIPAA breach reporting tool recorded more than 700 significant breaches across the U.S. in 2021 alone as organizations grappled with the parallel problems of pandemic pressures and data protection.

New Year, Same Threats?

If it’s not broken, don’t fix it. This seems to be the expected approach for attackers in 2022 — why change compromise vectors if they still work as intended? As a result, companies will likely see a mixture of familiar frameworks and new techniques as hackers look to find the ideal balance between brute force and subtle security breaches.

For example, companies should expect a continued rise in ransomware attacks. Given the potentially disastrous outcomes, if critical systems are suddenly taken offline, many organizations now opt to simply shut down networks, pay up, and hope attackers will live up to their word rather than taking their chances with lost or destroyed data.

Business email compromise (BEC) attacks also remain popular. According to Ciaran Rafferty, managing director of Email Business at HelpSystems, “the challenge that business email compromise (BEC) attacks present to organizations shouldn’t be underestimated. An Agari by HelpSystems report earlier this year found that BEC attacks were the costliest for organizations, and that BEC scammers’ transfer requests are increasing.”

As noted by Magni Sigurðsson, senior manager of Detection Technologies at Cyren, meanwhile, novel attacks such as those leveraging QR codes are becoming more common. “QR codes are particularly appealing for cybercriminals who look to use them as part of their phishing campaigns,” says Sigurðsson, “as they negate the need to include URLs or attachments that might get intercepted when scanned by the email gateway, meaning the attackers are much less likely to be detected. QR codes, being mobile-friendly, also increase the odds that an unsuspecting victim will follow the malicious URL using a personal or otherwise unsecured device.”

See More: What Is Cyber Threat? Definition, Types, Hunting, Best Practices, and Examples

Four Tips to Protect a Remote-Hybrid Workforce

Security is not a one-size-fits-all deal — what works for your organization may not be ideal for another. Moreover, what works for your organization today, may not be relevant a couple of years down the line. Standardization is also a challenge as risk tolerance for one company may far exceed that of another, depending on the type of data they store and the nature of compliance regulations applicable to their industry.

While this precludes creating a comprehensive approach capable of defeating any security threat, evolving defensive strategies provide ways to boost overall protection.

Embrace Zero Trust

Zero trust is the idea that trust is earned, not assumed. In practice, this means deploying security controls that consider any resource or access requests as potentially hostile until proven otherwise. Digital authentication and behavioral analysis tools can help organizations identify legitimate users and refuse access to potential attackers.

But as Joseph Carson, chief security scientist at ThycoticCentrify, notes, “this approach isn’t fire-and-forget. As companies start looking into what Zero Trust really is, it becomes apparent that it is not a single solution you purchase and install or a task you check as complete.  Zero Trust is a journey and a mindset on how you wish to operate your business in a secure way.  You don’t become Zero Trust – you practice a Zero Trust mindset.”

Prioritize Identity Management

Digital identities are now the frontlines of effective data defense. Why? Because according to Carson, identity is “one of the artifacts that organizations can still control. This means access has become the new security control for the organization’s perimeter. In 2022, businesses must get back in control by making Identity and Access Security a top priority. Privileged access has become the digital polygraph test to verify that identities are authentic before enabling authorization to resources.”

Opt for Multi-factor Authentication

Single-factor authentication — such as username and password combinations — offers some protection against attacks but is naturally limited in efficacy since malicious actors can leverage techniques such as brute-force attacks or social engineering to obtain user credentials.

As a result, it’s worth opting for two- or multi-factor authentication (2FA or MFA) to boost overall protection. Effective implementation of MFA requires the combination of two or more authentication “factors” to verify user identity.

Passwords and usernames leverage the factor of knowledge — this information is something users know. Many two-factor authentication systems implement the factor of possession, or something users have. This might be a one-time SMS or authenticator app code or could take the form of a USB token that must be connected to verify identity. The last factor is the user and typically refers to biometric security measures. These may include facial or fingerprint scans provided at the time of login to prove identity. By using two or more of these factors, companies can significantly decrease their risk of compromise.

Build Security In-to-Out

Effective security starts with your biggest potential threat: Employees. In most cases, insider threats aren’t purposeful; well-crafted phishing attacks may trick staff, may accidentally post critical information on social media, or may share login details with colleagues to help projects get done faster. However, these unintentional actions can lead to external compromise and leave companies hard-pressed to discover what happened, when, and where.

The result? Effective security starts at home. From regular staff education and review to security evaluations that include mock phishing and ransomware attacks, better defense begins by creating a shared responsibility model across your organization.

See More: Cyber Threat Analyst: Key Job Skills and Expected Salary

Keep it Secret, Keep it Safe

No defense is entirely foolproof against evolving cyberattacks. From repurposing old techniques to creating new compromise approaches, attackers have the advantage of surprise, putting businesses on the back foot when it comes to keeping data safe.

However, it is not all bad news. By taking steps to enhance access, authentication, and identity requirements — and building defensive frameworks from the inside out for maximum impact — businesses can reduce their risk of compromise in 2022.

What other strategies could help boost protection against emerging cybersecurity threats? Let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!