Adopting structured cyber security strategies needs to be a priority for businesses as we enter 2022. The increasing frequency and complexity of cyber attacks exposes companies to financially impeding and brand-damaging repercussions, with new tools and tactics evolving frequently.
Today we are going to discuss prevalent cyber security issues of 2021, the importance of training your workforce, and how to mitigate risk and stay secure in 2022.
Visit the TryHackMe newsroom to learn more about cyber security, threats, and mitigation methods.
Cyber security in 2021
2021 has presented some recurring themes and threats. As the landscape continues to evolve, let’s consider some of the notable metrics from the previous year.
According to Security Navigator, small businesses reported 17% of cyber attacks, citing malware as the highest recurrence. Medium-sized companies experienced 30% of attacks, primarily facing network and application anomalies. Unsurprisingly, large businesses faced the highest proportion of attacks, with malware again the most common threat. Attacks as a whole increased by 18% compared with 2020.
Human error has been a prevalent issue in 2021. As the move to remote working is consistent worldwide, hackers are taking advantage of unsecure networks, lack of monitoring, and unsuspecting employees.
Ransomware attacks increased. Ransomware attacks occur every 11 seconds (Cybercrime magazine,) and there are set to be over 700 million attacks by the end of the year. One of the most prominent attacks of the year was faced by JBS – a meat supplier based in the US. In May 2021, JBS was forced to halt operations across five of its largest plants due to a ransomware attack. JBS paid the cyber criminals a USD 11 million ransom to prevent further disruption.
A recent issue in 2021 – which has been dubbed as a critical risk to the entire internet – is log4j. The log4j vulnerability (CVE-2021-44228) has exposed some of the most substantial applications to attack across the internet, with companies racing to patch and mitigate damages. Exploitation of the java-based logging framework has enabled hackers to instal crypto miners, steal credentials and system data, and tunnel deeper into compromised networks, allowing for weaponisation. Experts believe the true extent of this flaw is still underway.
The importance of training your workforce
Almost all cyber attacks share a key causing factor – human error. An IBM report suggested that human error contributed to 95% of successful breach cases, with CISOs across the world in proportionate agreement. At this stark level, human error has been dubbed the largest cyber vulnerability – yet is an area of the cyber landscape many companies deprioritise.
Most human error branches from improper training or lack of awareness. These actions can lead to security breaches and present themselves in a range of recurring mistakes – failure to update systems, weak passwords, and falling victim to scams – to name a few. Whilst most businesses use some form of security software, protection can only go as far as the workforce utilises the systems. Cyber criminals often gain access to data through people – who act as an open door through complex security systems.
There are two considerations to training your workforce – hiring an appropriately sized cyber security team for the needs and breadth of your organisation, along with ensuring every member of the workforce has an understanding of the threats and mitigation methods. Departments such as IT teams and job positions relying on software and technology heavily also often benefit from a more in-depth level of training.
Actions to stay secure in 2022
There are a few general rules businesses should adopt when addressing cyber security concerns:
Training your team is the best way to ensure your workforce can act as a line of defence against a multitude of threats. TryHackMe is a cyber security training platform offering free and premium labs to upskill in cyber security – suited to the complete beginner through to the seasoned hacker. They are launching cyber awareness training, which proves to be a brilliant base for forming cyber culture within teams, with engaging, interactive training. The training will address common attacks, detection, and how to mitigate them; covering phishing, browsing safely, passwords and 2FA, a dive into malware/ransomware, firewalls, VPNs, and the importance of backups and updates. The business dashboard allows managers to monitor progress across staff, and adapt any training pathways to be relevant to the company.
Access control – The workforce should only have access to the software, data, and documents needed for their job role. Ensuring the level of access is as concise and relevant as possible decreases the breadth of a potential breach.
Ensure software is regularly updated and patched – Some of the most notable cyber attacks in history have come from a lack of updating software, such as 2017 Wannacry ransomware attack, where approximately 230,000 devices across 150 countries were affected.
Avoid weak passwords – While this often seems like a given action, studies have shown that many employees still use basic passwords. Employees need to be made aware of this prominence of this.
Adopt security tools – Although not preventing all attack possibilities, security tools are integral to the line of defence. Security information and event management (SIEM) tools; technologies used to detect threats, compliance, and security incident management by analysing data sources and security events can aid the workforce. Using a set of understandable tools employees enjoy utilising helps arm teams for attacks.