Companies will face unique cyber security challenges in 2022, ushered in by several factors. First, the 2020 COVID-19 pandemic dramatically shifted the way we work and how cybercriminals operate. We’re still feeling the effects of this shift even as we assume more pre-pandemic working practices. Second, digital adoption has also rapidly accelerated over recent years, further expanding the threat surface and providing attackers with more avenues for exploitation.
One of the best ways to build greater resiliency against cyber-attacks is familiarising yourself with the latest security challenges impacting medium to large UK organisations today.
1. Hybrid working is now the norm
Employees are increasingly encouraged to take advantage of cloud-based tools that allow them to work from anywhere and only come into the office when necessary. While this shift was already taking place in many UK organisations pre-pandemic, it was accelerated massively by the 2020 lockdowns.
Now two years on, both companies and workers are keen to keep a hybrid working approach. Tellingly, more than half of UK workers who currently have the choice between remote or office-based working said they would consider leaving their workplace if the company removed the hybrid option.
While hybrid working has proven benefits, including increased employee productivity and happiness, it comes with specific risks.
Employees using personal devices in workplaces, a practice dubbed ‘bring your own device’ (BYOD), has become commonplace. The BYOD approach offers greater flexibility to workers, increases workforce mobility and allows organisations to cut software licensing costs and hardware spent.
However, it also opens the doors for significant threats. For example, employees may have poorly configured or vulnerable applications installed on their personal devices, which could expose sensitive business data if exploited. Workers may also download various applications and files that could contain malware.
Home WiFi networks and public WiFi networks also continue to pose a significant risk to people working from home. Corporate virtual private networks (VPNs) remain one of the most attractive targets to threat actors and a channel through which to launch wider attacks. To avoid falling victim to this type of attack, companies should focus on making their VPN more secure by leveraging a robust authentication mechanism, enhanced encryption and security protocols.
2. Supply chain attacks could peak in 2022
Supply chain attacks, where a hacker infiltrates your IT environment via an external provider, is becoming increasingly common. As organisations have started to adopt a more rigorous approach to protect their systems from the inside, threat actors have shifted their focus towards softer targets within the supply chain. For example, attackers may choose to target a software, hardware or managed service provider if their security posture is perceived as less robust than their client base. In other words, this type of attack targets the weakest link in a chain of trust. Sadly, supply chain attacks can cause widespread and irreparable damage to both vendor and customer organisations.
Some security experts predict that supply chain attacks will peak in 2022, leaving many businesses wondering what they can do to protect themselves. Luckily, there are several ways to increase your resilience towards supply chain attacks, including establishing a Cyber Supply Chain Risk Management (C-SCRM) program, collaborating closely with suppliers, and extensively vetting vendors before signing contracts.
3. Ransomware attacks on the rise
Ransomware attacks have been making the headlines for the last few years, and the number of incidents continues to rise. According to the UK’s National Cyber Security Centre, the first quarter of 2021 saw three times more ransomware attacks than for the entirety of 2019. Ransomware attacks most commonly start with a phishing email containing malicious attachments. However, some aggressive forms of ransomware exploit security vulnerabilities to infiltrate computers without manipulating the behaviour of employees.
In 2022, UK businesses will need to be vigilant towards ransomware attacks and implement best practices to protect against them. Remember, you should never pay the ransom; there’s no guarantee you will regain access to your data, and you’re more likely to be targeted again in the future.
4. SaaS is a top target for Phishing attacks
Phishing attacks are increasingly targeting Software-as-a-Service (SaaS) services as they continue to surge in popularity. SaaS tools are undoubtedly helpful to many businesses, especially in today’s hybrid working environment, because they offer business solutions to anyone with Internet access.
However, SaaS solutions can pose a significant security threat. For example, if a hacker successfully steals SaaS login credentials during a phishing attack, they have immediate access to the account. Moreover, impersonation becomes more viable when users can authenticate from remote locations. Additionally, obtaining SaaS login credentials is often more straightforward for hackers than other accounts. Why? Because these applications often ask end-users to re-authenticate, a rogue request for login credentials often doesn’t raise suspicion.
5. The cyber security skills shortage
While companies have been aware of the cyber security skills shortage for many years now, the situation continues to worsen in 2022. A recent report found that the UK’s cyber skills shortage has grown by over a third in just the last 12 months. Moreover, the skills shortage is even more profound in the world of Operational Technology (OT) security.
UK companies will find it even more challenging to hire internal, highly skilled information security staff in 2022. However, that doesn’t mean businesses are left powerless and have to fend for themselves. The industry continues to respond to this problem with solutions that help bridge the skills gap. For example, companies are increasingly opting for robust automation tools that perform many of the tasks of IT workers. Additionally, managed cyber security service providers offering virtual CISO services are becoming increasingly popular for companies struggling to fill their cyber security vacancies.
If you would like to discuss our cyber security services and how we can help your organisation be cyber-prepared, feel free to get in touch through our contact form.