By: Matt Lindley, COO and CISO of NINJIO
Companies have struggled to cope with surging costs, an extremely tight labor market, a looming recession, and many other issues that have made 2022 a uniquely turbulent and unpredictable year. Likewise, the cyberthreat landscape is undergoing several tectonic shifts, such as the increasing frequency of state-sponsored cyberattacks, the infiltration of supply chains, and the exploitation of a widening array of attack vectors.
While the year ahead will certainly be full of surprises, there are several measures companies can take to defend themselves from cyberattacks, and building a more cyber-aware workforce should be at the top of the list. As we tackle that challenge, here are four major trends that will shape that work in the coming year.
1 – The era of remote work will present new cyberthreats. While many employees have returned to the office, it’s clear that remote and hybrid work will be a permanent feature of the workplace. A recent McKinsey survey found that 87 percent of employees who have the chance to work remotely take it, and they spend an average of three days per week working outside the office.
When employees aren’t in the office, they’re liable to engage in risky behaviors such as using unsecured WiFi without a VPN, leaving work devices unlocked in public places, and clicking on malicious emails. To avoid these risks, companies need to develop a culture of cybersecurity that will lead to sustainable behavioral change whether employees are in the office or not. Companies should also provide clear channels for reporting suspicious incidents. Finally, employees should have all the tools necessary for safe remote work, such as VPN subscriptions, password managers, and devices equipped with multi-factor authentication.
2 – The proliferation of attack vectors will put companies at risk. The average American household has 22 connected devices. Unlike an employee’s laptop or smartphone, many of these devices don’t have built-in security updates, which means sharing a network with them is risky. As the number of IoT devices surges and employees continue working outside the office, cybercriminals will have a huge number of new entry points.
When Rockstar Games was recently hacked, cybercriminals downloaded highly sensitive in-development game footage from the company’s Slack channel and posted it on YouTube. Cybercriminals also used Slack to infiltrate Uber around the same time. These are reminders that cloud-based productivity tools like Slack (which are becoming more common, especially in the remote work era) are prime entry points for hackers, who know how much privileged information is shared on these platforms every day. But it also illustrates a broader point: companies have to know what resources their employees are using, which will allow them to establish clear data sharing guidelines, security protocols, and incident reporting mechanisms.
3 – Supply chains will continue to be major targets. At a time when 93 percent of supply chain executives say they’re planning to make supply chains more resilient, cybersecurity should be one of the most critical elements of this effort. A report by NCC Group found that supply chain cyberattacks increased by 51 percent in the second half of last year, and we should expect to see more attacks in the near future.
Cybercriminals are particularly focused on supply chains because they rely on many complex and interconnected digital systems that can be infiltrated and disrupted. Supply chains are also uniquely susceptible to third-party risk, as lackluster cybersecurity among partners can give cybercriminals back-door access to more secure targets. The supply chain sector is in the middle of a comprehensive digital transformation, which means companies are in the early stages of deploying digital resources to improve visibility, collaboration, and so on. Many cybercriminals view this as an opportunity to exploit digital systems that are still being set up.
4 – The majority of cyberattacks will target human beings. While the cyberthreat landscape is constantly shifting, one constant remains: cybercriminals rely on human error to launch the majority of their attacks. According to the 2022 Verizon Data Breach Investigations Report, 82 percent of breaches over the preceding year involved a human element. This finding has been remarkably consistent over the years, and it’s unlikely to change any time soon.
While digital tools like VPNs and multi-factor authentication play an important role in keeping companies safe, no resource is more valuable than a cyber-aware workforce. This is why cybersecurity education has never been more important. There are several crucial elements of an effective educational platform: engagement, consistency, and relevance. It’s vital for cyber-awareness content to capture employees’ attention, regularly reinforce what they learn, and be applied to keep them safe.
While there are plenty of unknowns as we head into 2023, one thing isn’t in doubt: cybersecurity will be more important than ever.