In today’s world, more and more of us are living a lot of our lives online and the same can very much be said for businesses. From the ease of payment over secure internet systems to shopping online or even simply storing stock information or other data, we utilise our computers and online worlds in unique and often helpful ways that make doing business easier. However, with the abundance of new technologies comes a new risk to consider – cybersecurity. With 39% of businesses reporting cyberattacks so far this year, ranging from phishing attempts to malware or ransomware, it’s more important now than ever before to ensure that you have the right security and business insurance in place to protect your business.
To help you get started, we’ve compiled a list of some of the biggest cyber security challenges to consider this year, so you can properly protect yourself and your business in the coming months.
Increase in Attacks
Just like in business, cybercriminals will take a technique or approach that has proved profitable, and will focus their efforts on widening its reach. For businesses, this means that every year, cyber-attacks become more intelligent and can often spread faster or more effectively than the year before. In 2021, the total number of attacks grew by 50% compared to the previous year and 2022 is looking to be very much on the same kind of growing trend. After just over two years of hardships, more and more businesses are relying heavily on the internet and automation in areas they may not have before, which has left a door wide open for cybercriminals to take full advantage of any weaknesses or to refine their approach.
Social engineering is a tactic that hackers and cybercriminals have used since the very beginning, and for one simple reason – it relies on human interaction. Human error is far more common and often far easier to engineer than technical vulnerabilities and for this reason, is often considered to be more dangerous. When cybercriminals work on social weaknesses, whether that’s an ongoing issue such as COVID, or by targeting emotional weaknesses and generating panic, such as by mimicking calls from banks and other systems, it becomes easy to catch someone unawares and engineer a breach of security. 2022 is likely to see an ongoing increase in social engineering situations, such as phishing calls or emails, impersonation and more.
Supply chain attacks refer to attacks made by threat actors who will target and compromise third-party providers in order to gain access to larger organisations. This access then provides them with the ability to spread through each of the organisation’s services and products, compromising most of, if not all of their customers and data. With more and more businesses now operating heavily online for their supply chains, with sophisticated and interconnected systems at the heart, cybercriminals can break into systems more effectively than ever before. We can expect to see larger attacks in 2022, with many organisations falling prey simply because they don’t have as much control or visibility with their third-party providers. As a business, bringing in several layers of security, rather than relying on a single provider can help to slow down or stop these attacks, but it’s important to keep on top of management to ensure things are caught as early as possible.
The Cloud is undoubtedly one of the most innovative and useful systems available and as more and more people have opted to work from home and businesses have moved much of their work online, some companies could have their whole infrastructure hosted in a cloud. While technologies are constantly evolving and updating, this can lead to security gaps and cybercriminals can exploit these gaps and vulnerabilities for their own gain. This risks putting all cloud-based assets in the firing line. 2022 could see heavy targeting on cloud consoles, container exploitation and even hybrid or multi-cloud attacks. Having the right security in place, as well as the right business insurance policies to cover any legal fees in the case of compromised data can help to protect your business and provide funds from which you can re-build your business or assets following an attack.
Human error and behaviour are often the biggest risk factors when it comes to cyber crime, and not properly handling your ‘cyber hygiene’ could become a significant issue in the coming months. Cyber hygiene refers to the act of practising good habits online and when using technology, including everything from multi-factor authentication, to implementing safeguarding tools such as VPNs. There are surprisingly few businesses that utilise something as simple as two-factor authentication. It’s suggested that more than half of IT professionals don’t use this system, or would only change passwords after a security breach. With the rise in home working, businesses face their employees using unprotected Wi-Fi networks, keeping their passwords written down or stored in a document on their computer, or simply having their devices stolen when working away from their home. Encouraging good cyber security amongst employees can really help to improve your business’ overall cyber hygiene.
A rise in popularity of cryptocurrencies and the pressure of the cost of living has sent ransomware attacks and their ransom demands skyrocketing. The average ransom fee in America, for example, was at $5,000 in 2018 but rose to $200,000 in 2020. The UK has seen similar trends and these are only expected to become more and more expensive and harder to trace. While many businesses have a policy of not paying these ransoms, it can still keep a business offline for days, sometimes even weeks, meaning that income and revenue are lost as a result.
Ransomware attacks are undoubtedly some of the most expensive and disruptive attacks around and unfortunately aren’t set to slow down anytime soon. Ransomware is not only growing more refined and sophisticated, but it is also becoming more widely available to hackers worldwide, with some viruses even being provided a service to people that may otherwise not have had the knowledge to build one themselves.
Cyber security is a serious issue, and while every care should be taken to keep your business and its data secure, having a good insurance policy in place can help to protect you financially too. If you have an existing policy but aren’t sure if cyberattacks are covered, or you want to renew your existing business insurance policy with cyber protection included, we are here to help. Simply get in touch with the team at Ashburnham Insurance for more information or to apply for a quote.