When it comes to cybersecurity, it can sometimes be hard to keep track of an ever-evolving landscape.
It seems like hackers and cyber criminals are coming up with increasingly sophisticated ways to intrude on networks to steal data and corrupt systems, leading to catastrophic losses of time, money, information, and damages to reputation that can be nearly impossible to remedy.
The best defense is a good offense, and the best offense is created through knowledge and expertise. So let’s dive into the top seven cybersecurity facts of 2022, and arm ourselves with knowledge.
7. Social Media Hacks are Increasingly Common (200)
Social media is the defining characteristic of Web2.0. With billions of users, many of whom are not sophisticated when it comes to security practices, it’s also the perfect breeding ground for hackers and bad actors.
In fact, hundreds of thousands of Facebook accounts get hacked every day. Social media can be a treasure trove for hackers, giving them unprecedented access to personal information.
There are a few different types of social media hacks to be on the lookout for:
- Like-jacking: this involves placing fake “like” buttons on web pages that can lead to instant malware downloads. Beware pressing the “like” icon on any website that it doesn’t naturally appear on.
- Link-jacking: This is when an innocuous-looking link on social media is redirected to malware links. Only click on links from trusted sources, and make sure you have a browser that prevents you from opening your personal network to dangerous links
- Phishing: people impersonating someone you know in order to attempt to acquire information. This can take the form of people pretending to be long-lost relatives, friend of a friend, someone who knows you only obscurely, and asks for your help. Never engage with or click on a link from anyone you don’t know personally.
6. 99% of computers are vulnerable to exploit kits (software vulnerabilities).
99% of computers run the following software:
- Oracle java: a set of computer software and specifications used for development in a wide variety of computing platforms and attached devices
- Adobe reader: a widely used free and open source program that allows people to read documents saved in Portable Document Format (PDFs)
- Adobe flash: a multimedia software platform that produces and displays texts and graphics used in animations, applications, games, and video players
Even if you don’t know it, it’s almost inevitable that some devices on your network use one or all of these software programs. Because of the ubiquity of these three programs, and the length of time they’ve been dominant in the user marketplace, hackers have been tirelessly working to exploit their vulnerabilities, especially in the case of Adobe Flash.
Exploit kits are toolkits that cybercriminals use to attack these software programs specifically. It works by redirecting legitimate traffic to an exploit server, filtering for victims that meet specific requirements, and then infecting the victim’s computer (and therefore network) with malicious programs like ransomware and viruses. These toolkits make it easier than ever for hackers to invade.
Hackers especially attack out of date software because they have had the time to build specific exploit kits targeted toward that software’s known vulnerabilities, which is why it’s so important to ensure you are updating your software constantly.
5. The weakest link in cybersecurity: people (200)
Regularly updating your software is not the only thing to keep in mind when it comes to cyber crime. If you’re looking for the biggest vulnerability of all, find the nearest mirror.
Human error is the biggest weakness in most secure systems. Whether it’s using weak passwords, clicking on bad links, or using an insecure device, human folly is the most likely variable that will give hackers a chance to invade.
This is because unlike computer programs, people are susceptible to social engineering, the techniques that hackers use to get victims to perform an action that will lead to a system exploit. Common social engineering schemes are perpetrated with the goal of getting a victim to install malware on their own device, reveal sensitive information like passwords and usernames, authorize a malicious program, or make electronic fund transfers.
By now, we all know about the Nigerian Prince Scam, in which a hacker claims to need your help to claim his own vast wealth, for a nominal up-front fee. That was one of the most common early internet scams perpetrated through social engineering, but due to the resiliency and creativity of hackers determined to victimize people, the scams have evolved and are much harder to catch up front. For example, a scam could involve using a near-replica of a trusted email to urgently request sensitive information or gift card codes. By putting a time crunch on people, and tricking them into thinking the communication is from someone they know and trust, scammers have found new ways to exploit people’s emotions and vulnerabilities.
4. Software Supply Chain Attacks are Changing the Game
Software supply chain attacks are increasingly common, and are changing how hackers achieve their ends.
Instead of attacking existing infrastructure and networks, supply chain attacks target software developers and suppliers. By infecting the software before it’s installed, hackers can reach more victims with less work. If software is provided by a trusted vendor, there’s no reason for people who download it to worry that it’s infected, when in fact, the hacker has already planted malware and malicious code that’s just waiting for an install.
This means that hackers are changing their protocol from one to one attacks to one to many attacks. They only need to perform one successful hack (that of the software developer) in order to infect as many computers that download the software, which can be numerous.
The most common sources for these kinds of attacks are commercial software, open-source supply chains, and software preinstalled on foreign devices. The different types of supply chain attacks include:
- Stolen certificates
- Compromised tools or infrastructure
- Preinstalled malware
- Code in firmware
Because supply chain attacks are an evolving threat, it’s more important than ever to understand and keep track of the software you’re injecting into your system.
3. SMBs are Among the Most at Risk for Cyberattacks
While some business owners may believe that their business is too small to be attractive to hackers, they couldn’t be more wrong. Because history shows that many SMBs use free cybersecurity tools meant to protect consumers instead of businesses, hackers are more aware than ever that they are easy targets.
SMBs faced roughly 6,300 attacks per day in 2019, and attacks are on pace to hit between 56,000 and 86,000 per day in 2022. SMBs have a lot of customer information, data, and digital infrastructure that mirrors bigger companies, but also have less security resources. A sophisticated hacker will attack an SMB with the same zest as they would use to attack a big business, with a higher likelihood of success.
In fact, existing vulnerabilities along with the recent increase in supply chain attacks represent an existential threat to SMBs. In the first half of 2021, the average cost of a data breach was over $3.5 million dollars, with the average ransom payout around $100,000. While larger companies could take a hit like that, many SMBs cannot, which is why it’s more important than ever for SMBs to allocate appropriate resources for network security.
2. The FBI is On the Case
While the government can sometimes struggle with the lightning-fast changes happening in the computing world, the FBI is building a dedicated infrastructure to bring cyber criminals to justice. There are now specially trained cyber squads in each of the FBI’s 56 field offices with cyber assistant attachés around the globe.
The Internet Crime Complaint Center (IC3) collects reports of cyber crime, and the FBI now has a 24/7 watch center called CyWatch.
According to the FBI, the most common scams they see are:
- BEC (business email compromise)– one of the most financially damaging crimes
- Identity theft
- Spoofing and phishing
While it would be better to avoid becoming the victim of a cyber crime altogether, it’s good to know that there is a system in place to help recuperate and restore justice.
And Number One: Prevention is the best solution
The most important thing to keep in mind about cybersecurity is that prevention is key. While some software may help you detect a hack, and the FBI may be able to imprison cybercriminals, nothing can help you maintain business continuity, protect your data, and save your business like being prepared.
Is your SMB Safe From Cyber Attacks?
If you’re like one of the many thousands of SMB owners who’s installed a couple free antivirus software applications and called it a day on security, it’s past time to reconsider. There’s virtually no business in the world that is invulnerable from hackers and their increasingly clever and malicious methods of attack.
The best thing you can do for your business, your customers, and your future, is design a robust security plan with the help of an expert. Learn more about how GroupOne can help today, for a safer tomorrow.