Cybercrime is in the 2022 Data Breach and Business Risk Forecast
When it comes to data breach trends, 2021 has been a roller coaster ride. Booming dark web data markets have sent cybercriminals scurrying to snatch large quantities of data from companies in every sector. Cybercriminals have also been making greater use of business relationships in a service specialized era to exploit third party connections that enable them to make a big data score – and they’re only going to step up their efforts in 2022.
Start the new year off on the right foot with this checklist of smart cybersecurity practices. GET IT>>
Cybercrime is Growing & Evolving in 2022
That’s also what the experts at credit bureau Experian think. The company recently identified five areas it believes cybercriminals will find opportunities to exploit in 2022 in the ninth annual edition of its Data Breach Industry Forecast. Experian analysts’ findings reflect the shifts in the way that people and companies do business today, increased online traffic in all areas, and the ongoing impact of the pandemic on cybersecurity. Exploring its five major predictions can help companies gain an edge against developing cybersecurity hazards.
Area 1: Supply Chains and Natural Disasters
It may seem unusual, but the connection between natural disasters, supply chain risk and data theft is not as farfetched as you may initially think. Natural disasters like the COVID-19 pandemic create immediate, seismic shifts in online behavior for businesses and individuals in the affected areas. In the case of COVID-19, the area of effect was the entire world. The advent of the global pandemic caused an immediate cascade effect into security as pandemic lockdowns sent businesses scrambling to get employees working again remotely. During the height of the COVID-19 lockdown cycle, close to 70% of full-time workers worldwide were working from home.
But hastily implemented IT infrastructure and rapid changes in user behavior are recipes for disaster, and every company grappled with them in 2021. The consequences of the rapid transition are only just coming to light. The move to remote work opened up many vulnerabilities in businesses that just weren’t prepared to handle an IT undertaking of such massive proportions, and those problems will only become more acute (and more exploitable) in 2022 and beyond. Upwork estimates that 36.2 million workers or 22% of Americans will be permanently working remotely by the year 2025, an 87% increase from pre-pandemic levels. For knowledge economy workers, that number increases dramatically, with Gartner declaring that by the end of 2021, 51% of all knowledge workers worldwide are expected to be working remotely, up from 27% of knowledge workers in 2019.
Supply chain risk has been a pervasive and growing problem throughout 2021. Cybercriminals have found that they can more easily penetrate security at large companies or obtain huge stores of data by attacking service providers, especially MSPs and data storage or processing firms. VentureBeat reports that 97% of firms have been negatively impacted by a supply chain cybersecurity breach, with 93% admitting that they have suffered a direct cybersecurity breach because of weaknesses in their supply chain.
The Guide to Reducing Insider Risk can help IT pros spot sabotage and other trouble to stop security incidents before they start! GET IT>>
Area 2: Weak Security Woes from Pandemic-Induced Rapid Implemetation & Neglect
At the start of the global pandemic, any organization that wanted to stay afloat had to quickly figure out how to continue operations remotely. That led to a flurry of pandemic-induced technology, policy and practice changes, and many of those choices are now on their way back to haunt the people who made them in the form of weakened security and cyberattacks. From elevated credential compromise risk from blurred lines between work and home online accounts and endemic password recycling (which escalated sharply during the first part of 2020) to unexpected gaps in their security architecture and threat visibility, new vulnerabilities are popping up faster than businesses can handle them.
Of course, most IT departments were unprepared and chronically understaffed. Only 39% of IT executives polled in a staffing survey felt that they have adequate IT expertise on staff to assist employees with remote work issues, and only 45% of organizations reported having enough budget available to address the needs of either their IT team or their remote workforce, especially with skyrocketing rates of both activity and risk.
Can you spot a phishing email? This infographic shows you how to detect one! DOWNLOAD IT>>
At the same time, IT teams were trying to cope with the fact that many employees were dealing with unexpected stress at home, making them more likely to make cybersecurity mistakes like falling for a phishing email. Over 50% of respondents in an employee error detection survey said that they were more error-prone while stressed. More than 55% of workers admitted that they were frequently off-balance when working from home, leading to security blunders – 40% said they made more mistakes when they were tired or distracted. Altogether 43% of the workers surveyed reported that they had made mistakes resulting in cybersecurity repercussions for themselves or their company while working remotely.
One of the biggest vulnerabilities that companies are dealing with in the new remote and hybrid workforce era is the proliferation of phishing attacks at a time when many companies were negligent about security awareness training, and that’s trouble. An astonishing 80% of IT professionals in a recent survey said that their organizations have faced an increase in the volume of phishing attacks that they’re facing in 2021. Unfortunately, more phishing attempts has translated into more phishing attack disasters for many companies. An estimated 74% of respondents in the same survey said that their companies had been successfully phished in the last year.
Does something seem a little suss? You need the infographic 5 Red Flags That Point to a Malicious Insider at Work DOWNLOAD IT>>
Area 3: Online Gambling
Online gambling is increasingly being legalized for sportsbook and similar ventures. The portion of that circumstance that is relevant to businesses is the potential that employee online gambling activities have for credential compromise and phishing. Employees using company devices for online gambling also creates risk, and the line between work and personal devices is very foggy these days. Experian experts caution that increased online gambling by employees could provide an opening for cybercriminals to exploit that could end in a data breach.
Area 4: Cryptocurrency
Cryptocurrency risk became a hot topic in 2021 as the currency gained more traction, and Non-Fungible Tokens 9NFTs) aren’t far behind. Almost 80% of Americans polled in a recent survey were aware of Bitcoin and 32% were aware of Ethereum, two of the biggest brands in the cryptocurrency world. As cryptocurrency is increasingly trafficked, the level of business-imperiling activity surrounding cryptocurrency has also increased, particularly in cryptomining. Almost 70% of organizations worldwide have experienced some level of unsolicited cryptomining in their environments. That creates gaps in security that cybercriminals can easily exploit. Experts also caution that bad actors will also be looking to leverage assets like cryptocurrency and NFTs as a way to steal someone’s identity.
Crybercrime around cryptocurrency in the form of theft is also rising, and that puts business security in danger too. Cybercriminals are targeting businesses that transact cryptocurrency in order to hijack the flow. Businesses are increasingly accepting cryptocurrency as a form of payment, and financial services sector firms are starting to wade not the market. In the U.S. alone 82,135 crimes involving cryptocurrencies such as Bitcoin, Ethereum, and other digital currencies were reported. That’s up more than 24,000% from the 340 reported in 2016, according to a report in Forbes. Overall losses caused by decentralized finance platform (DeFi) hacking have totaled $12 billion so far in 2021, and fraud and theft accounted for $10.5 billion of that sum — a sevenfold increase from 2020.
The Computer Security To-Do Checklist helps keep the bad guys out of businesses and data in! GET IT>>
Area 5: Infrastructure
Infrastructure security has been a widely discussed problem in 2021, especially in the wake of epic infrastructure ransomware disasters like the Colonial Pipeline incident. Experian’s experts expect that problem to grow in 2022. Analysts warn that while in the past cyberattacks have generally sought either disruption or extortion against businesses, in 2022 nation-state and non-state actors will be more frequently targeting the operations of physical infrastructure like electrical grids, dams and transportation networks and through the IT environments of the companies that manage them.
Nation-state cybercriminals are some of the biggest threats to infrastructure targets. The unclassified version of the 2021 Annual Threat Assessment recently released recently by the US intelligence community concluded that “cyber threats from nation-states and their surrogates will remain acute” as countries with nefarious aims “use cyber operations to steal information, influence populations, and damage industry, including physical and digital critical infrastructure.” Ransomware is the preferred weapon of nation-state cybercrime. But other sectors are also at risk for nation-state ransomware attacks. Over 90% of security alerts released by Microsoft about nation-state cyberattacks in 2020 warned of danger against non-governmental or infrastructure targets.
Post-Colonial Pipeline, the US government implemented a bevy of cybersecurity changes and rulemaking designed to prevent ransomware and other damaging cyberattacks against critical infrastructure. Sweeping federal legislation was also introduced and enacted, with fresh funding to finance cybersecurity improvements and major overhauls for many aspects of the country’s infrastructure that may amplify supply chain cybersecurity risk as well as providing cybercriminals with fresh fuel to conduct attacks like BEC to get their hands on some of that free-flowing federal money.
Learn how to ward off the terrifying monsters of cybersecurity to keep systems and data safe in a dangerous world! READ IT IF YOU DARE!>>
Stand Strong Against Rising Risk in 2022
All in all, the data breach and cybercrime landscape for businesses is looking very stormy in 2022, with peril around every corner. Smart organizations will take action now to build cyber resilience in order to mitigate their existing cyberattack risk and reduce their exposure to new risk. ID Agent can help.
Dark Web ID – Don’t let cybercriminals sneak into your network to set up cryptominers, deploy ransomware or steal your data with a compromised credential. Keeping an eye on this area can also quickly root out malicious insiders when you use dark web search to find all of a company’s compromised credentials in minutes. That protection also keeps running to alert you to new credential compromise risks through 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Passly – A major building block of zero trust security, secure identity and access management is the cure for many of the cybersecurity headaches that plague businesses. Multifactor authentication alone adds an extra layer of protection between hackers and your valuable data, stopping 99% of password-based cybercrime. Passly seamlessly integrates with over 1,000 common business applications for no-fuss configuration. Get quick and easy access to SSO applications and passwords with the ability to automatically fill in the blanks for web logins and automated password resets to make everyone’s life a little bit better.
BullPhish ID – Create a strong security culture that boosts a company’s cyber resilience through security awareness training that can be quickly implemented and automated for easy management. A frequently updated library of preloaded phishing kits makes it a snap to make sure employees have been trained to resist the phishing lures they face every day. But they’ll learn about much more than just phishing including ransomware, compliance, password safety, security hygiene and more, giving every employee a solid grounding in cybersecurity pitfalls and best practices.
Don’t wait until these threats knock on your door – contact an ID Agent solutions expert now to see how our digital risk protection solutions can give you the security boost that you need. BOOK A DEMO NOW>>
See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
Book your demo of Dark Web ID, BullPhish ID and Passly now!