Across all industries, cyberattacks have skyrocketed, resulting in a rise in cyber insurance claims and affected businesses experiencing larger and larger losses. 2021 was a record-breaking year for cybersecurity breaches. According to the Identity Theft Resource Center, the total number of breaches in the first 9 months of 2021 exceeded the total number of events in 2020 by 17%, and show no sign of slowing down anytime soon. The following are current cybersecurity risks & trends to keep an eye on this upcoming year:
Cyber Threats Hiding in QR Codes
Over the past few years, QR codes—scannable barcodes that direct individuals to specific documents or websites—have become increasingly prevalent within organizational settings. For example, restaurants may use QR codes to allow customers to view their menus online, and retailers may use such codes for digital payment purposes.
While the use of QR codes can certainly offer benefits to organizations, cyber experts confirmed that these codes might also pose potential security risks. In recent months, cybercriminals have begun leveraging QR codes to launch phishing attacks against customers and employees.
To execute such attacks, cybercriminals may either manipulate existing QR codes or place fraudulent QR codes within an organization, thus directing any customer or employee who scans these codes to malicious content. From there, cybercriminals may be able to compromise their victims’ devices and gain unauthorized access to their personal data. If employees’ devices are compromised, cybercriminals could also hack their entire organization.
Considering QR code phishing attacks are on the rise, it’s crucial for organizations to perform regular integrity evaluations of their QR codes to ensure they haven’t been manipulated in any way. Also, organizations should train their employees on this phishing technique and encourage them to look out for potentially suspicious codes. To minimize damages if an employee scans a harmful QR code, it’s best for organizations to safeguard their systems with spam blockers and multifactor authentication.
Cybersecurity Trends to Watch in 2022
The past year brought various cybersecurity developments across industry lines. Moving into 2022, these trends have continued to evolve—presenting new and expanding cyber threats for many organizations. As such, it’s vital for organizations to stay informed on these developments and adjust their cybersecurity practices accordingly. Here are some key cyber trends to watch for in 2022:
- Elevated ransomware risks—Ransomware attacks have skyrocketed over the past few years. Such a rise is likely tied to cybercriminals becoming increasingly sophisticated and developing more avenues for launching these attacks (e.g., ransomware-as-a-service and remote desk protocol). According to NetDiligence’s annual cyber claims study, ransomware attacks were the largest driver of cyber insurance claims over the last five years; the average ransom demand rose to $247,000 and the median incident cost reached $352,000. Moving forward, organizations can’t afford to ignore ransomware risks. In particular, these types of attacks should be addressed during employee training and in workplace cybersecurity policies.
- Further foreign threats—In recent years, organizations have encountered a surge in state-sponsored attacks. Although such an attack could victimize any industry, the health care, energy and education sectors are more likely to be targeted due to the nature of their operations. Looking ahead, foreign attackers’ tactics are expected to become more aggressive. With this in mind, organizations need to be aware of the potential for future targeted attacks or other cyber-related losses stemming from political conflicts. Depending on their operations, organizations should evaluate their likelihood of being involved in incidents with state-sponsored threats and adjust their cybersecurity measures as needed.
- Greater emphasis on supply chain safeguards—Several large-scale supply chain cyberattacks took place throughout 2021, impacting major organizations, including Microsoft, Colonial Pipeline and Kaseya. The collective fallout from these incidents has motivated organizations to review their supply chain cybersecurity risks and take steps to minimize their exposures. These steps might include incorporating cybersecurity expectations into vendor contracts, minimizing third parties’ access to organizational data and monitoring suppliers’ compliance with supply chain risk management procedures.
- Increased cyber skills gap challenges—Widespread worker shortages are anticipated to contribute to the labor market’s already significant cyber skills gap. According to the Information Systems Security Association, there are nearly 4 million unfilled cybersecurity positions worldwide. This means that it may become more difficult for organizations to secure qualified IT professionals, potentially threatening their security capabilities. Additionally, employees of all positions may require further training to ensure proper protection against evolving cyberthreats.
Be sure to follow us on LinkedIn and like us on Facebook for more news and industry tips!
Related links: