It’s a sad truth that cyberattacks have become the new norm across public and private sectors. One reason for this proliferation is the lack of detection. The World Economic Forum’s 2020 Global Risk Report stated that only 0.05 percent of cyberattacks in the U.S. are detected or prosecuted. This low rate fuels cybercriminals to find new ways to infiltration your organization. Here’s three to watch for in 2022.
- SaaS Phishing
Phishing has always been a mounting cybersecurity issue. However, with the pandemic’s push to move employees to work remotely, phishing has grown in popularity, especially with SaaS apps running in the cloud.
These SaaS apps can contain confidential information and can be accessed by anyone with the appropriate login credentials. As employees become accustomed to working and interacting with colleagues remotely and over email, phishing becomes a real issue. Cybercriminals are executing “conversation hijacks” where they pose as a fellow employee and engage in light conversations, which ultimately lead to a request for login credentials.
Counter-attack: Two-factor authentication is the best way to hamper a cyberattack on cloud apps, such as online storage services, social media, and software-as-a-service. When researching cloud apps, select reliable, secure cloud providers that offer two-factor authentication.
- Mobile Attacks
Since most e-commerce and software platforms can be accessed via mobile devices, mobile users are being heavily targeted by cybercriminals. Most people use their mobile phones for everything—shopping, banking, food delivery—and then log into software platforms at their place of work with the same device, making it an easy target.
As workers return to the office environment after working from home during the pandemic, cybercriminals will use laptops and mobile devices to infiltrate the office environment. Malware hidden within mobile apps can go undetected and infect office systems when mobile devices are brought back into the office and connected to cloud apps.
Counter-attack: Educate your employees on safe mobile app download practices and never allow phones that have been rooted to access cloud-based software programs.
- Cloud Security
For those businesses that won’t be returning to an office environment in the foreseeable future, cloud security must be a top priority. With the outbreak of the coronavirus, some businesses have relaxed their firewall rules to give access to remote workers. And while cloud services can offer great flexibility and scalability, plus significant cost savings, all of this comes at a price.
Many cloud providers offer security measures that can protect against certain threats, but most are inadequate in protecting your business against serious cybercriminals. And even with adequate security controls, many cloud security breaches are due to misconfiguration of the cloud environment—when the admin fails to set up the security settings properly. In DivvyCloud’s 2020 Cloud Misconfiguration Report, it was estimated that breaches caused by cloud misconfigurations cost enterprises nearly $5 trillion in 2018 and 2019.
Counter-attack: The best way to guard against cloud provider attacks is through Attack Surface Management (ASM). Tools, like ThreatScape, monitor all internet-facing assets, cross-check against aggregated threats, and inform you of potential risks. ThreatScape shows you exactly how a hacker sees your environment and pinpoints the blind spots in your cybersecurity programs.
ThreatScape in Action
Want to see exactly how a hacker sees your own organization? Contact us for a free ThreatScape analysis of your company’s websites, applications, and IP addresses.