Cybercriminals and nation-state actors capitalize on their past successes. They become progressively agile as they exploit current events and new technologies.
Emergent Cyber Threats
Concerns about cyber threats continue to mount. In December 2021, the United States CISA (Cybersecurity and Infrastructure Security Agency) urged critical infrastructure owners and operators to take immediate steps to strengthen their cyber defenses. In addition, the White House National Security Council (NSC) reportedly enacted a new policy requiring FBI and other agencies to quickly determine if cyber threats are national security concerns and report to White House officials within 24 hours.
Though sometimes it appears that cyber threats are beyond our control, threat actors will continue to employ techniques that have proven successful. This requires you to remain alert and act as the first and last line of defense.
Social Engineering: Social Engineering will remain a dominant threat in all forms of phishing. According to Proofpoint researchers, SMiShing attacks doubled in 2021. Up to 98% of texts are opened and most of them are accessed within 3 minutes – making this a reliable method for deployment of mobile malware.
Scammers are increasingly conducting multi-step phishing scams along with becoming better at imitating executives, coworkers, partners, friends, and family members. According to a 2021 IBM Security report, BEC (Business Email Compromise) represented a small fraction of breaches but had an average total cost of over $5 million.
The Identity Theft Resource Center reported that data breaches in 2021 had surpassed previous annual records. Supply chains are vulnerable and present an enormous risk. An initial breach can provide access to information about companies, partners, providers, and customers.
Ransomware Attacks: Ransomware attacks are expected to increase this year. These attacks typically originate outside the United States, require payments in cryptocurrency to avoid tracking, and are increasingly directed at critical industries and organizations.
Smart Devices: The growing number of IoT (Internet of Things) devices contributes to a larger attack surface since many items lack basic security protections and inadvertently provide gateways to secure systems. Artificial Intelligence and Machine Learning technologies are used to quickly analyze a vast amount of data and is utilized to circumvent cyber protection as well as provide cyber defense and detection.
Deepfakes: Deepfake technology will become more sophisticated and will be used to change our views of reality. Sophisticated phishing attacks will trick people into making financial transfers or gain access to confidential data.
Though all 50 states have breach notification laws, appeals for federal legislation have increased. An Executive Order on Improving the Nation’s Cybersecurity was issued in May 2021 but is limited in scope. The National Defense Authorization Act for Fiscal Year 2022 (S.1605) was signed by the President in December and continues to focus on cyber security.