Ransomware, Phishing Prove Commonplace in Remote, Hybrid Workspaces
Ransomware gangs openly seek insiders to assist them in infecting company networks.
March 9, 2022
![Phishing alert Phishing alert](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt89384a997a93dafc/652433d08db4a00cc3aa284c/Phishing-Alert-3.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Ransomware continues to impact organizations and remains an ongoing concern. As a result, many organizations have matured their backup and recovery approaches over the last few years to recover their data and environments should ransomware break through defenses. This approach has helped affected organizations to avoid paying ransom demands to recover their data. However, ransomware will continue to prevail as one of the greatest risks to businesses.
The cloud helps organizations improve agility through expedited application rollouts, leverage automations and integrations to simplify operations, and ultimately reduce costs to increase revenue. As cloud adoption continues to increase throughout 2022, Secon expects to see an increase in unauthorized access and data breaches due to avoidable security gaps presented by misconfigurations and human error.
The growth in zero-day exploits is likely to become a bigger problem for security operations teams to manage going forward. As a result, Secon expects to see increased adoption of zero trust to help organizations eliminate their attack surface, control access to their data, and prevent lateral movement of threats.
Since it requires little effort for threat actors and an improved click rate, Secon anticipates an increase in the usage of exact domain impersonation phishing emails.
As more organizations move to a DMARC policy of “reject,” we can expect to see an increase in lookalike domain phishing. Due to this, it’s recommended to continue with user awareness training to help users identify these types of emails.
Resource constraints can limit an organization’s ability to reduce risk, detect and respond to cyber threats. Secon expects an increase in the number of organizations outsourcing security operations tasks. Most organizations will outsource for vulnerability management, detection and response to help improve their cyber resilience and enable constrained resources to focus on organizational priorities.
Disgruntled employees and accidental mistakes can cause data breaches. In 2021, the battle for insider threats reached a new level of complexity with reports of ransomware gangs openly seeking insiders to assist them in infecting their company networks in exchange for generous commissions. Secon expects to see an increase in organizations leveraging user and entity behavior analytics (UEBA) solutions to improve their capability in detecting and preventing insider threat activity.
The supply chain remains an attractive target for criminal actors. This places a need for businesses to extend their risk management activities out to their suppliers through 2022 and beyond. Secon expects to see more scrutiny in supplier cybersecurity questionnaires moving forward. Being able to demonstrate solid cybersecurity maturity will start to become a competitive advantage for many organizations.
The European Union Agency for Cybersecurity (ENISA) has stated that strong security protection is no longer enough for organizations when attackers have already shifted their attention to suppliers.
Cyberattacks are expected to play a greater role in global conflicts. With innumerable and untold covert cyber espionage skirmishes launched to grasp sensitive information and peek at government and defense infrastructures, government-funded hacking operations will continue into this year and beyond. Thereby, governments will likely be proposing cybersecurity policies to have counter-measurement capabilities and will continue to educate organizations on improving cybersecurity resilience.
As numerous events start to come back, Secon expects to see more fake news campaigns, troll and bot accounts, and rogue marketing distributed through social networking sites and emails.
Fake news and misinformation aren’t only a problem for the government; fake news is also used to lure victims to malicious websites. Misinformation can be weaponized by adversaries to cause disorder for their own agenda.
In addition, deep fakes are expected to make a greater impact thanks to various apps, web3.0, and AR/VR technologies becoming more mainstream.
More organizations will invest in cybersecurity insurance. Secon expects the process to go beyond a paper-based tick box exercise; an increase in checks and validations will be made by insurers to see how companies address cyber risk and vulnerabilities, along with their detection and response capabilities to minimize impact.
More organizations will invest in cybersecurity insurance. Secon expects the process to go beyond a paper-based tick box exercise; an increase in checks and validations will be made by insurers to see how companies address cyber risk and vulnerabilities, along with their detection and response capabilities to minimize impact.
This year has proven to be another eventful one full of vulnerability exploits, account takeover attacks, phishing and ransomware. Part of this vulnerability is attributed to the rise in remote and hybrid work, according to London-based cybersecurity group Secon Cyber. The work-life shift means that businesses need to continue to be vigilant to address the multiple vulnerabilities that still linger.
Secon’s Andrew Gogarty
Andrew Gogarty is chief security evangelist at Secon.
“Over the last two years, organizations have quickly pivoted to remote working,” Gogarty said. “They have accelerated cloud adoption to support business continuity during the global pandemic. This anywhere access to business-critical data resulted in security gaps and created challenges in maintaining effective cybersecurity.”
He added that there are 10 core security risks businesses need to address throughout the year and beyond. See the slideshow above to review all 10, which include the ever-present ransomware and phishing. Accordingly, Secon Cyber has developed a report that investigates those threats in detail. It will give any IT department or CISO the vital armor needed against the cybercriminals, the company said.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Claudia Adrien or connect with her on LinkedIn. |
About the Author(s)
You May Also Like