In the last edition of the DatCom Business Briefing, we offered a look back at 2022 in terms of business technology and workplace trends. This week, we report on cybersecurity issues from 2022 going into the new year.
In our research, we discovered some interesting trends that surprised us. And we have some great news for business leaders looking to protect their company from online threats.
Cybersecurity info is overwhelming, and many business owners feel like they are unprepared for malicious online attacks. We understand. So we’re going to keep this simple.
As a business leader, you should focus on protecting your data against 3 general categories of threats.
- Intercepting network traffic
- Social cyberthreats
Cybercriminals often overlap them, but understanding these 3 categories will help you decide how to best protect your business.
Malware Statistics for 2022
Malware is malicious software used to disrupt computer systems and continues to evolve rapidly. There are many types of malware. You’ve heard the names before:
Virus. Ransomware. Trojan. Worm. Bad actors create about 30 billion new pieces of malware every year. It could come in the form of a suspicious executable file attached to an email. Fileless malware could be just a few lines of code embedded in a legitimate document. The purpose of most malware is to steal information for criminal purposes or to make money by holding systems hostage until the victim pays the attacker.
Cybersecurity experts believed that malware attacks would skyrocket in 2020 because of the pandemic. To our surprise, malware attacks peaked in 2018 and began to decline for several years, as you can see in the figure below.
But wait, what about the second half of 2022?
Recent reports show the number of malware attacks reached pre-pandemic levels this year.
So, why was there a lull in malware in 2019-21 and what does it mean?
Attackers focused on fewer targets in 2020 for a bigger impact and payout. With healthcare, education, and supply chains in disarray, hackers focused on major targets such as hospitals, pipelines, and major school districts. Criminals seeking big scores in a time of crisis.
Never forget that IT security is a tug-of-war, cat-and-mouse game where tactics change. Battles are won and lost, but the war is never over.
Despite security measures, criminals are still creating malware to make money. In 2022, they shifted their focus to juicy targets. But we also saw an 888% spike in fileless malware. There were fewer distinct payloads marking out a clear tactical shift.
And that means you can’t afford to fall asleep on future malware threats.
Protecting Your Business from Malware
Protecting your business networks from malware is as important as ever. Anti-virus software, network firewalls, and strong digital hygiene will make a difference. However, it’s critical to understand the difference in quality between solutions.
Anyone can provide antivirus software that will detect 99% of malware. But detection is not the same thing as 100% protection and prevention.
Most commercial software merely detects malware signatures the IT security community knows about. It’s also pretty good at detecting malware that is already on your network and spreading. But if the threat is completely new, your ordinary antivirus won’t know about it until it’s too late.
This is where it’s critical to invest in a solution that:
- Isolates any unknown or suspicious network activity.
- Doesn’t interfere with business processes.
- Can clean infected files you can’t afford to lose.
- Provides 100% protection from malware.
At DatCom, we use a layered threat management solution that does all this and more.
In fact, the firewalls we source for our clients have a unique, patented system for relaying threat information from other companies using the same firewalls worldwide. In the fight against malware, it’s like having a community watch in effect. With DatCom, you join the fight against cybercrime endangering our important public institutions.
Intercepting Network Traffic
This cyber threat occurs when someone eavesdrops on communications between you and others online. It could be because the website you’re visiting is unsecured. It could be because you’ve been working away from the office on an unsecured public network.
This type of attack is often called a Machine-in-the-middle (MitM) attack because another computer is coming between your device and the device your machine is talking to. MitM attacks can steal sensitive information, alter your intended communication, or introduce malware to your devices and networks.
Business owners faced with questions from their employees about using their own devices or working from public Wi-Fi need to be aware of these threats. Using a virtual private network (VPN) with encryption can protect you when working from home or while traveling. Using email encryption will also protect you from this kind of attack.
DatCom provides consultations to companies that fit snugly and maximize business efficiency. There’s no one size fits all cybersecurity solution. Read on to find out why.
Most cyber threats rely on social engineering. Bad actors count on human error, human weakness, and lack of training to steal login credentials or scam people out of their money. Socially engineered cyber threats are extremely broad and constantly evolving to utilize established lines of communication such as email or telephone as well as newer forms such as social media. These threats also include the malpractice of people who use weak passwords or security questions.
One particularly potent attack is phishing. 91% of all cyberattacks are initiated by a phishing email. Posing as a legitimate party, the attacker attempts to convince the unwary victim to give out their account information. Phishing takes advantage of the fact that people want to help or please others. Without training, many of your employees will have a lapse of judgment that allows your sensitive data to fall into the wrong hands.
One way to prevent this is to require the use of 2-factor authentication where the user must use a secondary method for proving they are an authorized user. Users can set up 2-factor authentication using a mobile phone or email address. It’s important to give genuine users a bit of flexibility in this area because they might misplace or damage their phones.
Since social cyber threats are so effective, training is critical. Yet any amount of training will be less effective without competent technology leadership.
You’re busy and concerned about your business. You don’t want to spend precious hours delving into the ins and outs of cybersecurity. Companies hire Chief Information Officers for a reason. But most small businesses won’t be hiring a top-tier tech leader anytime soon.
DatCom’s technicians have decades of experience.
The Biggest Cyberthreat of 2023 and Beyond
What’s the greatest cyber threat looming over your business in the years to come?
You might be surprised to find that it’s a problem you’re already familiar with. It’s a pain point that we know you can relate to.
There’s something about your business that makes it unique and truly valuable. Your business is a worthwhile struggle to grace the world with your strengths. You’re humble enough to know that there will always be someone with more experience. Nevertheless, you strive with integrity to be better than the rest.
And you’re pretty sure that there are competitors who aren’t playing by the same rules. It’s not only cybercriminals. It’s also snake oil salesmen and disrupters in your industry who play the angles you refuse to leverage. Because of your wisdom and determination to do whatever is right.
The exact same problem runs rampant in cybersecurity. Achieving even average results in managing business technology is… not easy. And yet thousands of enthusiastic newcomers will flood you with promises and prices that look extremely appealing.
But here’s the deal:
This service sector is nowhere near other professional services in terms of standardization and regulation. If 2 lawyers of equal standing are competing for clients, and one of them has a better commercial. Great! But at least people won’t suffer from non-professional service.
A looming problem in cybersecurity is the skills gap between true technology professionals and inexperienced newcomers. Most small businesses have a significant tech skills gap. Furthermore, over 70% of organizations have insufficient cybersecurity teams.
And there aren’t as many protections for your business when it comes to cybersecurity. Leaving you vulnerable unless you make the right choice to bridge the gap with true professional service.
Smart cybercriminals will target IT providers with fewer years of experience because they have a profile of vulnerable clients to exploit.
DatCom’s top technicians have a combined 77 years of experience. We have owned multiple successful technology firms and worked in Enterprise corporations at a very high level of IT expertise.