All businesses regardless of size or industry, need to be aware of the dangers of cybersecurity threats. Cybercriminals are becoming more sophisticated in their techniques used to lure their victims and as a result, exposing vulnerabilities in a company’s infrastructure.
SME owners might think cybercriminals would rather target a larger company. This is far from true. In fact, 43% of cyber-attacks target SMEs and a staggering 60% of them go out of business within six months of falling victim to a data breach or hack.
Cyber security expert and GoldPhish CEO, Dan Thornton unpacks 5 of the biggest cyber security risks that SMEs will face in 2022:
1. Ransomware attacks:
High profile attacks like those against companies like Colonial Pipeline and JBS raised eyebrows in the media, but thousands of smaller businesses suffered at the hands of hackers. Ransomware attacks in 2021 proved to be effective and highly profitable for cyber-attackers. Unless this changes, they will continue to be leading a significant amount of cyber threats for organisations this year.
2. Supply Chain Attacks:
Cyber criminals have realised the potential scalability of a successful attack on a large software vendor – the SolarWinds attack impacted over 18,000 public and private sector organisations. Supply chain attacks rose to prominence in late 2020 with the SolarWinds attack, grew through 2021 including the Kaseya attack, and are likely to continue to be a major threat in 2022.
3. Remote Working Risk:
Two years into the pandemic, many companies are still supporting a mostly or wholly remote workforce, and cloud adoption continues to grow. As cyber criminals continue to take advantage of the vulnerabilities and security gaps caused by this rapid IT transformation, companies struggle to secure their systems and protect corporate and customer data.
4. Cloud Service Attacks:
With increased cloud adoption comes increased scrutiny by cyber threat actors. In 2021, Azure, Google and AWS all suffered from vulnerabilities and security issues. This shows that it is likely that more cloud security issues will be discovered in 2022 and beyond.
5. Mobile Device Risks:
Another impact of the shift to remote work over the last 2 years was the widespread adoption of Bring-Your-Own-Device (BYOD) policies. By allowing employees to work from personal devices, companies may have improved productivity and employee retention but also lost vital security visibility and the ability to respond to infections that threaten corporate systems and solutions. In addition to the emergence of several mobile malware Trojans in recent years, cyber threat actors have also adopted Smishing tactics, sending phishing content over SMS messages rather than email. For the modern business, mobile security needs to be a key part of any corporate cyber security strategy.
SMEs should manage their risks better and get proactive about their own cyber security by backing up their data, protecting their organisations from malware and security breaches, implementing a strong password policy, securing all devices, and running regular security awareness training for all employees. Having a mix of technical, procedural, and human controls in place will make it easier for companies to ward off cyber-attacks.