THE CYBERSCOTLAND Partnership has identified six cyber threats that it believes could negatively impact businesses in 2022 if they don’t take steps to protect themselves. The Partnership is highlighting the threats now, to help organisations avoid becoming a cyber crime statistic next year.
- Ransomware attacks on the rise: Ransomware attacks have received a lot of media attention over 2020 and 2021, and show no signs of going away. A Sophos report found that 35% of British businesses were hit by ransomware attacks in the past year. To avoid systems being infiltrated by cyber criminals and then being held to ransom for their data, the most basic thing that an organisation can do to mitigate this is to check that their systems – including firewalls and antivirus programmes – are up to date. Regular backups are vital, as is having an offline backup available too: organisations are more likely to get their data back by relying on a recent copy than paying ransom. As a follow up to this, consider becoming Cyber Essentials certified – giving the organisation and its stakeholders reassurance that systems defences are strong.
- How secure is your supply chain? While it’s possible to take steps to reinforce an organisation’s cyber policies, it is often more challenging to gain clarity on the organisations further down the supply chain. Given the rise in cyber attacks and vulnerable nature of organisations due to the pandemic, its vital that, in 2022, steps are taken to clarify an organisation’s position should an attack happen with a partner or supplier. The online nature of business means that “digital supply chains” are becoming larger and more complex, it is becoming increasingly difficult for other businesses in the chain to ensure they are protected when they don’t know what cyber processes and procedures other businesses might have. To be clear on this, there are several scenario-based training programmes on the market including the National Cyber Centre’s Exercise in a Box programme which has a supply chain scenario being run by the Scottish Business Resilience Centre. For those in the public sector, teams can call on the Cyber Security Procurement Support Tool for additional insight.
- Beware mobile malware: Cyber criminals have tapped into our reliance on living digital lives and, next year, expect there to be more news around a rise in mobile malware attacks. Savvy cyber hackers will look for more ways for individuals to download or access cleverly planted malicious software to gain access to private data. To counter this, individuals need to be clear on permissions they grant to download applications onto company owned devices, and should also be mindful of the origin of similar applications being downloaded to personal devices. Completing regular software updates as prescribed by your device vendor will also help to limit widespread issues.
- Hybrid working and Bring Your Own Device: With next year marking the second anniversary of remote working, it may be possible that organisations have not reviewed their cyber policies and training programmes, meaning they have an out-of-date picture of the devices and tools their teams are using. Organisations must conduct a device audit and take action to update or decide if more stringent changes need to be made to reflect where the organisation is now. This audit should consider whether employees are using personal or company devices for work, explore awareness around clicking on suspicious links, and the importance of backing up work on these devices to a secure network.
- Protect your social profiles: From highlighting where we live, work and play, our social profiles tell our story to our various audiences. It is increasingly becoming a solid route for cyber criminals to set up fake profiles to connect with individuals through platforms including LinkedIn, to gain access to personal details to break into organisations. People must be mindful of who they are speaking to – ensuring that no personal details or files are shared with unknown contacts.
- Consider attacks to your IT providers: Attacks on cloud service providers and microservices that organisations use are on the rise. 2021 has seen several large-scale outages on major cloud providers, the most recent being Google Cloud in November 2021. Alongside being mindful of the wider supply chain, organisations need to be prepared should an IT service they rely on suffer a cyber attack or outage. To increase an organisation’s resilience, having a backup service is wise, one that can be dialled up should the outage from the CSP or other IT vendor continue for any length of time. This will limit any broader impact to the business which may also result in governance issues. It is highly recommended that you look for an IT provider that is Cyber Essentials certified. The IT Managed Services directory has over 170 Scottish companies who provide IT Managed Services, and will easily identify those that are both cyber resilient themselves through the Cyber Essentials programme, while also showing providers who offer vital security services.
Jude McCorry, Chair of the CyberScotland Partnership said: “Just last month, the National Cyber Security Centre published its annual report noting a marked increase in cyber related incidents and attacks. As such, the CyberScotland Partnership is calling on organisations to take steps to educate and equip themselves to mitigate the potential impact such areas pose to business operations. Increasing business and operational resilience will be high on the agenda for businesses in 2022. Ignorance about potential cyber attacks is not an option anymore – action must be taken to ensure businesses do not become a statistic.”
More information on resources to protect your organisation from a cyber incident is available online here: https://www.cyberscotland.com/