Top 5 Security Risks Organizations are Facing in 2022
The cybersecurity landscape is changing rapidly, and organizations must understand security risks to proactively mitigate threats to their customers, assets, and reputation. Cybersecurity refers to the actions taken to protect devices, networks, and data from unauthorized access and criminal use. The pandemic, volatile economy, global expansion, and digital acceleration have all increased threats to organizations.
Those with a Master of Science in Cybersecurity develop in-demand technical and soft skills needed to guard against security risks, enhance enterprise cybersecurity, and develop proficiencies in machine learning, data mining, cloud security and more. Learn more about the top security risks organizations face in 2022 and how graduates from an MS in Cybersecurity program can help prevent dangerous threats to their business.
What are the top 5 cybersecurity risks for 2022?
The top cybersecurity risks are changing as quickly as the digital world. For example, cyber threats have increased by 81% since the global pandemic, and 79% of organizations experienced downtime due to cybersecurity risks during peak season. As a result, there is an increasing demand for cybersecurity professionals who can protect an organization’s computer networks, systems, employees, and data.
According to the United States Bureau of Labor Statistics (BLS), the job outlook for information security analysts is projected to grow 33% in the next ten years, much faster than the average for all occupations. Those working in Governance, Risk, and Compliance roles can also help reduce today’s top threats. The following security risks should be top-of-mind for risk management leaders in 2022.
1. Remote Work Threats
As a result of the pandemic, many employees continue to work in remote and hybrid settings. The work-from-home model exposes organizations to even more significant cybersecurity threats because it’s difficult for security leaders and organizations to monitor and protect systems in remote work settings. Reports show that 47% of individuals have fallen for a phishing scam while working at home. For example, cybercriminals are orchestrating cyberattacks on popular video conferencing services. Between February and May 2020, over half a million people were impacted by breaches in which the personal data of video conferencing services were stolen and sold, including usernames and passwords needed to carry out account takeovers.
The Solution:
To minimize the security risk associated with work-from-home settings, risk management leaders must implement employee training and education programs that teach employees to adopt the following cybersecurity best practices:
- Teach employees how to safely store company data while using devices at home.
- Ask employees to communicate with the company’s information technology (IT) and security teams when downloading unvetted software as a service (SaaS) tools or visiting certain websites.
- Encourage teams to avoid using public Wi-Fi without proper security tools or VPNs.
- Instruct teams to avoid leaving devices unattended and unprotected in public places and never sharing login credentials or passwords.
2. Supply Chain Risks
The supply chain refers to an organization's entire network to supply, produce, and distribute products to deliver a specific product to an end consumer. A typical supply chain includes producers, vendors, warehouses, transportation companies, distribution centers, and retailers. A greater network of collaborative companies and steps also introduces a greater number of possible security risks. For example, 66% of supply chain cyberattacks during the pandemic exploited suppliers’ security vulnerabilities to compromise customer data. The organization providing the product to the end consumer is accountable for the supplier’s poor cybersecurity, meaning it’s paramount that risk leaders carefully vet and monitor third-party partners.
The Solution:
Most organizations rely on third-party vendors to help with their supply chain in today's interconnected world. However, organizations must monitor supply chain risks to protect their business from vulnerabilities. Leaders can use the following best practices to reduce supply chain risks:
- Audit vendors and evaluate their security practices and history, including certifications and possible past risk management errors.
- Determine your vendor’s security policies and security tools.
- Request transparency and ask vendors to communicate possible security threats or mistakes immediately.
- Develop a vendor contract to manage possible breaches and oversee possible remediation efforts.
3. Highly Intelligent Ransomware
Ransomware is a type of malicious software, known as malware, that is designed to block access to a computer system until a monetary ransom is paid. In the last several years, ransomware has become a growing industry where highly intelligent and trained cyber criminals hack into sophisticated computer networks to acquire large sums of money. In 2021, 37% of companies were targeted by ransomware, approximately $200,000 was paid on average, and only 8% of companies managed to retrieve their stolen data even after paying the ransom. Ransomware attacks can be expensive and damaging to an organization’s reputation. As a result, it’s essential that companies implement safeguards to proactively protect customer data and trade secrets from being leveraged for nefarious purposes.
The Solution:
Organizations can avoid the majority of ransomware attacks by using basic cybersecurity practices known as “cybersecurity hygiene.” Risk management and compliance leaders can engage in the following steps to evade costly ransomware attacks:
- First, patch up old software and install multi-factor authentication.
- Segment all computer networks so a hacker cannot access all networks if they obtain one set of log-in credentials.
- Hire risk experts or “threat hunters” who can track and thwart groups of cybercriminals.
- Install a security system with advanced capabilities like identifying serious threats and neutralizing attacks as they occur.
4. Malware on Mobile
More internet users are turning to mobile devices to shop online, explore social media, bank, invest, work remotely, and more. As a result, cybercriminals are becoming increasingly inventive at developing new malware for mobile devices. Unfortunately, corporate security training often fails to educate employees about the importance of protecting mobile devices and practicing cybersecurity while logging in from their smartphones or tablets. Reports show that mobile malware is rising, and popular malware includes platforms like FluBot, TeaBot, TangleBot, and BRATA. Many of these types of malware impersonate phone apps and steal log-in credentials. Organizations must modernize their cybersecurity practices to include this common blind spot.
The Solution:
Employee training is the first step to reducing the consequences of mobile malware. In addition to addressing the human side of risk management, leaders can implement the following:
- Install remote management services behind a VPN or into a zero-trust environment.
- Ban employees from downloading pirated software.
- Block employees from visiting certain websites on their work mobile devices.
- Encourage employees to use their work and personal mobile devices separately (restrict work log-ins to a secure work phone).
5. Rapid Shift to the Cloud
Vulnerabilities in the cloud are growing in number and severity, and risk leaders must learn how to respond. For example, IBM reports that cloud vulnerabilities have increased 150% in the last five years. Threat actors exploit improperly configured assets and target organizations that are modernizing their legacy infrastructure. In addition, cybercriminals leverage API configuration and security issues to break into the cloud and even distribute information on the dark web. As a result, organizations pivoting from on-premises infrastructure must amplify security policies and security controls related to cloud computing. Although the cloud has been around for several years, the environment is becoming increasingly complex as data reserves grow every day. As a result, leaders must move fast to migrate to the cloud with the proper security procedures and prepare their IT teams for new threats.
The Solution:
Cloud users can prepare for the future of cloud-related cybersecurity risk and respond to common cloud breaches with the following recommendations and best practices:
- Adopt an open and interconnected security approach that can unite cloud environments in one place.
- Use security platforms with open-source technologies capable of defending a cloud environment.
- Build a risk management culture among teams with a zero-trust philosophy.
- Implement virtual network segmentation to ensure the entire system would not be compromised in the case of a breach.
- Develop internal best practices for auditing, monitoring, and detection for the cloud.
- Hire a threat detection agency and install cloud-native tools and technologies to monitor for malicious activity and reduce the chance of information security risk.
Navigate Security Risk with a Master of Science in Cybersecurity
St. Bonaventure University’s online Master of Science in Cybersecurity will prepare you to protect businesses and individuals from malicious cyberattacks and data breaches. Our cutting-edge curriculum and highly interactive learning model led by expert faculty will help you develop the specific technical and soft skills required of today’s cybersecurity professionals.
The modern coursework bridges the gap between the classroom and the job market so graduates can confidently step into a cybersecurity career or advance their careers. After graduation, you become eligible for advanced roles and roles in growing fields, including Cloud Security, Artificial Intelligence and Machine Learning (AI/ML), and more. In addition, we offer those enrolled in an online Master of Science in Cybersecurity numerous benefits, including the following:
- No GRE/GMAT required
- 100% Online program
- Develop proficiency in Cloud security, Artificial Intelligence and Machine Learning, Secure Software Design, Networking, Data Mining, Penetration Testing, and more.
- Learn to design, implement and assess security solutions that address the Security, Risk, and Compliance requirements of today’s digital businesses.
- Learn from accomplished faculty who bring extensive industry experience from around the globe.
- Gain the confidence to present findings to organizational leaders and prepare to move into managerial and senior leadership roles.
- Build global cybersecurity skills in real-time through our partnerships with leading security research centers.
Learn more about this complex and evolving field with SBU’s Master of Science in Cybersecurity.