News
Cyber-attacks will continue to target well-known weaknesses
November 2021 by Jon Fielding, Apricorn’s managing director EMEA
Criminals will exploit ‘tried and tested’ vulnerabilities, such as unpatched systems, unchanged default passwords and unencrypted data. They’ll also continue taking advantage of inadequate access controls that make data freely available to employees and third party suppliers who don’t truly need it.
Attackers will specifically target employees who are working remotely, often using social engineering techniques such as phishing emails to take advantage of the fact that security awareness is generally found to be lower in the home environment.
Ransomware will become the technique of choice now that organised crime is involved and it can be easily monetised.
Companies will need to urgently improve security awareness and accountability of their employees, educating them in the changing risks associated with remote and hybrid working, and how control them. This means training the workforce in security policies and the proper use of security tools and technologies. But employees also need to understand the ‘why’, as well as the ‘what’ and ‘how’: the specific threats facing the organisation, and the role they need to play in mitigating them.
We expect to see a continued increase in the use of data encryption, which will keep information secure whatever happens around it. Mandating the encryption of all corporate data as standard policy also provides the ability to demonstrate transparency and due diligence in the event of a breach.
Backup strategies will take priority.
This year, companies have comprehensively bought in to the need to hold an offsite copy of their data, which is a really positive thing. A solid backup strategy is an essential part of cyber-resilience, which took centre stage in 2021 as organisations recognised that however well they protect their data, a breach can never be off the cards.
Many have chosen to back information up in the cloud – but in 2022 we’ll see more instances of data being compromised, stolen or lost as a consequence of relying on cloud storage alone.
The cloud offers a convenient and cost-effective way of storing information. It’s also ‘low maintenance’, with providers taking care of tasks such as updates and patching. However, this devolution of responsibility also creates risk: when you sign the contract, you’re also signing over the control you have over your data’s security. If this is your only backup location this creates a single point of failure in the event of a cyber-attack, employee error or tech failure.
