What Are Top 5 Cybersecurity Threats for 2022 and How to Prevent Them?
The issue of cybersecurity is as acute as ever and even the tiniest vulnerability may lead to disastrous financial losses for a company. While pilfered user credentials were the most common cause for the data breach in 2021, there are several other critical cybersecurity threats that must be addressed in 2022 and onwards. This article lists the top 5 threats to watch out for and the most efficient ways to deal with them. And as a bonus, we also included OWASP Top 10 for 2022 so make sure to read till the end.
The state of cybersecurity in 2022
In order to predict the state of cybersecurity in 2022, we need to look back at 2021 and see how things were going back then. Spoiler: not so good.
The 2021 year saw the highest average cost of a data breach in 17 years which was US$4.24 million, according to the IBM report. Another beaten record was the amount of ransomware fee demanded by the Sadinokibi ransomware when it comprised Kaseya: the amount was US$70 million.
As for the most popular and biggest cybersecurity threats, they include ransomware, trojans, cryptocurrency investment scams, and phishing. If you need some numbers, phishing was the reason for 36% of the breaches that happened in 2021, and pilfered user credentials caused 20% of the breaches.
All in all, as companies try to reinforce their software, hackers apply equal effort to hack and compromise it. So before listing down ways how one can enhance and improve their cybersecurity environment, it’s important to understand the biggest threats that we face today.
Top 5 cyber security threats for 2022 (and how to prevent them)
Below are the most common and important cybersecurity threats that cause major headaches to companies across the globe. Note that the list is not full and includes only five threats - but there are many more than that to watch out for. We, therefore, recommend thoroughly checking your current cybersecurity environment to ensure it’s well-protected against possible attacks.
Ransomware is considered the biggest cybersecurity threat and costs companies billions of dollars annually. This type of malware encrypts the victim’s files (usually, databases) and the attacker then demands a fee to be paid in order to give access to files back.
And to make things worse, not only is ransomware the biggest threat in 2022 - there is a new form of it that seems to be gaining immense traction. We are talking about triple extortion ransomware. In order to understand it, we need to talk about double extortion first.
Originally, ransomware works as follows: an attacker encrypts the data and demands a ransom fee from the company that owns this data. As a response to such attacks, companies started making backups and training their employees on cybersecurity so hackers came up with double extortion ransomware. This means, not only your data gets encrypted - hackers also threaten to leak it.
Things don’t stop here though: we are now seeing tripe extortion ransomware. In addition to data encryption and exfiltration, there is also a threat of DDoS attacks in case a victim decides to go silent and avoid payment.
How to prevent ransomware:
- Make sure you have a reliable and updated antivirus installed;
- Use only authorized software and apps;
- Verify all third-party services;
- In case of ransomware, isolate infected devices;
- Notify the IT security team immediately.
Now that we’ve mentioned DDoS, it’s time to talk about it in more detail. A distributed denial-of-service attack is aimed at disrupting the work of a service or website by overflooding it with traffic. As a result, a service stops working and an attacker may even request money to stop the attack.
According to the Kaspersky report, the Q3 of 2021saw two new types of DDoS attacks. The first type targets “middleboxes” - security devices located between a client and a server. Examples of these middleboxes are firewalls, NATs, load balancers, or DPI tools. The second type targets any network device and as a result, an attack can take down not only individual servers but the entire network.
How to prevent a DDoS attack:
- Create a DDoS response plan;
- Get server redundancy (i.e. try switching to multiple distributed servers);
- Have many layers of network security;
- Monitor network traffic and try adding more bandwidth;
- Limit network broadcasting between your devices.
You might find this article interesting:
Phishing is another incredibly common form of malware when an attacker tries to obtain sensitive information by acting as a legitimate enquirer. This most often comes in a form of a malicious email that contains a link - and once a user clicks on that link, the sensitive data gets disclosed immediately.
Same as with other cybersecurity threats, phishing does not stand in one place and constantly evolves, adapting to companies' security measures. For example, attackers now deploy machine learning to create more advanced and convincing emails and to increase the chances of victims interacting with them. There is also such thing as spear phishing and whaling: spear phishing is aimed at a particular individual and whaling is aimed at a C-level executive (or a person in a similar position).
How to prevent phishing:
- Install anti-phishing add-ons to your browser;
- Do not disclose information to unsecured sites;
- Learn about what phishing may look like;
- Install all released updates and security patches.
A MITM attack stands for “man-in-the-middle” and implies that an attacker inserts himself between the sender and the receiver of the information. The main goal of the MITM attack is to steal sensitive information (i.e. user credentials) by eavesdropping on the conversation.
There are several types of MITM attacks:
- Email hijacking;
- Online session hijacking;
- Wi-Fi eavesdropping;
- IP spoofing;
- DNS spoofing.
While not the most common, MITM attacks still pose a threat so this threat should not be overlooked.
How to prevent MITM:
- Ensure the security of access points;
- Consider using VPNs for sensitive data;
- Ensure secure internet connections;
- Deploy multi-factor authentication;
- Secure your emails with SSL/TLS.
Last but not least is well-known trojans - a type of malware disguised as legitimate software. While it’s often called a Trojan virus, the name is not quite correct. Viruses can execute themselves while a Trojan can’t and needs a user to execute it. But however you call it, a Trojan is something that can cause serious damage to your system.
There are many types of Trojans, including:
- Backdoor Trojans;
- Banking Trojans;
- DDoS Trojans;
- Trojan IM.
And the list goes on. As for its actions, Trojans can disable an antivirus, download malware, or act as part of the DDoS attack.
How to prevent Trojans:
- Download software only from trusted reputable sources;
- Always install all required updates;
- Never open any emails or messages from an untrusted source;
- Install a strong antivirus.
OWASP Top 10 for 2021
Now that we’ve talked about the main cyber threats, we also need to talk about the most critical security risks. The list is assembled by OWASP - a non-profit foundation that is aimed at improving software security. Every three to four years, the Open Web Application Security Project publishes a document with the biggest web application security risks and provides recommendations on their prevention. You can read the document in detail on the official website - meanwhile, here is a Top 10 list of 2021:
- Broken access control: users get access outside their permissions which may lead to unauthorized information disclosure.
- Cryptographic failures: this risk covers all failures related to cryptography and leads to exposure of sensitive data as a result.
- Injection: indicates a high risk of injection aka an untrusted input into the system.
- Insecure design: OWASP stresses the importance of threat modeling, implementation of secure design patterns, and reference architectures.
- Security misconfigurations: this risk became more critical with years due to the overall shift towards highly configurable software.
- Outdated and vulnerable components: this category covers the issue of developers not paying enough attention to the system components and not updating them regularly.
- Identification and authentication failures: covers failures related to confirmation of one’s identity, authentication, and session management.
- Software and data integrity failures: focuses on code and infrastructure that allow integrity violations and stresses out the necessity of integrity validation.
- Security logging and monitoring failures: without proper logging and monitoring, it’s challenging to spot active breaches so these procedures have to be consistent and regular.
- Server-side request forgery: issues with SSRF happen when an app fetches a remote resource without validating the URL supplied by the user. Developers can prevent this issue from both network and application layers.
For each risk, OWASP provides a pretty good prevention checklist. In addition, you can check out our article on secure coding best practices that provides a comprehensive guide on enhancing your security environment and your system.
We can endlessly talk about the importance of cybersecurity and the possible risks that even the smallest vulnerabilities can bring. It is important to understand that security applies to everyone and that all team members should follow corresponding security guidelines. Hence, as the first step towards better security, incorporate security training and ensure everyone understands and follows the core best practices.
Alex KutskoView all articles by this author.