Responsible Cyber’s official mascot, CyberDan
Cyber buzzwords of 2021; lexicon you need in 2022 to be cyber aware
(Public Service Alert: We are offering a freebie near the end of this article)
Lead writer: Shareen Song, Responsible Cyber
Contributor: Magda Chelly, and Wen Sin Lim, Responsible Cyber
2022 promises to be another bounty-full year for those in the business of cybercrime… unless we collectively improve our cyber resilience.
Even for those of us who will not consider ourselves to be in the cyber know, it would be impossible to leave behind 2021 without a few more words in our lexicon unless we protected ourselves from the headlines in the same way we safe-distanced while the Delta variant went on its deadly rampage.
Moving forward, basic cybersecurity needs to be common knowledge so that we have better odds at turning the tide as a cyber-aware population. Responsible Cyber is here to share our pick of cyber buzzwords that made headlines in 2021 that you will no doubt encounter more of in 2022:
Ransomware and Malware
Ransomware is a subset of malware (malicious software). Usually delivered over a network, with files or lines of code you will not want on your system because they are never well-intentioned. They commit malicious deeds as their maker commands — from infecting and exploring files to holding sensitive information hostage and incapacitating entire networks — until the ransom is paid. JBS Foods (world’s largest meat supplier) and the Colonial Pipeline (an American oil pipeline system that supplies most of Southeastern United States) are two of many high-profile companies that became victims of cyber attacks in 2021 with jaw-dropping ransoms ranging from under USD10M to USD100M [‘Bad Rabbit and Me’].
2021 has also been hailed as a record-breaking year for data breaches, which occurs when sensitive, protected or confidential information is copied, transmitted, viewed, stolen or used by an individual who has no authorization to access to this information. While they are less likely to bring an organization to an operational standstill, data breaches can cost a pretty penny as the loss of clients’ PII (Personally Identifiable Information) has the potential to induce an overall lack of consumer confidence that could substantially harm the business in addition of penalties and fines. Financially, direct costs (such as remediation and investigation, reputational damages amongst others) and indirect costs (providing credit monitoring to victims of compromised data, etc.) need to be addressed.
More worrying for individuals is that research conducted by the Identity Theft Resource Center (ITRC) has indicated an increase in lack of transparency in breach notices especially atorganization level. The discovery of data breaches at Facebook and LinkedIn where personal information of 553M and 700M account holders were leaked (in just two out of almost 1300 events reported from January to September 2021) points to the sobering likelihood that the average person who regularly uses the internet has had some form of his/her personal information leaked. Even non-internet heavy or cautious users are not spared; organisations (such as healthcare facilities or government bodies) which have PII stored their systems are prime data breach targets.
It is not excessive to conclude that everyone should assume that some form of their PII is currently available somewhere within reach of threat actors to mine, assess or benefit for cybercrime.
… has nothing to do with putting fresh seafood on the dinner table though interestingly, the term may have been derived from ‘fishing.’ the letter ‘f’ was replaced with ‘ph’ (they were originally known as ‘phreaks’). And, phishing is defined as a type of social engineering attack used to ‘fish for’ or steal PII or other confidential information.
According to a 2020 press release by Deloitte, ‘91% of all cyberattacks begin with a phishing email to an unexpected victim’. Therefore, it would behoove firms to ensure their employees are well informed and trained on how to identify phishing emails and the precautions their team can take from falling prey to these attempts. While there are many methods of ‘phishing,’ the most common is an email that is constructed to appear a legitimate organization sent ‘en masse to individuals in an attempt to steal sensitive information or trick the victim into clicking on an attached malware/ransomware file to be installed on their device.
Internet of Things (IoT) refers to physical devices (anything from lights and thermostats to remote medical equipment and cars) embedded with sensors, software, and other technologies that connecthem to the internet. If not secured properly, IoT devices become vulnerable to cyberattacks. According to Ericcson, there will be 29 billion connected devices by 2022; McKinsey Digital estimates that 127 devices will connect to the internet for the first time every second. As IoT devices grow exponentially in numbers, they are also getting more sophisticated — many organizations and governments are now developing ‘digital twins’ (comprehensive digital simulations of entire systems/businesses or even cities), each a motherlode of data and access points for those with unholy intentions.
According to a report by TechRepublic, IoT device attacks doubled in the first half of 2021, with smart homes (where devices generally have lower security thresholds than network-connected computers) being most vulnerable to ransomware attacks. Malicious hackers or cyber-criminals are using connected appliances as a means of gaining access to computers and phones where valuable data could be stored … yes, if it’s not feeling secure, your smart coffee machine could potentially provide a cyber thug access to your mobile and all its secrets.
Cybercrime attempts will skyrocket in 2022. Aside from targeted attacks to corporate systems for huge ransoms, everyone who uses the internet will surely be confronted with phishing emails trying to trick them to divulge sensitive data, containing malware or with links to dubious sites. To not fall victim to an attack, organizations and individuals must be aware of their cyber risk and adopt risk mitigation practices.
Cyber risk refers to the possibility of harmful consequences such as financial/reputational losses resulting from failures in information systems, loss or theft of data due to cybercrime or technical factors. Cyber risk does not refer or define threats like malware or ransomware, but the potential negative consequences when the threat occurs, and leads to a cyber attack.
From an organizational standpoint, such risks must be quantified in monetary terms,used to weigh in and decide on appropriate mitigation actions. These risks can only be managed and reduced but not eradicated. No silver bullet will offer 100% cyber immunity as the threat landscape is constantly evolving, and cybercriminals will always be launching new curveballs. All it takes is one tiny misstep, such as an employee with privileged access leaving their device unattended or someone unknowingly downloading malware from a phishing email, for a cyber-attack to happen, eventually leading to acyber risk materializing into a colossal business loss.
The key to a successful business year and future is to build cyber resilience — the ability to keep operations, data, and devices online when confronted by cyber baddies, with the capability to respond and recover to attacks in a timely manner and with limited conseuqences for the business
Cyber resilient organizations are able to anticipate, withstand, recover from and adjust to adverse conditions, stresses, attacks, or compromises on their cyber resources. Cyber resilience requires a sustained effort to adapt and implement risk mitigation strategies according to real-time insights into individual vulnerabilities and exposures.
The IMMUNE Platform
And how might you identify your cyber exposures and associated risks for your business?
IMMUNE, Responsible Cyber’s 360-degree cloud-based cybersecurity platform, identifies cyber risks in real-time and help you throughout the process of cyber risk management.
Organizations using the platform are empowered to take appropriate mitigation actions ahead of would-be attackers, improving their cyber resilience.
From now until 31 March, 2022, Responsible Cyber will be offering FREE Immunity Reports. IMMUNE will help you identify your cyber vulnerabilities and risks. Get your free report here through email via info @ responsible — cyber . com
Whilst cybercriminals launched and scored a number of record-breaking cyber heists in 2021, the good side won some breakthrough battles too. The US Department of Justice announced in June 2021 that it recovered approximately USD2.3M of the USD4.4M in bitcoin paid in ransom following the attack on the Colonial Pipeline. In November 2021, Interpol arrested five members of REvil, one of the world’s most prolific ransomware gangs.
We enter 2022 heartened for these landmark events, hopeful that there will be continued and better collaboration between and across governments and businesses to put a check on cybercrime.
Responsible Cyber wishes everyone cyber resilience in the new year and a very happy and safe 2022.
Figure 1: CyberDan
CyberDan always has your back. Stay steps ahead of the cybercriminals. No guesswork involved. Simply schedule a consultation with him today.