The top cyber security risks of 2022

Cyber crime continues to be a huge problem for individuals, businesses, and charities around the world, costing them over £4 trillion annually. To put that in perspective, if cyber crime was a country, it would be the third biggest global economy after the USA and China.

Since the pandemic struck at the beginning of 2020, many cyber criminals have changed the way that they operate. That’s because the change in working practices, such as the move to home working, has presented many security vulnerabilities that these criminals have been quick to exploit.

In 2022, the cybersecurity landscape will continue to evolve as many organisations return to pre-pandemic work practices, while still retaining some of the flexible working arrangements they adopted in 2020.

That means it’s important to understand what the top cyber security risks of 2022 are likely to be, and what your charity can do to mitigate these risks.

Phishing for SaaS credentials

Phishing is a huge cyber security problem. More than 75% of targeted cyberattacks start with someone at an organisation opening a malicious email.

What’s changed over the last 18 months is that many employees working from home have become used to using applications running in the cloud – known as software-as-a-service or SaaS apps – instead of programs running on their charity’s own computers. Many of these SaaS apps contain confidential data about service users or donors.

SaaS apps can be accessed by anyone who has the appropriate logon credentials such as a password, so employees should be wary of “conversation hijacking” attacks. That’s when a cyber criminal poses as a fellow employee and engages in an email conversation. After a while the criminal invents some pretext to ask for the victim’s SaaS app login credentials.

The after-effects of the pandemic, such as the shift towards hybrid working environments, make it much more likely that these attacks will succeed because employees have become used to interacting with colleagues over email, when previously they may have talked in person.

How your charity can protect itself: The best way to provide extra security for password protected accounts (such as SaaS app accounts) is to activate two-factor authentication. This ensures that a cyber criminal cannot access an account even if they manage to get hold of the password.

Ransomware double trouble

Ransomware is a cyber security problem that just won’t go away. The first half of 2021 saw a 102% increase in ransomware attacks compared to the beginning of 2020, so it’s a security problem that’s only getting more prevalent.

To make matters worse, ransomware groups are increasingly adopting an even more troubling approach to their criminal activities: doubling down on the threat that they pose. Not only do they encrypt their victims’ data and demand a ransom payment to regain access to it, but now they often add extra pressure by threatening to publish all the data online if the ransom is not paid.

That means that a data loss incident becomes a data breach incident as well. Some cyber criminals also threaten cyber attacks on victims’ suppliers and customers to put them under even more pressure to pay the ransom.

How your charity can protect itself: Ensuring you take regular backups of your data can help mitigate the risk of losing data in a ransomware attack. However, a backup will not protect your charity if cyber criminals publish your data online. It is essential to run good endpoint protection software to try to prevent ransomware from getting on to your systems in the first place.

Covert crypto-mining

There’s nothing illegal about cryptocurrencies such as Bitcoin, but there’s no doubt that Bitcoin has been a boon for cyber criminals for making illicit payments and receiving the proceeds of ransomware attacks. The Social Science Research Network (SSRN) estimated that more than £50 billion of illegal activity involved Bitcoin back in 2018, and this number is likely to be substantially higher today.

A single Bitcoin is also worth substantially more today than it was in 2018, so it’s likely that there will be a rise in malware that silently installs Bitcoin mining software onto victims’ computers. This software hijacks the computer’s processing power and puts it to work to generate Bitcoins, consuming electricity and slowing down the computer as it does so.

Once the Bitcoin mining software is running on the computer, it may also install other malware such as keyloggers to try to steal passwords and other confidential data.

How your charity can protect itself: As with ransomware, the best protection against this type of software is to ensure that you have good endpoint protection in place. Staff should also be educated not to download software from untrusted sources, or to download any non-job-related software onto any computers that they bring to work.