Love them or loathe them, year-end lists are an obligatory part of the final weeks of any year, and 2021 is no different. Now, OpenVPN isn’t qualified to report on the best books, albums, movies, or television shows of the year. Anything about the best and/or worst dressed? Not our area of expertise. But we are uniquely qualified to break down the top cyber threats businesses faced over the past 12 months — and we can also take a look at what experts anticipate will be the top cybersecurity threats in 2022. And let’s be honest, if you’re reading this blog, you’re probably much more interested in that sort of thing than any movie ranking.
So let’s break it down.
Network security, the prevention and protection against unauthorized access into corporate networks, focuses on device interaction rather than actual devices (i.e., endpoint security). Any steps network admins take to keep unauthorized users out of corporate networks and connected devices qualify as network security. Ransomware, a type of malicious software attack (aka malware attack) that usually requires a ransom payment for owners to regain access to their information, was popular with cybercriminals in 2021.
The 2021 ransomware numbers are scary and, unfortunately, they probably won’t improve any time soon. Not all business owners make ransom payments to regain access to their company data, but some do — so lone wolf cybercriminals and cybercrime-as-a-service groups are willing to play the odds.
Cybercriminals aren’t just persistent; they’re innovative, too, so ransomware cyberattacks continue to evolve. Writing for ITProPortal.com, Daniel dos Santos identified three areas businesses should pay closer attention to in 2022 to mitigate ransomware:
What role does a virtual private network (VPN) play in network security and ransomware mitigation? A VPN creates a virtual tunnel over the internet so data can travel securely from Point A to Point B. A VPN administrator configures user access—usually a username and password—so employees can authenticate and connect to the VPN. Once connected, employees' encrypted communications safely travel over the public internet to your private network. At the same time a VPN solution:
Overall, a VPN is an essential tool to mitigate cybersecurity risks.
The Verizon 2021 Data Breach Investigations Report (DBIR) put the verified data breach tally at 5,258, up from 3,950 in the 2020 report. Security breaches often originate with social engineering attacks such as phishing emails and spear phishing. Both attempt to trick an email recipient into providing personal information — often login credentials or credit card information — but a spear-phishing attempt isn’t as broad as phishing.
Attackers go wide with phishing, hitting as many people as possible, counting on at least one to respond. Then, with that one set of login credentials in hand, the sender can likely gain access to the company network and its contents, including sensitive data. On the other hand, spear phishing focuses on an individual, with the sender often posing as someone within the same organization.
The Q3 2021 Anti-Phishing Working Group (APWG) Phishing Activity Trends Report found that:
The World Economic Forum anticipates an increase in phishing attempts in 2022 and that the attacks will be harder to detect due to the use of deepfake technology that can “… be weaponized and used to create targeted content to manipulate opinions, stock prices or worse.” With such a frightening increase, it's essential that businesses implement more and better security measures to protect their networks.
Phishing typically starts with an email that tricks a user into visiting what appears to be a safe website. If the user enters their login credentials on the phishing site, they’ve compromised their username and password. That site is where the login credentials or other personal data (like financial information) are obtained. A full-featured business VPN gives administrators the ability to block known or suspected phishing sites.
People make mistakes. You can’t stop that, but with the growth of remote workforces, it’s more important than ever that companies take steps to ensure employees are aware of and comply with cybersecurity protocols. Last year’s numbers in TechJury’s November piece, 22 Insider Threat Statistics to Look Out For in 2021, are sobering:
The Verizon 2021 DBIR found that 85% of data breaches involved a human element. More often than not it wasn’t a matter of malice; it was simply human error or ignorance. Hardworking, dedicated employees with no bad intentions, working on unsecured home or public Wi-Fi, are especially vulnerable. Cybercriminals scan internet traffic looking for opportunities to steal credentials or just find ones that are weak and easy to decipher.
According to Forbes, “Nearly 95% of web application attacks are performed using weak or stolen credentials.” But, the story continues, “By implementing two-factor authentication (2FA), multi-factor authentication (MFA), and end-to-end encryption, businesses can provide an extra layer of protection against these simple data breaches. Adding more secure authentication methods makes it significantly more difficult for attackers to penetrate this additional layer of security.”
Like the threats examined above, a VPN is a reliable tool in curtailing human errors that threaten network security. The “extra layer of protection” — encryption and MFA — is built into next-gen VPN technologies and easy for administrators and employees to use. But even with a VPN in use, it’s critical to continually refresh employees on security policies and tools. After all, knowledge is power, and it's important to make sure they know the importance of the basics (e.g., strong passwords).
Yes, 2021 was another tumultuous year for cybersecurity, which will likely be the case in 2022. The connected world and the cloud simplify conducting business and enable employees to work virtually anywhere they can get an internet connection. And while hackers tend to view this new, post-pandemic digital world as a giant opportunity to deploy a variety of attacks against small businesses, enterprises, and anything in between, it is possible to protect yourself. Innovative cybersecurity solutions continue to evolve, giving companies better, more reliable tools than ever before to protect themselves and the sensitive information housed in their networks.