An extended hand holding a compass overlooking water

 

As we begin 2022, it’s important to take some time to examine the cybersecurity outlook for the coming year. Your business might just depend on it.

Between June 2020 and June 2021, ransomware attacks increased a staggering 1070%. Google searches for “ransomware” skyrocketed throughout 2021 when compared to 2020, hitting or nearly hitting Google’s peak popularity threshold of 100 (on a scale of 0-100) multiple times worldwide throughout last year. What you need to take away from this is that the attacks are relentless, and that people are searching for news and solutions more than ever. You need to be ahead of the curve and protect your business.

In a recent article, ZDNet warns that cybersecurity training isn’t working as attacks continue to ramp up and get worse. Training is often treated as an annual one-and-done session, and this does not adequately prepare the employee or protect the business.

“The 30-minute video you’re obligated to watch once a year doesn’t do the job,” says professor of information technology and engineering systems at MIT Sloan Executive Education, Stuart E. Madnick according to ZDNet.

Because cybersecurity threats are ever-evolving, cybersecurity training and education must be an ongoing endeavor. To dismiss information as static is to leave your business behind and wide open to attack.

ZDNet goes on to point out that infrastructure, such as power grids, and critical organizations, such as hospitals, are increasingly the targets of cyberattacks and ransomware. In fact, in the period between November 2020 and July 2021, the healthcare industry experienced a 45% increase in attacks.

The defense industry, despite rigorous legal standards, is also increasingly at risk, as is evident by the 2020 SolarWinds supply chain breach. From the Washington Post, a study of 300 defense contractors conducted by BlueVoyant found that more than half were at substantial risk for ransomware. Additionally, just under half were found to have vulnerabilities categorized as “severe,” including using outdated devices.

And you may be thinking, “Well, I’m not a power utility or hospital or defense contractor. I make widgets. I’m not very big at all.” The fact is those kinds of organizations likely already have better protections than most other businesses and they’re still vulnerable. This isn’t about your size or perceived importance. Cybercriminals don’t even really care about your data most of the time. They only care about what you’re willing to pay to get it back.

For every excuse you find not to invest in protecting your business, hackers are finding 10 times more excuses to hack you. They will exploit your indifference and laziness.

 

Lines of computer code as viewed on a computer monitor

 

The Ongoing Log4J Challenges

 

One of the specific challenges your business faces as we begin 2022 is the devastating log4j vulnerability exploit. The exploit was identified late last year in 2021, and because of log4j’s widespread use and the dire consequences of a breach using this flaw, it will continue to be a pain point well into this year.

Jen Easterly, the director of the federal Cybersecurity and Infrastructure Security Agency (CISA), said, “The log4j vulnerability is the most serious vulnerability I have seen in my decades long career.” You can read more in an official statement from Easterly and CISA by clicking here.

According to cybersecurity firm Check Point, via ZDNet, cybercriminals have attempted to exploit the log4j vulnerability on more than 40% global networks. The seriousness of the situation cannot be understated. It is critical that you work with your IT team, your outside managed service firms, and your various vendors now to ensure your business is protected from this flaw.

 

Expect Vendor Disruptions to Continue

In 2021, a clear pattern of supply chain attacks emerged. Supply chain attacks are so called because the breach of one organization trickles down to their clients or other business partners.

Perhaps the biggest supply chain attack of 2021 was the Kaseya breach in July. As a provider of remote management IT tools, the attack on Kaseya severely impacted those that relied on the company for IT support and protection. Some even went out of business.

Later in the year, a ransomware attack on Kronos Private Cloud disrupted Kronos clients who relied on the software for payroll, ultimately impacting about 8 million employees. Businesses using Kronos have had to scramble to reconcile payroll and for the hardest hit, the continued consequences will affect tax season.

The unfortunate truth is that no matter how much effort you put into protecting your business, you are still at the mercy of how well your vendors protect their business. If you haven't already, make a plan with your IT team or provider to best your insulate your business from supply chain attacks in 2022.

 

The Ripple Effect: How Cybersecurity Impacts your Business Insurance

 

Ransomware is becoming such a massively expensive liability for businesses of every size that insurance companies are putting risk assessments in place for cybersecurity coverage, and this is something you need to be mindful of going forward.

Insurance provider, Travelers, for instance, has dozens of thorough questions, including:

Indicate whether the Applicant currently has the following in place: A Chief Privacy Officer or other individual assigned responsibility for monitoring changes in statutes and regulations related to handling and use of sensitive information

Indicate whether the Applicant currently has the following in place: Multi-factor authentication for remote access to the Applicant’s network and other systems and programs that contain private or sensitive data in bulk

Indicate whether the Applicant has the following: A disaster recovery plan, business continuity plan, or equivalent to respond to a computer system disruption

The fallout of being hit with ransomware or a breach can be cripplingly expensive. Payouts, equipment replacement, loss of productivity, loss of customers, the list goes on, and the message from insurance providers is clear: if you have not met a minimum standard of protecting your own business, they are not going to help with any of this and may decline to renew your policy.

With the repercussions of an attack already so severe, you simply cannot be willing to take the chance that your insurance provider denies your claim on top of everything. It’s time to get serious and get compliant.

 

The hands of two people gesticulating over business paperwork

 

How You Can Improve Your Cybersecurity in 2022

 

The broad steps to protect your business in 2022 from ransomware, breaches, and other cybersecurity threats are unchanged from every year. To reiterate:

Start working with your IT team, your managed IT service firm, and your vendors to achieve these goals now and ask how you can implement additional protections. The best day to start was yesterday. The second best day is today. If your IT provider has not already proposed or implemented these changes, they’re not taking your protection seriously and they are putting your business at grave risk. It may be time to consider looking for a better IT company that is just as much a partner as they are a provider.

 

Conclusion

 

This look into cybersecurity for 2022 might be a little scary. If you haven’t invested the right resources into protecting your business, honestly, it should be. Most small-to-medium businesses hit with a successful cyberattack go out of business within months. The fallout from an attack is simply too expensive to bear.

Which is to say, plainly: Inadequate cybersecurity is an existential threat to your business.

It is our hope at I-M Technology that this article better helps you understand the challenges you will face this year and how to better combat them. Fear should only be a motivator; it shouldn’t be how you live your life or run your business. It’s time to step up, educate yourself and protect your business confidently in 2022.