2021 was an interesting year for cyber security. While there were headline grabbing vulnerabilities and breaches throughout the year, there were other disturbing trends that can only be seen in hindsight.
Attacks against corporate networks increased by 50% from 2020 to 2021. It’s not just the sheer numbers of attacks that have risen, but also the costs associated with successful ones – which for good measure are also happening more frequently. Server-side weaknesses can usually be prevented with proper patching and traditional security tools like firewalls. Where organizations are failing is in countering their biggest security threat, their own users. Unfortunately, that perfectly intersects with two troubling trends from last year that will increasingly threaten your cyber security in 2022.
How bad is phishing? According to Verizon’s 2021 Data Breach Investigations Report, phishing and/or pretexting now accounts for 43% of all data breaches. Phishing is also now the primary vector by which ransomware gets installed. Phishing is so effective because it’s an attack designed for the modern world where the lines between personal and professional are increasingly blurred. That’s a problem when your users interconnect their worlds to the point they share devices, applications, and passwords between the two without a second thought.
Oversharing on social media also helps attackers craft sophisticated spear phishing attacks. Spear phishing attacks are launched against either a highly targeted individual or even a specific organization. The larger an organization gets, the more effective they are, too. What’s also troubling is that even broad-based phishing attacks have gotten significantly harder to spot. They used to work in the same manner as the Nigerian prince scam. Namely, the misspellings were a feature, not a bug. If a recipient wasn’t sophisticated enough to deduce the fraudulence from the beginning, then they were a good candidate for further attention. But now phishing attacks show up on mobile devices masquerading as bill payment prize notifications or free gift cards. Or in inboxes as late mortgage notices. They are simply getting harder not to click.
A whopping 37 percent of all businesses and organizations were hit by ransomware last year. As is, ransomware is costing businesses plenty. Ransomware was estimated to have had global costs of $20 billion in 2021. Attackers know they can make money with the current approach, so the problems are only going to increase. If it continues to grow at its current pace, then by 2031 that number will be a staggering $265 billion.
Ransomware also crossed a boundary in 2021 when it impacted critical energy infrastructure and roiled markets for several days during the Colonial Pipeline attack. The problem is that the proof of concept of that attack can now be weaponized. The attackers got ‘lucky’ in finding their target in this attack. Other targeted attacks will follow, though.
Your risk depends on your business objectives. Your tolerance for that risk depends on you. SentryCard gives you a way to improve your security holistically in a way that crosses traditional corporate silos. Your security must work no matter where your personnel are connecting from, remotely or on-site. It needs to be fraud-proof in a way that current password-based solutions — no matter their complexity or multi-factor requirements – simply aren’t. Finally, it must build in protection against your biggest security weakness – your users.
SentryCard can help you protect both remote and onsite users while also offering data and facilities access protection. It’s a self-contained, biometric portable ID card that serves as a multi-function credential for both physical and logical access. With SentryCard, you can ensure every request coming from your users is valid and authorized because it relies on biometric fingerprint matching stored and verified on the card itself.
For more information about how SentryCard can help protect you from the increasing costs of cybercrime, please click here to contact Sentry Enterprises.