3 Reasons to Be Extra Vigilant about IT Security this Year
(Editor’s Note: The following is an excerpt from “Your Home Office is Now a Threat Vector and More Reasons Your Company Must be Extra Vigilant about IT Security in 2022,” part of 8x8’s 2022 Business Communications Trends.)
As if IT security executives do not have enough to worry about, the increase in hybrid work environments provides attackers with increased numbers of points of entry into a corporate network. In industry parlance, this is called a threat vector. Work from anywhere also means a breach can start from anywhere.
Hybrid and remote work is not the only current challenge for CISOs. Attacks are becoming increasingly sophisticated and automated. Bad actors are not only using AI to spot network weaknesses, but they are also employing advanced psychological techniques to spot and exploit human weaknesses too — the kind that induces a malicious click. 85% of breaches involve the human element, according to the Verizon 2021 Data Breach Investigations Report (DBIR).
43% of CIOs and CTOs see data privacy, cybersecurity and compliance as the most pressing tech challenges of hybrid work. - PwC Future of Work Pulse Survey
It is this sophistication that shapes my 2022 IT security trends. IT and business leaders must be more vigilant than ever to protect corporate data, intellectual property, and other assets. A few of the trends I see are as follows.
1. Unintentionally or otherwise, employees are the biggest information security risk
Phishing works. Verizon's DBIR says tricking employees to reveal corporate information and access, known as phishing, was part of breaches 36% of the time in the past year.
In addition, a 2021 survey by Entrust found that only 52% of employees at enterprise companies were given anti-phishing training and just 31% were given training to prevent ransomware. You can spend millions of dollars on security infrastructure, but all it can take is a single click to allow someone unauthorized access to your network.
2. Cyberattacks are increasing, requiring AI and crowd-sourced intelligence to fight back
By the end of 2022, utilizing AI and machine learning, in its various forms, will be table stakes for security operations (SecOps) teams whether as an on-premises product, SaaS, or via a managed service. AI will be an organization’s first line of defense to detect anomalous behavior and block potential intrusions as soon as possible.
Businesses are also fighting back cyber adversaries by participating in threat intelligence-sharing programs to spread awareness, prevention, and remediation techniques. There are a growing number of available private and open-source platforms available. Bug-bounty programs that compensate ethical hackers for disclosing vulnerabilities are increasingly popular too. Some organizations are also turning to exposure management solutions to gain a comprehensive view of their security posture and prioritize risk mitigation efforts. But defense requires a multi-pronged approach. In addition to AI and threat intelligence, implementing a robust backup strategy, such as leveraging reliable S3 backups, is crucial. S3 backups offer a secure and remote storage solution, ensuring you can recover critical data quickly in case of a cyberattack or unforeseen system failure.
3. Your APIs could end up biting you in the CPaaS
Another security trend to watch this year is the growth of SMS, texting, and video (CPaaS) in customer interactions. There are several popular use cases including status alerts, user authentication, customer support, and more. From a security perspective, these channels present avenues for phishing activities.
Many of these services operate via APIs. They could be open source or from a vendor. Security teams or their trusted advisors need to evaluate the API code and also make sure that APIs are configured correctly with their primary communications applications.
Appreciate your IT security professionals. In 2022 and beyond, it is going to take a village to keep your business secure. Read more about what's trending in IT security this year in the 2022 Business Communications Trends.