While cyberattacks are rising across nearly every category, cybersecurity is becoming increasingly important. How do you deal with and defend these threats?
In 2022, small-to-medium businesses (SMBs) are facing a historically high number of cyber threats. According to Verizon, 61% of SMBs have experienced at least one cyberattack in the last 12 months – but according to another study, only 14% are prepared to defend themselves.
This state of affairs is a huge risk both to marketers and their clients: not only do cyberattacks result in data breaches, high ransom fees and disruption to critical operations, but they can also be highly expensive to recover from. Some businesses do not survive – especially those who aren’t prepared for the worst.
In this article, we’ll explain the state of the cybersecurity landscape in 2022, with four threats that marketers should be aware of, and key tips for defending yourself.
Cybercrime Inc.
Propelled by geopolitical tensions and the rising availability of hacking tools, cybercrime has become a highly lucrative undertaking. The growth of darknet markets has created a thriving criminal underworld where cyber actors from around the globe can learn from each other and profit from their illegal activities; meanwhile, an increased reliance on digital tools puts organizations well within their reach.
Most businesses have at least one asset that hackers can benefit from, and usually several. Above all,
- Money for extortion and ransom payouts
- Personally identifiable information (PII) that can be sold on the dark web
- Credentials and access – most businesses work with other businesses and vendors; cyber actors can target one business (yours) to get at another
While the first two targets on this list are the most expensive, the third should have a big impact on the way that marketers think about cybersecurity.
Why Cybersecurity Matters for Marketers
While all organizations must protect themselves from cyber threats, marketing agencies also have a responsibility to protect their clients from attacks originating through their products and services, including websites, collaboration tools and eCommerce platforms. They also have a responsibility to teach their clients best practices for protecting their online accounts, shared files, and other sensitive assets.
Today, cybersecurity is not an optional side dish – it is an essential aspect of any service delivered with the help of the Web and connected devices.
Top 4 Cybersecurity Threats of 2022
While cyberattacks are increasing across nearly every category, some are growing more rapidly than others, and some have a much bigger impact on the day-to-day activities of marketers than others. These are the top four:
1. Phishing Attacks
‘Phishing’ is a form of social engineering attack that lures users into visiting a website that impersonates a well-known brand. There, they will be asked to enter sensitive information such as usernames, passwords, PII or financial information. Most phishing attacks occur through email, although users can be redirected to phishing sites by malicious code around the Web.
In 2021, 83% of organizations said they experienced a successful email-based phishing attack. Today, ‘spearphishing’ – a variant on phishing attacks that are highly targeted to specific individuals – is also growing in prominence. Ultimately, phishing attacks have the distinction of being the most dangerous cyberattack for organizations and also the simplest to avoid.
- Train employees to recognize the signs of a phishing attack: unexpected emails asking you to enter sensitive information are almost always fraudulent.
- Fake domains can be giveaway (‘micros0ft.com’ as opposed to ‘microsoft.com’) – this method is not infallible since cyber actors can spoof legitimate domains in email headers, but it will rule out many
The simplest and most infallible way to avoid phishing attacks is to verify any urgent messages directly – if you get an email from your financial institution claiming you need to change some account information, for instance, call them directly to make sure.
2. Ransomware
Ransomware is a form of malware that encrypts an organization’s files, offering to unencrypt them for a large fee (ransom). With ransomware frequency growing by 13% in 2022 – and with the average ransom payout approaching a million dollars – ransomware can be devastating for small businesses. In recent times, a 150 year old college had to shut its doors due to the expense of recovering from a ransomware attack.
Like phishing attacks, ransomware often spreads through email in the form of Microsoft Office files (.docx, .xls, .pptx) – however, it can also spread to your organization from a corrupt website, or through direct attacks on your network. Avoiding ransomware requires preparation and vigilance:
- Regularly back up data, and keep at least one system backup air-gapped from your network – both traditional media (tape, hard drives) and cloud-based storage work, as long as they stay offline
- Have a business continuity and disaster response plan that lays out an exact timeline for restoring business operations in the aftermath of a ransomware attack
Ultimately, the most reliable way to deal with ransomware is to train employees to avoid malicious destinations, and invest in anti-virus software to detect a ransomware attack before it progresses.
3. Web Vulnerabilities
Aside from having their own website, marketers often create new websites for their clients: both are potentially vulnerable to many attack types, including brute force, SQL injection and cross-site scripting (XSS). But today, the most common vulnerabilities originate from content management systems (CMS) like WordPress, or eCommerce platforms like Shopify.
In 2021, WordPress vulnerabilities more than doubled, with over 7,000 vulnerabilities being remotely exploitable. On the eCommerce side of things, both Magento Open Source and Adobe Commerce were affected by a remote code execution exploit (RCE) in February of this year. Going back many years, thousands of online stores have been affected by “Magecart,” a credit card skimmer that has impacted many eCommerce platforms.
- Adopt an enhanced secure socks layer (SSL) protocol for your server
- Choose stronger user passwords with two factor authentication (2FA)
- For CMS platforms which support it, use anti-malware plugins to keep your site safer
Above all, businesses should keep their CMS software up to date, remove unnecessary plugins, and be vigilant in patching public vulnerabilities as soon as they arise.
4. Remote Employment Risks
The COVID pandemic changed many things in the world of business – one change that’s here to stay is the rise of remote employment and hybrid work models, with experts predicting that 25% of professional jobs in the U.S will be remote by the end of 2022.
Unfortunately, remote employees can amplify the threats that organizations are already facing, while bringing new threats, like unencrypted file sharing, stolen devices, and the use of public, insecure networks. Ultimately, remote endpoints can be hard for organizations to monitor and control, providing a larger attack surface for cyber actors to target.
Fortunately, there are many ways to reduce the extra cyber risk of remote working:
- Train employees to protect their personal electronics and use secure authentication mechanisms for login access; in the worst case, any lost devices should be immediately reported
- Tell employees not to use public networks without the use of a virtual private network (VPN) that can keep traffic encrypted both ways
For larger organizations, it may be worth investing in advanced solutions like endpoint detection and response (EDR); these can help cyber defenders to remotely monitor endpoints for malicious activity and remediate attacks.
Choosing a Safe Marketing Partner
The world of cyber risk is a constantly shifting landscape. But two themes remain consistent over time: a majority of cyber incidents are caused by human error, or by trusting the wrong partner. Whether it’s a vulnerable vendor in your software supply chain or a marketing agency with sloppy security practices, choosing the wrong partner is a decision that can lead to data breaches, ransomware attacks, or even worse.
In 2022 and beyond, your business is facing increasingly sophisticated cyber actors who use creative methods to deceive your employees and infiltrate your networks. Fight back with an equally sophisticated and creative marketing team that understands what it takes to keep your business – and your clients – safe.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!
