New Year, New Threats?
What will be the cyber security threats of 2022?
This was the question a client asked me to tackle in our first awareness-raising session of the year. This session was for a financial services organisation - for their general workforce - and the client was keen for me to cover some of the growing threats of recent years with a look to the future.
I started my presentation by tackling a common misconception that we so often face in cyber security, which can be summed up by the question I often hear: "why would cyber criminals target me?"
This is a misconception for two reasons:
we all have data that is more valuable to us - and more valuable to malicious people - than we often remain conscious of on a day-to-day basis
most cyber attacks are not targeted, but are instead the result of scattergun attacks and collateral damage
Covering some of the biggest issues we have faced in cyber security in recent years, I turned to supply chain attacks, ransomware (with a quick demo) and social engineering. We can expect all of these threats to grow in size and impact in the near future. They will evolve as we become more resilient to them.
In terms of social engineering, the prediction that I shared with the audience was that we are likely to see a rise in deep fake technology being used in social engineering attempts in coming years.
However, the main theme of my session was that, while it is interesting and valuable to look at emerging threats, we are best served focusing on the here and now. Cyber criminals evolve their tactics when they have to, but they generally use the path of least resistance. Their strategies remain constant and the good news is that our core defences remain the same.
Yes, we can consider how threats will continue to evolve and what cyber criminals may do next. But, most importantly, we need to communicate as widely as possible that positive foundations of security practice mitigate the overwhelming majority of the threat that individuals face online.
To reinforce this message, I often end awareness sessions with 5 key personal security takeaways:
🔐 Protect Your Accounts – use unique passwords and multi-factor authentication
📲 Protect Your Devices – lock screens and apply updates as soon as possible
💬 Protect Your Information – check social media settings & be mindful of what you post online
🪝 Protect Your Communications - if a communication is unexpected, makes you feel something and asks you to do something - that’s a big red flag for social engineering so you should check with the supposed sender
👨👩👧👦 Protect Your Circle – pass this advice on to colleagues, friends, family and connections
If you want to know what our clients think of our awareness-raising sessions, check out some of our testimonials. If you'd like to chat to us about our awareness-raising services, please get in touch. And don't forget to subscribe to our mailing list to stay in the Cygenta loop!