Cybersecurity for small and medium-size businesses has been a hot topic over the past few years, especially with the shift to working remotely that so many businesses made in 2020. With the increase in new forms of attack to an ever-growing reliance on sophisticated technology, it is clear that security is a rapidly changing field.
It has been predicted that things like cloud technology and growth of the IoT (Internet of Things) would have a significant impact on the way small businesses thought about and undertook cybersecurity, and the shift in the workplace has only proved that to be correct – and these trends will surely continue into 2022.
5 Trends for Small Business Cyber Security in 2022
1. Supply Chain Attacks On the Rise
Issues with the supply chain have been all over the news in the past year. Vulnerabilities in the supply chain can make it susceptible to attack, further complicating things. A supply chain attack happens when a hacker infiltrates your systems through an outside provider with access to your systems and data. That might involve malware in software, or data that becomes compromised as a result of a cyber attack on a business partner. In the past few years, there have been more suppliers and service providers touching sensitive data than ever before.
According to Cisco, supply chain attacks are one of the biggest threats to small businesses. SMBs are not just attractive to hackers because they often lack strong security defenses, but it is also because they may not necessarily know who has access to their sensitive information. Hackers are frequently choosing to target vendors of SMBs in an attempt to get at precious data – and it’s working.
2. Passwords Phasing Out
In 2022, security will continue its shift from the use of just passwords to the use of multiple authentication factors and biometrics. These are tied to a user’s identity and cannot be easily stolen or reproduced.
Passwords have been with us since the earliest days of the internet, but they’ve continually been required to become more complex. Developing strong passwords has long been seen as the first line of defense against cybercriminals.
However, that is rapidly changing. The most robust passwords – jumbles of letters, numbers, and symbols – have proven too hard for the majority of the population to adopt. Security experts from numerous firms point out that people opt to reuse passwords. Each additional reuse grants another opportunity for a hacker to steal it, thus potentially compromising a string of user accounts.
According to the creator of HaveIBeenPwned, an increasing number of data breaches and data leaks are a direct result of weak passwords and password reuse.
In 2022, that is going to change as cybersecurity strives to adopt credentialing methods like dual-factor authenticators that hackers cannot steal.
3. Threats to the Internet of Things (IoT)
The world is several years into the commercial rollout of 5G. Over 75% of the US has 5G coverage. This allows for the rise of a practical Internet of Things – and hackers are eagerly anticipating it, too.
The Internet of Things is different from the internet in that devices do not connect to a central router but rather directly to themselves. As a result, it will become much easier for small business cybersecurity strategies to overlook this internet-connected device in the office.
However, that will prove dangerous. These devices will have access to the same network upon which the company computers will operate. The Internet of Things within an office can very quickly become a soft underbelly around a company’s defenses – a threat that, according to Kaspersky, is already on the rise.
4. Shadow IT Becomes a Real Concern
Shadow IT is the installation or creation of IT infrastructure by employees without the knowledge or permission of the IT department. Shadow IT examples include everything from Excel macros to SaaS applications, file sharing apps, and collaboration tools such as Office 365.
However, while the IT department is not responsible for the physical infrastructure or even managing of the application, they are still responsible for ensuring security and compliance for the corporate data employees upload to the cloud. This puts the IT department in the uncomfortable position of saying no to employees using cloud applications. Although most of these tools help employees do their jobs, they also provide a convenient backdoor for cyberattacks because they usually lack security.
Data protection firm Spin Backup found that almost 50% of cyberattacks in 2020 took advantage of shadow IT in a company. Organizations need to act now to discover, secure, and curtail this severe blind spot before it is too late.
5. Cloud Security Takes a Tumble
The cloud has often been thought to be highly secure, but that perception may change in 2022.
As public cloud usage becomes more prevalent in company options, companies are looking for ways to enjoy privacy and security. Hybrid cloud solutions – the use of public and private clouds – were briefly touted as the ideal solution to balancing these needs. However, it is rapidly becoming evident that hybrid solutions are susceptible to many of the same security issues plaguing regular servers. Security Magazine reported late last year that 40% of organizations have suffered a cloud-based data breach. As these breaches continue to happen, with increasing frequency, cloud security won’t continue to be seen as the secure option that it once was.
Let RJ Young help keep your network, workstations, servers, network traffic, and your business secure. Contact us about a free 30 day Sophos trial.