As more of our business functions and everyday life continue to become dependent upon technology, cybersecurity threats maintain their steady rise. In 2021 we saw some of the most sophisticated breaches of all time, let’s recap and briefly discuss what each of these threats represent to businesses in 2022.
• SolarWinds: The SolarWinds attack is one of the largest supply chain incidents in history. SolarWinds, known for its centralized monitoring and computer system configuration management platform used by a large pool of fortune 500 U.S. based companies. Hackers had long begun their reconnaissance strikes to discover vulnerabilities with the software back in 2019 before the breach was announced on May 19th, 2021. This incident affected organizations of all sizes simultaneously, the hacker group known as Nobelium by Microsoft gained access to the enterprise networks, computer systems, and private data of thousands of SolarWinds customers.
• Colonial Pipeline : The Colonial Pipeline, an American oil pipe system originating in Houston, Texas that carries gasoline and jet fuel primarily to the southeastern United States, endured a Ransomware attack that impacted computer equipment managing the pipeline on May 7, 2021. The hackers were able to break into the company’s network after stealing a single password, according to CEO, Joseph Blount as he explained the attack to a U.S. Senate committee.
• Florida Health Kids Corporation: Florida Health Kids Corporation experienced a cyber breach that caused 3.5 million records stolen. Data included Social Security numbers and financial information according to The Department of Health and Human Services’ Office for Civil Rights’. The root cause of the breach was a lack of necessary software patches by a security vendor in enough time to correct multiple security vulnerabilities coexisting within the code of FHKC’s website, thus giving hackers access to the organization’s website for several years. You can click here to learn more.
By the time we reached the third quarter of 2021, cybersecurity breaches were at an all-time high, up by 17% from the prior year. Numerous industry sectors observed an uptick in the number of security incidents. The most notable were manufacturing and utilities, healthcare, financial services, retail and e-commerce, government, and professional services, all totaling approximately 60 million victims.
These threats represent enormous effects to businesses, specifically those who are highly dependent on a remote workforce, and whose customer base is strongly reliant on digital services. The cybersecurity breaches in 2021 have certainly raised awareness in the business community. More notably it’s gained the attention of government officials where more regulation is sure to develop, while business executives are beginning to take stringent preventative measures to offset the ever-increasing cyber threat landscape. Corporate and board room officials have expressed cybersecurity is a responsibility everyone must share, and it needs to be viewed as a business strategy, a moral obligation, and a commitment to stakeholders.
In 2022 we continue to foresee hackers will exploit vulnerable systems, target weak employees through social engineering strategies, and (SMB’s) small businesses will be a hot target for hackers due to their knowledge of the low defense systems these business entities have in place. SMB’s such as small to mid-sized retail shops, pharmacies, physical therapy, dental or medical offices, restaurants, surgical clinics, radiology centers, private financial institutions, (IoT) Internet of Things (e.g. medical devices, smart homes, smart cars, electric grid), manufacturing and utilities organizations will ALL continue to see an upsurge in cyber-attacks in 2022.
The threats we witnessed during 2021 are a real world testament to the problems everyday businesses, even well-structured establishments with full time technology staff, will continue to see, more so this is a signal displaying the level of determination maintained by cyber criminals in their quest to strengthen dominance over enterprise computer systems to rein in profits. As a full service professional cyber security advisory firm, Intellikor offers solutions and recommendations that can help reduce the risks businesses will be sure to face in 2022. Everything isn’t bad news, there are huge benefits for businesses now being offered by the federal government due to recent U.S. legislation on cybersecurity policy. The following list can help kick start your year towards a safe and strategic direction in how to start thinking about ways to secure your business from cyber-attacks. Our team’s suggestions are as follows:
1. Develop an operational readiness package. Our team recommends a complete analysis from a “hackers-eye view” of your operational platforms and IT infrastructure systems that aims to highlight and eliminate weaknesses in your computer structures. Invest the time and capitol in evaluating the security posture of your business to ensure quality grade compliance standards and retain a security score card for your company’s overall security posture as well as those of all third-party vendors whom your company does business with and ultimately relies on for added services.
2. Assess the effectiveness of your security technology regularly and analyze results then take the time to adjust where warranted.
3. Perform routine user access reviews, quarterly preferably - if not - at least semi-annually, to ensure that access to critical systems and confidential business applications are restricted solely to those individuals who are truly authorized to interact with such sensitive business application services.
4. Evaluate third party software to eliminate the possibility of becoming the next victim of a supply chain cybersecurity attack. Require vendors to provide evidence of their technology’s security posture and the policies they take to maintain a secure product.
5. Work with a professional or have your IT department evaluate logs, perform code reviews, and conduct application interface testing for security vulnerabilities.
6. Identify and take remedial action towards critical vulnerabilities by establishing mitigation strategies, and a recurring validation process to ensure exploitable weaknesses are closed.
7. Ensure servers are properly patched. Make sure computer systems, such as end user equipment, email clients, mobile technology is hardened and that all software libraries and application program interfaces are securely locked down.
8. Install a system of monitoring and reporting across all computer assets. Have senior management maintain accountability for the review and ownership of critical vulnerabilities or work with a professional cyber security firm to aid in this process.
9. Identify cybersecurity insurance protection, business continuity, incident response, and business resiliency strategies.
10. Examine your software, website, and mobile technology security real-time. Evaluate and close all security gaps across digital products such as cloud-based applications, mobile apps, and remote access technology.
The U.S. government is taking preemptive measures to encourage businesses to take proactive steps with securing their organizations business critical software and infrastructure assets in order to minimize cybersecurity attacks. The latest cybersecurity safe harbor laws offer companies legal protection from the U.S. government in the wake of a data breach. Only if the company has implemented a well-structured security program that is compliant with industry standards such as NIST cybersecurity framework or ISO 27000. After signing up for Intellikor’s operational readiness, incident breach response, and Internet of Things cybersecurity protection programs, our team of experts will help you not only meet these standards, but we provide an official security certificate of conformity defining the compliance standards used to mitigate risks in your company. These safe harbor laws protect businesses from not having to pay huge financial punitive damages imposed by sanctions defined by the U.S. federal government when it has established that a business entity did not take the appropriate preventative measures to guarantee a safe and protected environment of it’s consumers data.
To view a list of Intellikor’s cybersecurity services and learn about how we are helping protect businesses from cyber security attacks, visit our web site at www.intellikor.com, fill out a short contact form, and one of our security experts will follow-up with you to discuss your company’s needs further. Don’t forget to follow us on social media and sign up to receive monthly newsletter and blog updates.
Stay safe in cyber space this 2022!
