www.embroker.com Open in urlscan Pro
2606:4700:10::ac43:2430  Public Scan

URL: https://www.embroker.com/blog/top-10-cybersecurity-threats-2022/
Submission: On May 16 via manual from US — Scanned from DE

Form analysis 1 forms found in the DOM

GET /

<form class="search-form form-inline" action="/" role="search" method="GET">
  <div class="form-group mb-0 container-fluid mx-0 px-0">
    <input type="search" class="form-control w-100 searchbar-full" placeholder="What can we help you find?" value="" name="s">
  </div>
  <button type="submit" class="btn btn-primary search-btn mb-0"><i class="fas fa-search"></i></button>
</form>

Text Content

Embroker Logo
Sign In Get Started Menu
 * Coverage
   Insurance For
    * Startups (VC Funded)
    * Law Firms
    * Cannabis Companies NEW
    * Crypto & Blockchain NEW
    * Aviation & Aerospace NEW
    * Private Companies
    * All Industries
   
   Solo Policies
    * Business Owners Policy
    * Commercial Crime
    * Cyber incl. Data Breach
    * Directors & Officers
    * Employment Practices Liability
    * Fiduciary Liability
    * Professional Liability
    * Tech Errors & Omissions
    * Workers Compensation
    * All Policies

 * For Brokers
 * About
 * Resources
   Download The Q1 Benchmark Report
   Business Insurance Guides
    * Startup Package Calculator
    * Startup Statistics
    * Guide: Business Uncertainty
    * Wage and Hour Claims
    * What is Contract Negligence?
    * All Posts

 * 
 * Search
 * Sign In
 * Get Started


Embroker Team April 8, 2022 9 min read


TOP 10 CYBERSECURITY THREATS IN 2022

Risk Management


Table of Contents

 * Top 10 Cybersecurity Threats:
 * 1. Social Engineering
   * New in 2022
 * 2. Third-Party Exposure
   * New in 2022
 * 3. Configuration Mistakes
   * New in 2022
 * 4. Poor Cyber Hygiene
   * New in 2022
 * 5. Cloud Vulnerabilities
   * New in 2022
 * 6. Mobile Device Vulnerabilities
   * New in 2022
 * 7. Internet of Things
   * New in 2022
 * 8. Ransomware
   * New in 2022
 * 9. Poor Data Management
   * New in 2022
 * 10. Inadequate Post-Attack Procedures
   * New in 2022
 * Staying on Top of It All

What are the top 10 cybersecurity threats? Cybersecurity has been a widespread
priority since the latter half of the ‘90s, when the dot-com boom brought the
world online.

More than 20 years later, unprecedented events like COVID-19 pandemic contested
elections, and spiking sociopolitical unrest have led to an explosion in the
number and severity of cybercrimes over the course of just a few years. We’re
likely to see security threats become more sophisticated and therefore more
expensive over time: experts predict that the global costs of cybercrime will
reach $10.5 trillion by 2025, up 15% from $3 trillion in 2015.

Proactive protection is the key to avoiding a cybersecurity attack. Take a look
at what experts say are the top cybersecurity threats facing the world in 2022,
and learn what you can do to protect yourself and your business from becoming
targets.


TOP 10 CYBERSECURITY THREATS:


1. SOCIAL ENGINEERING

Social engineering remains one of the most dangerous hacking techniques employed
by cybercriminals, largely because it relies on human error rather than
technical vulnerabilities. This makes these attacks all the more dangerous—it’s
a lot easier to trick a human than it is to breach a security system. And it’s
clear that hackers know this: according to Verizon’s Data Breach Investigations
report, 85% of all data breaches involve human interaction.


NEW IN 2022

In 2022, we’re likely to see social engineering attacks like phishing and email
impersonation continue to evolve to incorporate new trends, technologies and
tactics. For example, cryptocurrency-related attacks rose nearly 200% between
October 2020 and April 2021, and are likely to remain a prominent threat as
Bitcoin and other blockchain-based currencies continue to grow in popularity and
price. 


2. THIRD-PARTY EXPOSURE

Cybercriminals can get around security systems by hacking less-protected
networks belonging to third parties that have privileged access to the hacker’s
primary target. 

One major example of a third-party breach occurred at the beginning of 2021 when
hackers leaked personal data from over 214 million Facebook, Instagram, and
Linkedin accounts. The hackers were able to access the data by breaching a
third-party contractor called Socialarks that was employed by all three
companies and had privileged access to their networks.


NEW IN 2022

In 2022, third-party breaches will become an even more pressing threat as
companies increasingly turn to independent contractors to complete work once
handled by full-time employees.

According to a 2021 workforce trends report, over 50% of businesses are more
willing to hire freelancers as a result of the shift to remote work caused by
COVID-19. The cybersecurity firm CyberArk reports that 96% of organizations
grant these external parties access to critical systems, providing a potentially
unprotected access route to their data for hackers to exploit.




3. CONFIGURATION MISTAKES

Even professional security systems more than likely contain at least one error
in how the software is installed and set up. In a series of 268 trials conducted
by cybersecurity software company Rapid7, 80% of external penetration tests
encountered an exploitable misconfiguration. In tests where the attacker had
internal system access (i.e., trials mimicking access via a third party or
infiltration of a physical office), the amount of exploitable configuration
errors rose to 96%.


NEW IN 2022

In 2022, the continued combined impact of the COVID-19 pandemic, socio-political
upheavals and ongoing financial stress is likely to increase the number of
careless mistakes that employees make at work, creating more exploitable
opportunities for cybercriminals. 

According to a Lyra Health report, 81% of workers have experienced mental health
issues as a result of the pandemic, and 65% of workers say their mental health
has directly impacted their work performance.

This strain will only exacerbate an existing issue: Ponemon Institute reports
that half of IT experts admit they don’t know how well the cybersecurity tools
they’ve installed actually work, which means at least half of IT experts already
aren’t performing regular internal testing and maintenance. 


4. POOR CYBER HYGIENE

“Cyber hygiene” refers to regular habits and practices regarding technology use,
like avoiding unprotected WiFi networks and implementing safeguards like a VPN
or multi-factor authentication. Unfortunately, research shows that Americans’
cyber hygiene habits leave a lot to be desired. 

Nearly 60% of organizations rely on human memory to manage passwords, and 42% of
organizations manage passwords using sticky notes. More than half (54%) of IT
professionals do not require the use of two-factor authentication for access to
company accounts, and just 37% of individuals use two-factor authentication for
personal accounts.

Less than half (45%) of Americans say they would change their password after a
data breach, and just 34% say they change their passwords regularly.


NEW IN 2022

Thanks to an uptick in remote working, systems protected by weak passwords are
now being accessed from unprotected home networks, sticky note passwords are
making their way into public coffee shops, and workers are logging in on
personal devices that have a much higher chance of being lost or stolen.

Companies and individuals that don’t improve their cyber practices are at much
greater risk now than before.

Surprisingly, IT professionals often have even worse cyber hygiene habits than
the general population: 50% of IT workers say they reuse passwords across
workplace accounts, compared to just 39% of individuals at large.




5. CLOUD VULNERABILITIES

One might think the cloud would become more secure over time, but in fact, the
opposite is true: IBM reports that cloud vulnerabilities have increased 150% in
the last five years. Verizon’s DBIR found that over 90% of the 29,000 breaches
analyzed in the report were caused by web app breaches. 

According to Gartner, cloud security is currently the fastest-growing
cybersecurity market segment, with a 41% increase from $595 million in 2020 to
$841 million in 2021.

While experts originally predicted an en masse return to the office, upticks in
new COVID variants and breakthrough case rates have made this scenario
increasingly unlikely—which means the increased threat of cloud security
breaches is unlikely to wane at any point in 2022.


NEW IN 2022

New developments in cloud security include the adoption of “Zero Trust” cloud
security architecture. Zero Trust systems are designed to function as though the
network has already been compromised, implementing required verifications at
every step and with every sign-in instead of granting sustained access to
recognized devices or devices within the network perimeter.

This style of security gained popularity in 2021 and is likely to see widespread
adoption in the coming year.


6. MOBILE DEVICE VULNERABILITIES

Another pattern caused by the COVID-19 pandemic was an uptick in mobile device
usage. Not only do remote users rely more heavily on mobile devices, but
pandemic experts also encouraged large-scale adoption of mobile wallets and
touchless payment technology in order to limit germ transmission.

A larger population of users presents a larger target for cybercriminals.


NEW IN 2022

Mobile device vulnerabilities have been exacerbated by the increase in remote
work, which led to an uptick in companies implementing bring-your-own-device
policies. According to Check Point Software’s Mobile Security Report, over the
course of 2021, 46% of companies experienced a security incident involving a
malicious mobile application downloaded by an employee.

Cybercriminals have also begun to target Mobile Device Management systems which,
ironically, are designed to allow companies to manage company devices in a way
that keeps corporate data secure. Since MDMs are connected to the entire network
of mobile devices, hackers can use them to attack every employee at the company
simultaneously.


7. INTERNET OF THINGS

The pandemic-induced shift away from the office led over a quarter of the
American workforce to bring their work into the home, where 70% of households
have at least one smart device. Unsurprisingly, attacks on smart or “Internet of
Things (IoT)” devices spiked as a result, with over 1.5 billion breaches
occurring between January and June of 2021.

Combined with the average American’s less-than-stellar cyber hygiene habits, IoT
connectivity opens a world of vulnerabilities for hackers. The average smart
device is attacked within five minutes of connecting to the internet, and
experts estimate that a smart home with a wide range of IoT devices may be
targeted by as many as 12,000 hacking attempts in a single week. 


NEW IN 2022

Researchers predict that the number of smart devices ordered will double between
2021 and 2025, creating an even wider network of access points that can be used
to breach personal and corporate systems. The number of cellular IoT connections
is expected to reach 3.5 billion in 2023, and experts predict that over a
quarter of all cyberattacks against businesses will be IoT-based by 2025.


8. RANSOMWARE

While ransomware attacks are by no means a new threat, they’ve become
significantly more expensive in recent years: between 2018 and 2020, the average
ransom fee skyrocketed from $5,000 to $200,000. Ransomware attacks also cost
companies in the form of income lost while hackers hold system access for
ransom. (The average length of system downtime after a ransomware attack is 21
days.)

In a 2021 survey of 1,263 cybersecurity professionals, 66% said their companies
suffered significant revenue loss as a result of a ransomware attack. One in
three said their company lost top leadership either by dismissal or resignation,
and 29% stated their companies were forced to remove jobs following a ransomware
attack.


NEW IN 2022

Ransomware has only become more sophisticated, more widely available, and more
convenient for hackers over time. In fact, cybercriminals can now subscribe to
“Ransomware-as-a-Service” providers, which allow users to deploy pre-developed
ransomware tools to execute attacks in exchange for a percentage of all
successful ransom payments. The rise of RaaS means ransomware attacks are now
significantly more affordable for small-time cybercriminals, which in turn means
the number of ransomware attacks will only continue to climb.




9. POOR DATA MANAGEMENT

Data management is about more than just keeping your storage and organization
systems tidy. To put things in perspective, the amount of data created by
consumers doubles every four years, but more than half of that new data is never
used or analyzed. Piles of surplus data leads to confusion, which leaves data
vulnerable to cyber attacks.

Breaches caused by data handling mistakes can be just as costly as higher-tech
cybersecurity attacks. In a 2018 case, Aetna was ordered to pay $17 million
after mailing sensitive health information in the wrong type of envelope. 


NEW IN 2022

Due in part to the exponential explosion of data that’s taken place over the
past decade, experts predict that 2022 will bring an increased shift away from
“big data” toward “right data,” or an emphasis on storing only data that is
needed.

To sort right data from unnecessary data, teams will increasingly rely on
automation, which comes with its own set of risks. 

Automated programs are like spiderwebs—a small event on one side of the web can
be felt throughout the entire structure. And while the data processing itself
relies on artificial intelligence, the rules and settings the AI is instructed
to follow are still created by humans and are susceptible to human error.


10. INADEQUATE POST-ATTACK PROCEDURES

Holes in security must be patched immediately following a cybersecurity attack.
In a 2021 survey of 1,263 companies that had been targeted in a cybersecurity
breach, 80% of victims who submitted a ransom payment said they experienced
another attack soon after. In fact, 60% of cyber attacks could have been
prevented if an available patch had been applied, and 39% of organizations say
they were aware they were vulnerable before the cyber attack occurred. 


NEW IN 2022

The coming year will see the aftershocks of 2021’s cybersecurity attacks, which
spiked exponentially due to COVID-19. The patch management capabilities of the
organizations who were targeted in 2021 will determine whether or not they fall
victim to another attack in the coming year.

One increasingly popular solution is the adoption of the subscription model for
patch management software. “Patching-as-a-Service” products provide continuous
updates and patches, increasing patch speed and efficiency. Automated patching
also reduces the likelihood of patch vulnerabilities created due to human error.


STAYING ON TOP OF IT ALL

Staying aware of and protecting against new cybersecurity threats as they appear
can be overwhelming. With millions of hackers working around the clock to
develop new attack strategies more quickly than companies can update their
defenses, even the most well-fortified cybersecurity system can’t provide
guaranteed protection against attacks. 

That’s why it’s important to supplement your cybersecurity strategy with
adequate insurance to ensure that, even if you are the victim of a successful
attack, the damages won’t cripple your organization.

With comprehensive cybersecurity defenses and the safety net that insurance
provides, you can rest easy knowing you’re as protected as you can possibly be.


RELATED ARTICLES

Risk Management 10+ Work-from-Home Cybersecurity Tips for Employers and
Employees


10+ WORK-FROM-HOME CYBERSECURITY TIPS FOR EMPLOYERS AND EMPLOYEES

6 min read

Practice good work-from-home cybersecurity hygiene to keep yourself, your
family, and your employees safe. Learn more by reading our tips.

Read More
Business Advice & Research The Ultimate Guide to Data Breach Laws By State


THE ULTIMATE GUIDE TO DATA BREACH LAWS BY STATE

61 min read

We have compiled a detailed guide through existing data breach laws by state
that businesses can easily reference when necessary.

Read More
Embroker Logo
 * About Us
 * Careers
 * Media Center
 * Partner Program
 * Affiliate Program
 * Bespoke Coverage
 * FAQs
 * Sitemap
 * Claims
 * Get Started
 * Sign In

GENERAL INQUIRIES

1.844.436.2765

PRESS INQUIRIES

1.844.436.2765

hello@embroker.com

1 844 436 2765

Mon-Fri 6am-6pm PT

San Francisco
24 Shotwell St
San Francisco, CA 94103

Mon-Fri 6am-6pm PT

GENERAL INQUIRIES

hello@embroker.com

BROKER PARTNER INQUIRIES

brokers@embroker.com

VCS & PARTNERSHIPS

partnerships@embroker.com

PRESS

press@embroker.com

SECURITY INQUIRIES

security@embroker.com

© 2020 Embroker Insurance Services, LLC. All rights reserved.

twitter linkedin facebook instagram youtube

Terms Privacy Licenses Disclosure

© 2022 Embroker Insurance Services, LLC. All rights reserved.