Cybersecurity is a continually changing field. As businesses resolve old vulnerabilities, attackers develop new strategies that work around them. Defenses must repeatedly evolve to remain secure. If employers want to keep their employees safe, they must stay on top of emerging cybercrime trends.
Some threats, like social engineering, aren’t new but are experiencing significant growth. Others specifically address recent technologies or trends, requiring a fresh look at security best practices to stay safe.
Here are five growing cybersecurity threats employers may not be as aware of and steps to protect against them.
1. MFA Fatigue Attacks
Multi-Factor Authentication (MFA) adoption is rising, with 74% of organizations today planning on increasing their MFA spending and use. However, as more people have implemented MFA in response to growing awareness of password vulnerabilities, cybercriminals have adapted. Attacks targeting MFA systems are on the rise.
MFA fatigue attacks occur when criminals gain someone’s initial login credentials, then send repeated MFA requests until the user authorizes it, granting them access. As simple as that is, it can be highly effective. MFA fatigue attacks have successfully breached companies like Uber and Twitter over the past few years.
Awareness is the first step to protecting against MFA fatigue. If employees receive an MFA request when they’re not actively trying to log into something, they should ignore and report it. Setting a limit on MFA opportunities and using location-based services to show where attempts are coming from can help, too.
Ransomware itself is not a new trend, but it’s becoming a bigger threat through Ransomware-as-a-Service (RaaS). RaaS offers advanced, ready-made ransomware tools and instructions for hire, letting anyone, regardless of experience, initiate these complicated, damaging attacks.
As ransomware becomes more accessible, related risk factors are also rising. Working from home and pandemic-related stresses have made employees prone to error. In fact, 55% of people under 30 admitted to making more mistakes when working from home.
RaaS means ransomware is growing faster than ever and will affect more businesses, but it doesn’t change what security steps are most effective. First, all employees should receive training on how to spot phishing attempts. Next, businesses should restrict access permissions to minimize what breached accounts can do. Finally, it’s important to use automated tools like network monitoring and backup programs to mitigate and contain potential attacks.
3. Cyber-Physical Attacks
Another rising cybersecurity threat employers should know about is increasing attacks on cyber-physical systems. Businesses today employ many Internet of Things (IoT) devices that expand their attack surface. Even remote employees may not be safe from these threats, as some homes may contain dozens of smart devices, which criminals are targeting more frequently.
Experts predict there will be more than 25 billion connected IoT devices by 2030. As these cyber-physical systems become increasingly important to running a competitive business, they’re becoming more valuable targets to cybercriminals. The lack of visibility and poor built-in security measures that come with these devices make them even more vulnerable.
Segmentation and encryption are two of the most important protections against this threat. IoT devices should run on separate networks from other, more sensitive systems, and all their data should be encrypted in transit and at rest. Changing default settings to enable MFA and disable auto-connect features is also important.
4. Cryptocurrency-Related Cybercrime
Cryptocurrency presents another new cybersecurity threat that may endanger employees. Over the past few years, crypto has gained mainstream appeal, and that rising adoption has attracted more cybercriminals. By October 2022, criminals had already stolen $3 billion worth of cryptocurrency in that year alone.
Crypto’s anonymous nature and exciting newness make it harder to spot scams for many employees. As more businesses integrate crypto services, these risks could become a matter of company security, too.
Employers should inform employees about signs of crypto scams, like demanding payment in cryptocurrency and promises that sound too good to be true. Using strong passwords, storing crypto in offline wallets, researching exchanges before trusting them and securely storing keys will also help. Businesses should be even more skeptical of cryptocurrency and partner with specialized blockchain security experts before implementing any crypto-related processes.
5. State-Sponsored Cyber-Attacks
Most cybercrime, especially in previous years, is financially motivated, but political attacks are on the rise. Businesses, especially those with government ties, should take note of the rising prominence of state-sponsored cyber-attacks.
Russian forces have used cyber-attacks to take down electrical and internet services in Ukraine in their ongoing conflict. These attacks highlight the need for corporations to stay vigilant. Companies providing needed infrastructure like communications, supply chain services or utilities may become targets of state-sponsored cyber-terrorism.
The Cybersecurity and Infrastructure Security Agency (CISA) lists several security steps for addressing this threat. Those include disabling non-essential ports, restricting access privileges, using MFA, keeping all tools updated and creating a thorough incident response plan. Regular penetration testing and pursuing high-level cybersecurity certifications will help, too.
Stay Safe from Rising Threats
Cybercrime is growing too quickly and in too many ways to assume an organization that was safe yesterday will be tomorrow. Organizations must regularly review cybersecurity trends and their protections to see if and how they should adapt to remain secure.
Protecting employees begins with understanding what threats could endanger them. Once employers know what the most threatening and likely risks are, they can take the necessary steps to defend against them.