Web security in 2022: old and new challenges
As 2021 comes to a close, the time for ambitious resolutions has arrived. This applies not only to individuals, but also to organizations and companies, which need to look ahead to the challenges they will face in the new year. And web security ones are high on the list. In this post we analyze some of the main challenges CISOs, MSPs and network administrators will have to deal with in the year ahead.
Elena Deola, 21 December 2021
1. Cyberthreats in 2021: a short review
In retrospect, 2021 has been a gloomy year for web security, driven by the ever-growing merger between the physical and digital worlds. This has made the barrier between the two worlds more and more blurred. In turn, such a blurred barrier has been associated with an increase in the real-life effects of cyber attacks.
Cyberattacks have targeted national strategic infrastructures, with an effect on essential services, but also Managed Service Providers (MSPs), with a cascade effect on their clients both in their homeland and abroad, in case they supplied their services also to customers located outside the national territory.
Most of these attacks have been of the ransomware type, requesting the payment of an amount of money in order to restore the pre-attack situation. We analyzed attacks that have targeted strategic national infrastructures in this article. They include the May attack to the Irish Healthcare System, the Colonial Pipeline attack, which led the United States to declare the emergency status in 18 states, and the attack to the Italian bank Credito Cooperativo in Rome.
As far as MSPs are concerned, the attack that had the widest effects has been the one to Kaseya, which started on July 2 and took 20 days to be resolved. For more details about the Kaseya attack, read our dedicated article here.
2. Web security in 2022: what is high on the list?
An analysis of the threats we should expect for 2022 shows that some all-time favorites are confirmed also for the new year, like phishing attacks, while new challenges for web security will emerge, linked to both the change in technology, like the ones we’ll have to face with 5G, and the change in everyday life practices, like the continuation of the move towards remote work.
2.1 Phishing attacks
Phishing attacks have become more and more common. The pandemic has definitely had an effect on this, since it resulted in an increase in the use of IT in all age ranges and occupations. We discussed in detail the nature of phishing attacks in this article.
They usually consist of fake email communications used to convince the victim to download a malicious attachment or to access a fake website similar to the original one, for example a bank website, in order to reveal personal information like the username and password or the credit card number.
In 2022 these attacks will become more and more personalized and sophisticated. Attackers will use intelligence and data gathered from social media outlets in order to make their communications look as authentic as possible, and hence harder to distinguish from original ones.
2.2 “Work-from-anywhere” scenarios
A phenomenon that had begun already before the pandemic, remote work has spread further as a result of Covid and going back to the office full-time is proving difficult. To the contrary, 2022 will see an increase in the amount of hours worked from locations other than the company offices.
While on the one hand this allows increased flexibility also in conditions of restrained movement, on the other it has created a whole new target for hackers, who are now exploiting the VPNs used by employees working remotely to reach and enter their company network in order to steal relevant information and data.
2.3 Internet-Of-Things (IoT) Devices
As we mentioned in this dedicated article, since the term Internet Of Things was originally coined more than twenty years ago, IoT has exploded: billions of devices in a variety of sectors, from healthcare, to home equipment, to leisure, are today connected to the Internet. This makes their processes more automated and also makes it possible to control them remotely.
At the same time though, the spike in IoTs has resulted in new efforts by hackers to exploit this new environment in order to breach into home systems, collect data and use them in order to perpetrate attacks.
2.4 5G threats
According to GSMA, by 2025 there will be at least 276 million 5G connections in Europe. This means that over the next year companies will invest in 5G technologies to obtain greater connectivity, in line with the digital transformation roadmap many companies have established for their future.
But the implementation of 5G will be accompanied by new challenges:
»5G will accelerate even more the increase in IoT described above with all the connected cyber threats;
»Being 5G a new technology, laws and regulations regarding it are still few and far apart, leaving wide gaps that allow hackers to collect, store and misuse data.
2.5 Social engineering threats
The rise of social networking sites like Facebook, LinkedIn, Twitter and others has been paralleled by the rise in social engineering threats. The basis is given by the fact that social networks are websites and applications where users freely share their personal information, sometimes also the sensitive ones. In this case, hackers exploit human psychology by trying to manipulate the users’ trust in order to achieve the goal of obtaining even further personal and private information.
Even LinkedIn fell prey to these attacks in 2021. As reported by TechRepublic, the social network was used repeatedly by hackers with fake profiles to convince people to, for example, fill in surveys at whose end was a request for additional personal information. Differently from other social networks, LinkedIn is used by professionals so these threats are more credible even to expert users.
3. Cybersecurity resolutions for 2022
So, how should we cope with all these threats? What shall we resolve to do in 2022 to prevent ourselves from being the next victims of cyberattacks? There are certainly a wide range of things we can do in order to increase our security against cyberthreats. Some of them are best practices, others are tools we can invest in.
3.1 Best practices for 2022
The Internet is full of lists of actions to take in order to decrease the chance of being the victim of a cyberattack. Here are the ones we deem most important and also easier to enact:
» Be always vigilant against phishing attacks and remember that hackers are getting better and better at exploiting your fears and passions against you;
» Use strong passwords, passwords that don’t necessarily make sense, that are different every time and difficult to associate to you;
» Enable multi-factor authentication: it requires criminals to hack not only into your computer but also into your mobile phone or the other device you are using for authentication purposes, thereby making it more difficult to steal your information;
» Social media are a powerful tool…but use them wisely and avoid constantly oversharing information about your life events, connections and whereabouts.
» Update your security software regularly: updates may require time or reboots, but they ensure your software receives and applies the latest developments in web security.
3.2 FlashStart: the tool to ensure a safer Internet experience
Choosing the correct tool is fundamental in order to grant your protection.
Being a DNS filtering tool means that FlashStart acts as a checkpoint for all internet traffic: when the user types the name of the website s/he wants to access, the browser sends a request for the IP address, which is checked against the FlashStart cloud. The FlashStart cloud contains the list of access and deny lists that allow or prevent the user from accessing the desired website.
4. The 3 features that make FlashStart your ideal ally against cyberthreats in 2022
So, here are the three features that make FlashStart your ideal ally in the fight against cyberthreats:
» It is constantly updated: FlashStart uses a mix of artificial and human intelligence to scan the Internet for new threats, malware, phishing attempts and scams. Once a threat is identified, the FlashStart cloud is updated and users can benefit straight away from the updates, with no need to download any security updates or proceed to lengthy reboots.
» It can be applied both at the router level to grant protection inside all your network and at the end-point level through the ClientShield app on every device to ensure devices are protected even outside your network.
» It is fast: as highlighted above, FlashStart is faster than Google and can therefore grant users with a fast response. The tool works with almost zero latency, so your users will not feel a need to disable it.
You can activate the FlashStart® Cloud protection on any sort of Router and Firewall to secure desktop and mobile devices and IoT devices on local networks.