Cyber breaches were at an all-time high in 2021 and will only continue to get bigger. While there were high profile hacks such as the Keystone Pipeline, Microsoft Exchange and the SolarWinds hack make the news, there were thousands of other attacks that did considerable damage to companies that were not publicly reported
Part of this surge in cyber scams is the fact that the COVID 19 Pandemic has continued to rage on. When people were forced to work from home due to stay at home orders, workers moved from well secure, managed, monitored, and updated networks to at home networks which had various levels of security, outside the security walls set up by many companies. This has allowed was an open buffet for cyber criminals. New methods such as Zoom bombing and cryptojacking has made working from home dangerous without the proper security protocols in place. Zoom bombing is where people hack into a Zoom call and causes disruptions, such as what happened in the Italian Senate when a pornographic video was hacked in. Cryptojacking is taking an unsuspecting victim and use it to mine cryptocurrency.(1)
This is reflected in the Identity Theft Resource Data Breach Annual Report for 2021. From the data they have compiled, several numbers stand out:
There are many things that can contribute to an increased number of breaches. Chief among these is the lingering usage of legacy systems. Legacy systems are programs and networks that are old and no longer supported by the various IP providers. As a result, they do not get the updates that they need to prevent vulnerabilities like the log4j issue.
Many networks, especially in older companies still run programs like Windows 7, Windows 8. The issue is that Apple, Windows, and other IP providers discontinuing support for many older programs. While current programs such as Windows 11 are updated daily, these older programs no longer receive such support. Software companies daily develop patches and updates to their software to protect against new and emerging threats. Most, if not all of the current systems vulnerabilities were not even known or discovered until well after such outdated systems were developed.
The cost of updating these systems can be significant and many companies opt to postpone updating. The investment need to update systems to run the newest programs such as Windows 10, 11 and any Apple IOS system takes time and money. Companies dealing with the struggles of the last two years have opted to keep current systems until the market settles and they can once again focus efforts on infrastructure. This makes them valuable targets for exploiting, because new patches are not available to emerging vulnerabilities.
In Singapore for example, “Last year, a Singaporean e-commerce giant received an attack on its online supermarket platform, where 1.1 million users’ personal information, including names, numbers and partial credit card numbers, were stolen. Its cybersecurity team detected the customer database was taken from a legacy system, which was more than 18 months out of date at the time of the attack. The company has since stopped using the system and taken the necessary actions to strengthen its cybersecurity.”(3)
Looking forward to 2022, there are many things that will continue to be an issue. As we evolve to a more remote workforce, companies will need to make further investments in systems and security and consider how and how often systems are updated. Ransomware will continue to be the number one cause of cyber intrusions, as the attacks become more tarted via phishing and social engineering. Supply chains, already weakened thanks to the pandemic will continue to be targeted and grow in complexity and number. (4)