2022 was quite the year on the cybersecurity front. A rise in remote work and an unexpected war led to cybercrime activity levels we’ve never quite seen before.
As we are already in the new year, there’s no better time to look back at 2022 and see if there are any lessons we can take away to better protect ourselves in the future.
Phishing is way more advanced than before
Gone are the days when threat actors would send horrendous emails to get people to click on malicious links or attachments. Modern phishing attempts are way more advanced and go far beyond just emails. Threat actors are not afraid to send text messages or even pick up the phone and call potential victims. They do this to give more credibility to their request or raise a sense of urgency.
Having solid security awareness is key to protecting yourself from phishing attacks. No matter how believable something sounds, never download or click on anything after verifying the source.
Geopolitical climate can affect your personal security
Geopolitical instability has led to a series of nation-sponsored cyberattacks in 2022. Unfortunately, innocent civilians have also been affected during the crossfire. A good example are the recent attacks from Killnet – a Russia-sponsored cybercrime gang targeting hospitals in Europe and the U.S. The attacks forced patients to change hospitals and not be able to get the prescriptions they need.
While we sometimes may feel isolated from what’s happening in the world, remember that we are more connected than ever. Both a blessing and a curse, this necessitates maintaining constant online awareness and making use of the most modern security solutions. Having your data protected via trusted encryption methods may just make you too difficult of a target for any potential attackers should any international incident arise.
Not all MFA methods are created equal
While any form of MFA can protect from up to 99.9% of threats, that 0.1% can sometimes make the difference. Threat actors, such as LAPSUS$, used several methods to access systems throughout 2022 despite MFA being present. The most notable LAPSUS$ attack was against the popular ride-sharing app Uber. A teenager associated with the group bombarded an employee with MFA requests. MFA fatigue kicked in, and the intruder successfully accessed Uber’s internal systems.
Any form of MFA is better than none. But, we should slowly move away from sending authentication codes through texts or simple push prompts. These methods can be easily bypassed with SIM swapping and MFA fatigue. Instead, a far more secure option is an authentication app that provides you with the code from the app itself. Above all, however, setting strong, complex passwords and changing them often remains at the forefront of proper cybersecurity hygiene.
Limit access to third-party apps and sites
Breaches of mega-popular websites like Facebook and Reddit in 2022 show that we can’t trust these large companies to protect our data. Shady user data management practices by TikTok show that a breach isn’t even needed to put your data at risk. That doesn’t mean we should completely stop using these platforms. We just need to be smarter about it.
Carefully read user-agreement prompts when they come up. Platforms can’t legally use your data before getting your consent. These prompts are intentionally made easy to skip. But, with a bit of self-control, you can avoid the temptation of clicking the “Accept” button before even reading the user agreement.
Additionally, avoid providing too much information to apps. You don’t have to create anonymous account, but you should consider the amount of personal data you provide.
2022 gave us a lot of lessons when it comes to better protecting ourselves online. We are still early in the cybercrime epidemic. The bad news is that threat actors aren’t even close to hitting their peak in terms of sophistication. However, cybersecurity awareness is also becoming increasingly widespread on a global level. This includes governments, businesses and individuals alike.
As we learn more about how threat actors operate, we can equip ourselves with the necessary tools and knowledge to identify and avoid potential threats.