Cybersecurity threats and data breaches will be among the most significant predicaments enterprises face in 2022. Below is an examination of the most critical data breaches of 2021 and a few areas where you should concentrate your efforts to defend yourself from such risks as you move into the new year.
Major Data Breaches of 2021
Here are some of the topmost data breaches of 2021.
One of the most significant security breaches of the year was in April when malicious actors compromised Facebook’s data. The breach included the personal data of over 500 million Facebook users, including their names, locations, email addresses, phone numbers, IDs, birthdates, and gender information. The data could be easily used in many ways by cyber adversaries. The leaked Facebook data that spanned accounts from over 100 countries appeared on a low-level malicious forum where anyone could view it. Facebook’s data breach took another turn in September when another attacker boasting the possession of data of over 1.5 billion Facebook accounts posted an ad to sell said data.
March saw one of the most prominent tech organizations globally, Microsoft, suffer a significant security breach. It involved more than 250,000 victims across 30,000 organizations worldwide as of March 9, when its on-premises exchange servers suffered four zero-day exploits. The attack on Microsoft made many headlines as it released user login credentials on the affected servers and gave admin privileges to the attackers. Microsoft stated that a new strain of ransomware infiltrated its server, encrypting all data and rendering them unusable while demanding money for updates. After the attack, Microsoft claimed that it had fixed more than 90% of the servers.
Another major security breach that made headlines in 2021 was the one suffered by the Federal Bureau of Investigation. The FBI’s external email system was compromised and used by attackers to launch a chain attack. Over 100,000 users received emails from the FBI’s official mail server addresses asking them to stay vigilant of cyberattacks in November. The FBI issued an official statement acknowledging that the software misconfiguration allowed malicious actors to send fake emails through its LEEP (Law Enforcement Enterprise Portal). It summarizes how the FBI had patched its software and network. However, the online community is still vigilant as the incident raised eyebrows concerning the security of one of the most secure government agencies worldwide.
April was dreadful for LinkedIn as it suffered a significant data breach. The information of nearly 700 million users, i.e., more than 90% of its member base, was posted by malicious actors for sale. The user data was verified and found legitimate, involving full names, addresses, email IDs, locations, gender information, phone numbers, LinkedIn IDs, and associated social media accounts. LinkedIn stated that its investigation revealed that the data was old and scraped. It also released another statement mentioning that the information posted by the adversary was not the result of a data breach but the gathering of data already available to the public. The real story might still be unclear, but the news certainly shook security professionals worldwide.
Lessons Learnt From The Cyberattacks of 2021
The year 2021 has shown that cyberattacks like phishing and ransomware are more rampant, sophisticated, and severe than ever and result in huge losses. The breaches have shown that having a stringent zero-trust security system in place is more necessary than ever. Inculcating strong cybersecurity awareness among employees, besides other safeguards, is also highly necessary. The critical security breaches of 2021 are an excellent opportunity to study how threat actors operate so that you can apply the lessons learned for increased protection from such threats in 2022.
Aspects You Need To Pay Attention to in 2022
Your organization needs to pay attention to the following aspects to ensure robust protection against cyber threats:
- Phishing: Phishing attacks are perhaps the most rampant threats organizations and employees face. Google identified over 2 million phishing sites in January this year. Phishing is also among the most expensive cyber threats that will cost your organization a fortune, not including losing customers and trust. It is essential for organizations to focus on protection against phishing emails.
- Ransomware: According to Forbes, ransomware attacks cost $102.3 million in transactions every month in 2021. Ransomware encrypts information if it gets into an organization’s network, and it is most typically spread through emails. A ransomware attack can result in income loss, brand and reputation harm, staff layoffs, and business closures. To mitigate and identify these risks effectively and quickly, organizations must have a straightforward vulnerability detection program involving the implementation of continuous diagnostics methods, mitigation methods, among other strategies.
- Email Security: Emails open your enterprise to various threats as they involve data transfer between servers. Malicious actors can exploit your email hosting provider to deploy malware and use other methods such as chain mails, phishing, spoofing, domain squatting, ransomware, browser exploit kits, and BEC (Business Email Compromise). Improving the email security posture involves using email-screening software, encrypting critical files and confidential messages before sending them, using secure email gateways, etc.
- Social Engineering: Social Engineering attacks involve attackers exploiting employees emotionally using manipulation to access private data and crucial information. Social Engineering has become one of the most common threats for cheating people for their data using techniques such as baiting, phishing, scareware, and more. Adversaries using social engineering attacks exploit users’ confidence to access data by utilizing human psychology for malicious purposes. Though social engineering attacks may seem easy to detect, they require educating yourself and your employees to reject requests for help and information, use spam filters, and be vigilant while conversing to identify social engineering tricks for the future.
In parallel to the sophistication of cybersecurity techniques, adversaries are also improving their methods and finding new ways of breaching security. Each recent data breach teaches something new, but the above safeguards are typical ways to protect your organization from most email security and data breach attacks when observed and implemented strictly.