The importance of cybersecurity in 2022
With cybercrime becoming more of a threat to both individuals and organisations, we examine some of the more high-profile attacks this year and what we can do to protect ourselves online
Over the past few decades, cybersecurity has increasingly become a primary concern for businesses and governments worldwide. As economies embrace ever-expanding digital services — whether in relation to goods and services or organisational management — the security and integrity of these services have become more vital, as have the frequency of attacks levied against them.
Security breaches can be critically damaging, exposing sensitive data and causing extensive disruption to online services. In one of many worst-case scenarios, so-called 'ransomware' (a type of malware used to gain further system access and lock a victim out of their own database) has been used to publicise private information, with additional exposure threats if the victim doesn't pay the requested fee to prevent further damage.
With other dangers of cyber-attacks, including financial and identity theft, hijacking computer equipment, and even industrial espionage, ensuring the integrity and security of private and personal users is a vitally important issue. For most internet users, a strong password is the first line of defense. Unfortunately, many of them use similar or identical passwords to one another, usually based on linguistic or cultural norms in their geographical area. Internet security company ExpressVPN has written an extensive blog article about this issue, detailing commonly used passwords according to country. Those interested in assessing the efficacy of their own passwords are advised to check this accordingly.
This year we have witnessed numerous high-profile cyber attacks, with even technology companies falling prey to bad actors. One of the most apparent breaches to date has been the one affecting Nvidia, the world's leading graphics card manufacturer and one of the largest semiconductor companies. In this instance, ransomware was used to gain access to Nvidia's systems, exposing employee information, including login credentials, as well as closely-guarded company secrets relating to product design and release schedules. In addition to its attempts to extort money, the hacking group responsible, Lapsus$, demanded Nvidia to open-source software relating to its graphics processors and remove some hardware limitations put in place to prevent its products from being used in crypto mining (the process used to generate digital currency such as Bitcoin). Although the method used to install the ransomware in question has not been publicly released, there are speculations that they may have achieved this by exploiting either existing software vulnerabilities or a network used to access company systems.
In related news, software giant Microsoft has also faced difficulties this year, allegedly from the same group involved in the Nvidia attack. To many, a successful hacking attempt against a company whose name has become almost synonymous with the personal computing revolution might be considered unthinkable. Still, even Microsoft was proven not to be impregnable when, in March, source code relating to the corporation's Bing search engine and Cortana voice assistant was released online. Although the exact method of intrusion was not made public by Microsoft, in a statement, the company discussed the hacking group's penchant for gaining "elevated access through stolen credentials." This could have been achieved through successfully determining an employee's password or through numerous forms of phishing attacks.
Considered a rising threat within cybersecurity circles, phishing refers to a user being tricked into clicking a malicious link, providing the hacker with further access. These links are most commonly found in emails sent from business associates, colleagues, or friends and, therefore, potentially challenging to recognise — especially by overworked and tired employees. Often, and especially when targeting high-profile individuals such as CEOs, hacking groups will investigate their intended victim's social media profiles, searching for clues that may help them to establish trust during correspondence. Private messages on social media platforms such as Twitter or LinkedIn may also be used to contact victims, so users are advised to be vigilant in all areas of digital communication.
Despite many cyber-attacks being levied at private companies and individuals, recent years have also seen a worrying escalation in state-sponsored operations designed to disrupt government services. While usually not claiming direct responsibility, various countries have long been suspected of harboring or providing financial assistance to hacking groups, especially when these groups' tactics have been used to target foreign powers. Incursions of this nature are often achieved through distributed denial-of-service (DDoS) attacks, large-scale hacking attempts often employing vast quantities of unsuspecting proxy computers instructed to overload targeted systems with unmanageable requests, thus leading the server to shut down or become otherwise inaccessible. For instance, in May, a hacking group Killnet attacked numerous Italian government websites and departments, including the country's foreign ministry, while Estonia repelled a similar attack by the group in August.
As one can see, cybercrime can affect anyone — from casual internet users to employees reliant on digital services and even large corporations and government entities. While the notion of protecting oneself online may seem daunting, there are, nonetheless, numerous tools and practices at our disposal that, if properly utilised, may provide comprehensive protection from many types of attacks. Creating a strong password, ensuring applications are up-to-date, and maintaining vigilance when following links sent to us online are just a few steps that everyone can take to improve their online security. For enhanced protection, internet users should consider using a VPN service to increase their safety when accessing WiFi in public places and ensure that any system firewall and account two-factor authentication (2FA) options are enabled.
Lastly, one of the most effective strategies at our disposal is to stay informed about the latest cybersecurity developments and follow recommended guidelines regarding current trends and evolving threats. While no measure may prove infallible, by educating ourselves and taking steps to protect ourselves online, we may avoid becoming a victim of cybercrime and the various damaging impacts of this uniquely pernicious phenomenon.