Sunday, October 30, 2022

4 Hidden Cyber Threats That Nobody Cares About

 In the world of Cybersecurity, there is one thing that I have noticed:  There are a lot vendors, MSPs, MSSPs, and who else who live to cite numbers in order to put a fear factor into the eyes of their customers and prospects.  The ultimate goal of this is to get them more prone to purchase their products and services.  In the end, nobody really questions who got what statistic, it sounds impressive enough.

This can even be extended to the various technojargons that are thrown out there, and the two that drive me the craziest are “Risk” and “AI”.  Every Cyber vendor on this planet talks about these two things, but nobody defines what it really means to the products and services that they are trying to sell to you.  The latter is the worst.  Vendors keep pumping that their solutions have AI in them, but what kind of AI is being used?  How is it helping to protect the customer?  These are key questions to be asked, but yet nobody asks them.

When I write a blog and cite any kind of number or stat, I try to provide the source and the link from where it came from.  But I feel that I need to perhaps put more scarier stats into mine, in an effort to educate you more about the realisms of just how dangerous Cyber threats can be.  Important note here:

The numbers and stats presented in this blog come from here, at least initially:

https://www.darkreading.com/vulnerabilities-threats/cybersecurity-risks-and-stats-this-spooky-season

Here we go:

1)     Ransomware is coming back, yet once again:

Although this threat vector is never going to go away per se, 2022 was actually a relatively quiet year, when compared to 2021, when all hell broke lose.  One of the most notorious hacking groups in this regard is known as “Revil”.  It led the infamous supply chain attack on Kaseya, which impacted well over 1,500+ organizations on a global basis.  After this heist, the Ransomware group disappeared, but now announced just recently it is going to make a comeback, on a scale that has never been seen before.

2)     The Emergence of the Remote Workforce:

Ok, this is a subject that has been beaten up to death ever since the COVID-19 pandemic hit.  While the concept of working remotely is really nothing new, COVID-19 made the unthinkable a reality.  For example, the notion of the Metaverse, Web 3.0, and a 99% Remote Workforce were things that everybody thought would happen in the middle of this decade.  But, it is happening RIGHT NOW.  Nobody was really ever ready to have everybody WFH.  Of course, there were a ton of problems, with one of the biggest ones that of the meshing of the home networks with the business networks, leaving a lot of exposure for the Cyberattacker to penetrate into. It seems like that (IMHO) most of these problems have been resolved, some 66% of CISOs polled claim that new problems are always cropping up, and that this cycle will never seem to end.  Plus, the IoT has not helped the situation much either. If people are WFH, why not make it more comfy by connecting everything together?

3)     The internal threat is going to rise:

This is something to really worry about.  We all are so worried about the threats that are inbound from the external environment, that we are failing quickly to pay attention to the internal threats.  By this, I mean the possibilities of Insider Attacks. We would like to think that all of our employees are honest and good, after all they probably passed a pretty exhaustive check, right?  Well, keep in mind that background checks are just a “double check” on an employee at one point in time.  There could always be a rogue employee in your company, or the beginnings of one starting up.  Unfortunately, these kinds of potential security breaches are very difficult to find and confirm, and in fact, 84% of CISOs polled claimed that this is going to be a top concern going into 2023 (but why isn’t it now – what’s the point of waiting until the start of next year???).

4)     The shutdown of Critical Infrastructure:

This kind of attack has always been there, with the most notable one being the Colonial Gas Pipeline attack.  The fear so far that with war in the Ukraine still going on, we could see a barrage of attacks that will lead to the ultimate shutdown of our Critical Infrastructure here in the United States.  Luckily nothing has happened yet, but this could be a real problem even going into next year.  My fear is that multiple US cities could be hit, in a simultaneous attack.  The effects here will be like a nuclear war, but without the radiation being present.

My Thoughts On This:

Well, here you have it, some Cyberattacks with their threat variants backed up with some sort of stat just to prove how dangerous the situation has become.  Who knows when and if they will happen at all, but if it does, I sure hope that we can recover fairly quickly, as the effects will be nuclear like.

 

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...