National Cybersecurity Awareness Month: The Top Cyber Treats of 2022 and How CREG Systems Can Help

It’s October, so it is time for pumpkin patches, apple picking, cold weather, and more! October is also National Cybersecurity Awareness Month, launched in 2004 by the National Cyber Security Alliance and the U.S. Department of Homeland Security. 

What is National Cybersecurity Awareness Month?

When Cybersecurity Awareness Month began, the awareness efforts centered around advice like updating your antivirus software twice a year to mirror similar efforts around changing batteries in smoke alarms during daylight savings time. Over the years, National Cybersecurity Month has developed to change with technology. 

According to reports, the most common tactics hackers use to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities. However, CREG Systems is Northern New York’s most trusted and experienced resource that is prepared to prevent ransomware attacks on your business. 

What are the Top Cyber Threats of 2022?

We at CREG Systems seek to educate the public about how to maintain their network health. We do so by providing educational materials, like this article. We also assess your network and provide recommendations and services that will strengthen your security. Contact us today to protect your data. Meanwhile, here are some common threats that CREG Systems recommends you watch out for:

  • Ransomware
    • Ransomware has been a growing threat in recent years. Several high-profile attacks demonstrated to cybercriminals that ransomware was profitable, driving a rapid increase in cybercrime groups operating this malware. On average, ransomware claims a new victim every ten seconds worldwide, and ransomware cost businesses around $20 billion in 2020, an increase of 75% over the previous year.
  • Misconfigurations and Unpatched Systems
    • Security misconfigurations arise when security settings are not defined and implemented, or when default values are maintained. Usually, this means the configuration settings do not comply with the industry security standards such as CIS Benchmarks or OWASP Top 10. Misconfigurations are often seen as an easy target, as they can be easy for attackers to detect.
    • Misconfigurations can be much more than an accidental firewall rule. Some of the most common misconfigurations are unpatched systems, broken access control, sensitive data exposure, and vulnerable and outdated components. Attackers can purchase tools from deep web marketplaces to scan for these vulnerabilities, much like a penetration testing contractor could do for your organization.
  • Credential Stuffing
    • Credential stuffing happens when an attacker uses stolen credentials from one organization to access user accounts at another organization. These credentials are typically obtained in a breach or purchased off of the dark web. You may have seen news stories about Disney Plus accounts getting hacked, yet Disney found no evidence of forced entry. This is because credential stuffing simply involves logging into a victim’s account with their username and password.
  • Social Engineering
    • Social engineering isn’t the breach of a system, but rather the compromise of a person, which causes them to release confidential information unknowingly. This most commonly takes the form of an email phishing attack in which the individual is tricked into downloading malware or giving up their credentials. Typically, social engineering is the first step in a multistep cyberattack.
    • What’s more concerning is that over 70% of social engineering and phishing incidents are discovered by external parties. This means that when employees are falling for the bait, they usually don’t realize they’ve been hooked. On top of that, attackers are constantly coming up with new ways to evade automated security tools.

How can CREG Systems help?

CREG Systems ensures that the data you share and store is secure and protected, which pledges efficient operation and credibility to your organization. Our certified and highly trained staff will meet your needs and plan a security system roll-out strategy that best fits your goals.

  • Hardware & Software
    • Keep your data safe by using the most up-to-date security software and hardware.  Make sure you are secured through NEXTGEN firewalls, use sandboxing for extra protection, and ensure you have a defense at the gate.
  • Multi-level Protection
    • From your desktop to the firewall, each device in your organization should have segmented and multi-layered protection. Usually, you can stop a data breach before it threatens your vital information.
  • Insider threats
    • While many organizations have multi-layer security systems and data protection in place, there could still be other risks to consider. Former employees can be a threat to your cybersecurity.  Be sure to remove any access they may have and their data as soon as they leave the organization.  Be sure to teach employees about the importance of security and have regular testing to ensure your data is secure.
  • Good Cyber Habits
    • Be sure to keep your information backed up but, never keep your backups online.  Be sure to keep your systems updated and double-check apps to determine if they are corrupt or not. Limit access privileges and use two-factor authentication.  Preventing cyber threats is better than curing them.

What Steps can you Take Now?

  • Enabling multi-factor authentication
    • Multi-factor authentication (MFA) is a cybersecurity measure for an account that requires anyone logging in to prove their identity in multiple ways. Typically, you will enter your username and password and then verify your identity by another method, like fingerprinting or responding to a security question.  
  • Using strong passwords and a password manager
    • Password managers are pieces of software that often take the form of apps, and browser plugins or they might be included automatically in your browser or computer operating system. With a few clicks, you can generate new, secure passwords that are long, unique, and complex. These passwords manager automatically store your passwords and can autofill them when you arrive at the site. 
  • Updating software
    • Always keep your software updated when updates become available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.
  • Recognizing and reporting phishing
    • The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds (about 4 seconds) and ensure the email looks legit. Here are some quick tips on how to spot a phishing email: 
      • Does it contain an offer that’s too good to be true? 
      • Does it include language that’s urgent, alarming, or threatening? 
      • Is it poorly crafted writing riddled with misspellings and bad grammar?

Our staff are trained and certified as Certified Information Security System Professional (CISSP), Certified Ethical Hacker, and Certified Wireless Network Administrator and holds CompTIA A+, CompTIA Network+, CompTIA Security+, Windows Server, and Microsoft Exchange certificates. In conclusion, our staff is the best equipped to deliver you the best cybersecurity in the North Country.