Quiet cyber attacks in 2022?

“Rather than go for the one-hit, big attack, cyber criminals are increasingly looking to infiltrate an organisation without being noticed for long periods of time,” says Thorpe. “This way, data can be exfiltrated from servers and endpoints at a slow and steady pace so as not to attract attention. And with the increase in home or hybrid working, it is information on remote computers that is typically less well protected, which is most at risk. By the time these quiet attacks are detected, it’s often too late.”

SecureAge’s Thorpe also believes that the most popular point of entry for these quiet attacks in 2022 will be through targeting email and other messaging systems so that corporate communications can be compromised. Cyber criminals are becoming increasingly sophisticated when it comes to weaving together pieces of personal information from the dark web or social media to create apparently legitimate and believable messages that have dangerous attachments or download links.

“This just goes to show that all data is sensitive and should be protected all of the time,” says Thorpe. “The traditional way is to try to stop cyber criminals getting to the data with increasing layers of defence and access controls. It’s time to change these habits and start to protect the data itself – whether at rest, in transit or in use.”

Technologies such as full disk encryption are great if you lose your laptop but are useless to protect data on a running system. “We need to start beating the ransomware criminals at their own games,” says Thorpe. “After all, they can’t demand a ransom for data that is already encrypted before they get to it.”

According to the survey commissioned by SecureAge earlier this year, forty eight percent of businesses experienced a cyber breach during the COVID-19 pandemic so far, while another 8% ‘were not sure’. “If the trend in quiet attacks continues, we can expect to see this ‘not sure’ figure increase.