2022 BrightCloud threat report


BrightCloud®, the threat intelligence platform providing valuable cybersecurity analytics and insight to many of the world’s leading cybersecurity vendors, recently released their 2022 BrightCloud® threat report. Included in this report are some interesting changes happening in the cybersecurity threat landscape that are impacting small businesses around the world.

This year, 86.3% of malware was unique to one computer

For decades, computers have used anti-virus software to detect and remove malicious software (“malware”). To accomplish this, computers routinely downloaded a list of known malware packages (“definitions”), allowing the anti-virus software to scan the computer and compare it against the list of definitions.

As we see from the latest statistics, this method of endpoint security is no longer effective. In 86.3% of cases, the malware had never been seen before in its current form. This means that anti-virus programs that still rely on definitions for their protection would only be able to detect less than 14% of malware.

Sadly, these types of anti-virus solutions are still the predominant technology for small businesses today. Mature managed I.T. service providers (“MSP”), such as Digital Boardwalk, replaced their endpoint security solutions several years ago with the latest “definition-less” technology that is designed to provide superior protection against these polymorphic types of malware.

Consumer operating systems (Windows 10 Home) are twice as likely to be infected than professional operating systems (Windows 10 Pro)

Many small businesses choose to purchase consumer-grade computers due to their lower costs. While they may seem to work the same as their business-grade counterparts, consumer computers lack many of the security components and services needed to protect businesses from the latest cyber threats. For this reason, among countless others, mature MSPs require their customers to use professional operating systems, such as Windows 10 Pro or Windows 10 Enterprise, on all their computers.

Your I.T. service provider is likely a larger target than your own business

When analyzing the infection rates by industry, Manufacturing, Public Administration, and Information hold the top three spots. Therefore, it is no surprise that the U.S. Department of Defense is cracking down on government contractors to mitigate the cybersecurity risk from its supply chain manufacturers.

What’s surprising is how targeted the Information (technology) industry was in 2021. With trusted software distribution attacks against platforms including SolarWinds and Kaseya, I.T. service providers pose a great risk to their customers if they do not have a mature cybersecurity practice in place for their own operations. While most small businesses ask how the service provider can keep them safe from a cyber-attack, wise business owners instead focus on the internal cybersecurity operations of the MSP itself, and what techniques they use to defend themselves against these targeted attacks.

Ransomware costs are rising to devastating amounts for small businesses

Ransomware continues to be the greatest cyber threat facing small businesses. In fact, 44% of all ransomware attacks in 2021 targeted organizations with fewer than 100 employees. At the end of 2021, the average ransom amount was $322,168.00, and the median ransom amount was $117,116.00. Unprepared small businesses oftentimes do not survive these attacks when forced to spend over $100k on the ransom, let alone the additional costs from the breach of customer information and damage to their reputation. For this reason, mature MSPs invest heavily in the development and management of ransomware early detection mechanisms that allow them to stop ransomware attacks before they leak information or cause damage. Unfortunately, these specialized technologies are far from common amongst I.T. service providers, leaving most small businesses still vulnerable to ransomware attacks.

16% of malicious URLs resided on trusted websites

Have you ever heard the advice “just be careful what you click on and don’t visit websites you aren’t familiar with?” Simply “being careful” isn’t good enough anymore. 16% of malicious links in 2021 were found on trusted websites and servers. So, even though you may think Yahoo.com is a safe website to visit for your morning news, the site could be compromised with malicious links or advertisements with no obvious indication to you. Mature MSPs implement strategic internet security technologies that can detect and block malicious URLs, even if they are on trusted and encrypted websites.

Email phishing is still the clear first step for most cyber-attacks

Nearly two-thirds of all malicious URLs were linked to phishing emails in 2021. Additionally, October and November continue to see the highest activity of phishing attacks as has been the case in previous years. In 2021, 34.3% of all phishing attacks occurred in November. This is an intentional move by threat actors to take advantage of the holiday shopping season, a time when most people are vulnerable to phishing schemes. In 2021, the top 7 companies impersonated in phishing attacks were: Apple, Facebook, YouTube, Microsoft, Google, Amazon, and PayPal. Mature MSPs not only strictly control the flow of inbound emails to filter out phishing attacks, but they also mimic these phishing attacks in strategic “simulations” to expose small businesses to what the attacks look like and how they can stay vigilant.

A mature MSP can help, as can cybersecurity awareness training

The multiple layers of defenses that mature MSPs implement for their small business customers are absolutely essential for stopping threats. Attacks are becoming increasingly sophisticated. As a result, attackers are securing record-high profits from ransoms, data breaches, and other thefts. The best defense has several layers that complement each other, including end-user education. Business email compromise attacks, for example, don’t necessarily have a malware component that can be stopped with technology alone. Cybersecurity awareness training is the only layer that exclusively focuses on changing user behavior, and there’s no other layer that can take its place.