COVID restrictions may have eased this year, but when it came to cyberattacks, there was no letting up. By September, 2021’s tally of data breaches shot past 2020’s numbers, and the year’s not over yet. If these trends keep up, 2022 will bring even more risk. It’s a lot to take in, but don’t worry — we’ve got you covered.
From sleeper accounts to phishing evolutions, we’ve summarized the major trends from 2021. Read on for our main takeaways, our predictions for 2022, and our advice for optimizing your cyberdefenses in the new year.
Sleeper accounts, phishing, and fraudsters, oh my: Major trends of 2021
The tech explosion triggered by the pandemic led to more users online than ever before. Along with the continued popularity of hybrid online and retail experiences, this rise in tech usage brought new opportunities for attackers. Looking at the biggest cybersecurity trends in 2021, we found big increases in three key areas:
1. Waking up to the threat of sleeper accounts.
Sleeper accounts are fake accounts created by fraudsters to help them evade detection, and their usage soared in 2021. After an initial period of activity, attackers leave sleeper accounts idle until they’re needed during a larger coordinated attack. For example, during a login attack, fraudsters may mix sleeper account credentials with stolen user credentials they want to test. This gives them artificially high login success rates, which makes them look more like a real user — and lets them sneak past rules-based security defenses without raising alarms. Fraudsters aren’t going to let up on this successful attack strategy in 2022. Luckily, advanced security protections won’t snooze through a sleeper account attack. Check out our case study to learn how we mitigate these threats with NuDetect.
Client mitigates login attacks, despite record-high correct credentials
2. Phishing gets phancier.
With the pandemic bringing more users online — many of them for the first time — phishing attacks became more specialized. A very common type of social engineering fraud, phishing occurs when attackers seek sensitive information by posing as legitimate companies or institutions. These scams evolved during the pandemic to seem less suspicious and to take advantage of new users who don’t have experience recognizing phishing attempts. For example, instead of trying to trick users into clicking bad links, fraudsters bought compromised credentials online, used them to log in, and then called users to obtain the two-factor authentication codes sent to their phones. And these attempts were increasingly successful — the correct credential rate during an attack jumped from less than 2% in 2020 to 10% in 2021. Phishing attacks will continue to evolve in the new year, where passive anti-fraud tools will be critical in helping to detect abnormal user behavior and preventing fraudsters from taking over accounts.
4 Security Trends From Our H1 2021 Risk Report
3. More hybrid experiences, more opportunities for fraudsters.
As COVID restrictions eased in 2021, hybrid experiences — like Buy Online, Pick Up In Store — gained popularity with their simplicity and short turnaround time. But as hybrid experiences increased, so did opportunities for online fraudsters. With more activities moved online, fraudsters used these hybrid experiences to make more fraudulent transactions. When a company’s security tools can’t confidently flag fraudulent transactions as risks, they often pile up in the manual review queue. Similarly, good user events (like transactions, logins, or account creations) trigger manual reviews when they can’t be deemed trustworthy by automated security systems, so company risk teams must manually review them as well for legitimacy. With security tools that can’t mitigate a significant portion of fraudulent events or recognize good users, manual review teams end up overburdened. This leads to legitimate events taking longer to complete, ultimately affecting good end-users. The good news is that there are advanced tools — like behavioral biometrics — that are capable of confidently detecting sophisticated fraud and determining trustworthy users, which significantly reduces the manual review queue.
How to optimize your cyberdefenses in 2022
With more interactions happening online than ever, customers demand seamless brand experiences, both digitally and in person. But in 2021, many companies struggled to find the balance between preventing fraud and eliminating friction for online users. Implementing UX improvements can also create opportunities for fraudsters. For example, not requiring two-factor authentication may streamline login, but it also makes user accounts easier to infiltrate if you don’t have other technologies in place.
Keeping systems both secure and seamless will be even more important in 2022. As companies strive to provide brand experiences that convert first-time users to repeat customers, fraudsters will continue to specialize their tactics to evade standard-bot detection tools by imitating human behavior. So what’s a company to do?
Adopt behavioral biometrics.
Behavioral biometrics are the first line of defense against evolved social engineering fraud. As phishing attempts become more specialized, behavioral biometrics help identify fraud before it happens by flagging potential threats and fraudulent users early on. Plus, they can be introduced without downgrading user experience.
Design and implement a multi-layered fraud strategy.
Sophisticated attacks aren’t going anywhere, so invest in a variety of fraud detection tools to assess and resolve risky events in real time. Look for tools that analyze account history for previous fraudulent activity and use device intelligence, like our Trusted Device solution.
Invest in advanced fraud solutions and UX improvements.
Improving user experience is great for your customers, but it benefits fraudsters, too. To keep fraud rates low, invest in advanced solutions that keep user experience and fraud detection and prevention top of mind. In other words, steer clear of solutions that sacrifice one for the other.
If there’s anything that 2021 has taught us, it’s that adding behavioral biometrics to your multi-layered cyberdefense strategy is the best way to tackle fraud without burdening good users. In 2022, choose tools capable of detecting fraud proactively — and your user experience will never have to take a backseat.
The post Risk management got a little messy in 2021, here’s what you can do in 2022 appeared first on NuData Security.
*** This is a Security Bloggers Network syndicated blog from NuData Security authored by NuData. Read the original post at: https://nudatasecurity.com/resources/blog/risk-management-got-a-little-messy-in-2021-heres-what-you-can-do-in-2022/