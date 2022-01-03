2021 was a challenging year in cybersecurity, and there's no reason to believe that this will end. As we approach 2022, all businesses large and small need to address some basic issues that impact the security of their systems. and their customers?

Internet of Things . Internet of things - the elf on the shelf, alarm systems, internet-enabled heating HVAC, solar panels, and public Wi-Fi systems have long been a soft underbelly of cybersecurity. In the past 10 days, TechCrunch+ reported that "an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at risk." (https://techcrunch.com/2021/12/17/security-flaws-wifi-gateway-hundreds-hotel/). The system uses hardcoded passwords that are easy to guess and allow an attacker to gain remote access to the gateway's settings and databases; they are then able to use that knowledge to access and exfiltrate guest records, or reconfigure the gateway's networking settings to unwittingly redirect guests to malicious webpages. This is not something unique to hotels - everything that connects to your system is a potential weak spot in cybersecurity.

Social Media . Virtually all companies use social media to promote their businesses and attract customers. But social media depends on the collection and use of personal information, and that information can make companies a prime target of bad actors. Their goal isn't limited to credit card numbers; these threat actors are looking for personal information that allows them to obtain credentials and infiltrate networks. When a threat actor gains access to a network - which could be your network - they can pose an existential threat to a business through ransomware, extortion, denial of service and other attacks.

These are not the only security risks that companies face in 2022, but they demonstrate a conundrum - the very things that create security challenges are also essential for operations. Internet-enabled devices are ubiquitous and essential to business. Social media is a key part of marketing, giving firms the ability to target potential customers at a relatively low cost; that ability is especially important during the current economic challenges. Vendors cannot be eliminated; there are too many functions that require special skills and experience that companies cannot effectively bring in house, at least at a reasonable cost.

But this does not mean that companies can simply throw up their hands. If businesses create reasonable security efforts, they can control their risks and reduce the likelihood of a breach and the damage it would bring. Resources, like the National Institute of Standards and Technology, have created frameworks to help companies evaluate and address their risks (https://nvlpubs.nist.gov).

