Risk management got a little messy in 2021; here’s what you can do in 2022
COVID restrictions may have eased last year, but there was no letting up when it came to cyberattacks. By September 2021, the tally of data breaches had already shot past 2020’s numbers, and the year wasn’t over yet. If these trends continue into 2022, the new year will bring even more risk. It’s a lot to take in, but don’t worry – we’ve got you covered.
From sleeper accounts to phishing evolutions, we’ve summarized the major trends from 2021. Read on for our main takeaways, predictions for 2022, and advice for optimizing your cyber defenses in the new year.
Sleeper accounts, phishing, and fraudsters, oh my – the major trends of 2021
The digital explosion triggered by the pandemic led to more users online than ever before. Along with the continued popularity of hybrid online and retail experiences, this rise in tech usage brought new opportunities for attackers. Looking at the biggest cybersecurity trends in 2021, we found big increases in three key areas:
1. Waking up to the threat of sleeper accounts.
Sleeper accounts are fake accounts created by fraudsters to help them evade detection, and their usage soared in 2021. After an initial period of activity, attackers leave sleeper accounts idle until they’re needed during a larger coordinated attack. For example, during a login attack, fraudsters may mix sleeper account credentials with stolen user credentials they want to test. This gives them artificially high login success rates, which makes them look more like a real user — and lets them sneak past rules-based security defenses without raising alarms. Fraudsters aren’t going to let up on this successful attack strategy in 2022 – but luckily, advanced security protections won’t snooze through a sleeper account attack. Check out our case study to learn how we mitigate these threats with NuDetect.
2. Phishing gets phancier.
With the pandemic bringing more users online — many of them for the first time — phishing attacks became more specialized. A very common type of social engineering fraud, phishing occurs when attackers seek sensitive information by posing as legitimate companies or institutions. These scams evolved during the pandemic to seem less suspicious and to take advantage of new users who don’t have experience recognizing phishing attempts. For example, instead of trying to trick users into clicking bad links, fraudsters bought compromised credentials online, used them to log in, and then called users to obtain the two-factor authentication codes sent to their phones. And these attempts were increasingly successful — the correct credential rate during an attack jumped from less than 2% in 2020 to 10% in 2021. Phishing attacks will continue to evolve in the new year, and passive anti-fraud tools will be critical in helping to detect abnormal user behavior and preventing fraudsters from taking over accounts.
3. More hybrid experiences, more opportunities for fraudsters.
As COVID restrictions eased in 2021, hybrid experiences — like Buy Online, Pick Up In Store — gained popularity with their simplicity and short turnaround time. But as hybrid experiences increased, so did opportunities for fraudsters to make more fraudulent transactions online. When a company’s security tools can’t confidently flag fraudulent transactions as risks, they often pile up in the manual review queue. Similarly, good user events (like transactions, logins, or account creations) trigger manual reviews when they can’t be deemed trustworthy by automated security systems, so company risk teams must review them as well for legitimacy. With security tools that can’t mitigate a significant portion of fraudulent events or recognize good users, manual review teams end up overburdened. This leads to legitimate events taking longer to complete, ultimately affecting good end-users. The good news is that there are advanced tools — like behavioral biometrics — that are capable of confidently detecting sophisticated fraud and determining trustworthy users, which significantly reduces the manual review queue.
How to optimize your cyber defenses in 2022
With more interactions happening online than ever before, customers demand seamless brand experiences, both digitally and in person. But in 2021, many companies struggled to find the balance between preventing fraud and eliminating friction for online users. Implementing UX improvements can also create opportunities for fraudsters. For example, not requiring two-factor authentication may streamline login, but it also makes user accounts easier to infiltrate if you don’t have other technologies in place.
Keeping systems both secure and seamless will be even more important in 2022. As companies strive to provide brand experiences that convert first-time users to repeat customers, fraudsters will continue to specialize their tactics to evade standard bot detection tools by imitating human behavior. So what’s a company to do?
Adopt behavioral biometrics.
Behavioral biometrics are the first line of defense against evolved social engineering fraud. As phishing attempts become more specialized, behavioral biometrics help identify fraud before it happens by flagging potential threats and fraudulent users early on. Plus, they can be introduced without downgrading user experience.
Design and implement a multi-layered fraud strategy.
Sophisticated attacks aren’t going anywhere, so invest in a variety of fraud detection tools to assess and resolve risky events in real time. Look for tools that analyze account history for previous fraudulent activity and use device intelligence, like our Trusted Device solution.
Invest in advanced fraud solutions and UX improvements.
Improving user experience is great for your customers, but it benefits fraudsters, too. To keep fraud rates low, invest in advanced solutions that keep user experience and fraud detection and prevention top of mind. In other words, steer clear of solutions that sacrifice one for the other.
If there’s anything that 2021 has taught us, it’s that adding behavioral biometrics to your multi-layered cyber defense strategy is the best way to tackle fraud without burdening good users. In 2022, choose tools capable of detecting fraud proactively — and your user experience will never have to take a backseat.