When it comes to combating cybercrime, there are three major challenges. First, this is a global problem that is never going away and will only become more complex. Second, there is not a single entity to date—from a government agency to a Fortune 1,000 company in the United States—that has developed a full-proof solution to this evolving equation. Finally, we have no real international cyber enforcement policies in place to hold criminals accountable for their actions. Some of the biggest failures have been the inability of businesses and organizations to adequately protect their systems down to the end user, and investing in the proper security and training of employees against cyber threats. Addressing these vulnerabilities will be critical in 2022, not only as corporate travel begins to see a resurgence but particularly as many workers continue to work remotely.  

In 2020, the FBI’s Internet Crime Complaint Center reported close to 800,000 internet crime complaints, a nearly 70 percent increase over 2019, with losses realized in excess of $4.1 billion. Of those complaints, Business E-mail Compromise schemes, phishing scams and ransomware incidents were among the most notable. One of the main reasons for the increase in cybercrime has been the Covid-19 pandemic induced shift to remote work—which has created a ripe environment for cyber criminals to exploit unsecure and vulnerable at-home networks. As the FBI’s Cyber Engagement and Intelligence section chief David Ring explained in a webinar our company hosted last year on cybersecurity trends, “the more access points, the greater the threat will be for the actors.” By many benchmarks, remote work is here to stay in some form and so this will continue to be a major vulnerability for companies if they don’t take steps to address it quickly.  

Regardless of whether employees are working from home or traveling on business, companies that have the most sophisticated enterprise cybersecurity systems in place are still at risk. One major weakness is that these platforms often fail to adequately protect electronic devices outside of the physical office space. The recent news that U.S. athletes heading to Beijing next month to compete in the Winter Olympics are being advised smartly to leave their personal cell phones at home and instead use “burner” phones illustrates this point. 

Adding to this problem is a lack of employee education and training around end user protection, including how to identify and address a ransomware or phishing attack and how not to use public wi-fi when out of the office. To illustrate how easy it is for an intrusion to occur, a hacker can simply replicate a hotel’s wi-fi login page so that when someone using the hotel wi-fi logs in with their name and room number, the hacker sitting in the hotel lobby has just penetrated that device and opened up a honey pot to bad actors. This can happen in any five-star hotel in any major city around the world, in an instant. 

It’s scary to think that if a company is hacked today, the FBI has an extremely low probability of prosecuting anyone. And, while the U.S. has made progress in strengthening our nation’s cybersecurity, we have been playing a catch-up game that has lasted over 30 years. But until we have enforcement policies with real teeth, rogue nation states, cartels and hackers will continue to leverage digital platforms to manipulate, steal and blackmail their way into the systems of corporations, governments and individuals at an alarming scale. This isn’t just a China or a Russia problem. It’s an everywhere problem. 

With our workforce more dispersed in 2022 than ever before, companies must invest the time, effort and money to bolster their cybersecurity defenses, right down to the end user by properly educating and training employees on how to secure laptops, cellphones and other devices, while also ensuring at-home wi-fi and routers are secure. A cybersecurity system that fails to account for the human condition will ultimately fail. At that point a breach will occur, leaving a company with a permanent black mark on its brand and even worse, possibly putting it under for good. It’s not a question of if but when.