According to Gartner, spending on cybersecurity worldwide is expected to reach $133.7 Billion by 2022. Most cyber threats are motivated by money, but an estimated 25% is a result of espionage. Investing in security staff at the front door is no longer enough. You must know what to protect your company from, especially if you are just now formulating a plan to deal with cybersecurity risk. We will list out five common threats that have the potential to create a significant blow to your business if you are not sufficiently protected.
These may be less frequent but are very expensive if you ever come across one. The average cost of a ransomware attack on companies is $133,000. Ransomware software is one of the oldest threats in the book. It involves the use of software that either threatens to block your access to, or to erase your important data. You can only access your data once you pay the ransom money and get a decryption key in return from the hacker. Payment doesn’t guarantee that the hackers will send you the decryption key, though, and you should formulate a policy about what your company will do in the event you become a ransomware victim.
Since most malicious ransomware attacks happen through email, it is important to train your employees to be careful with email spam and clicking on shady links.
Having a good anti-virus program in place will scan these email messages for you and provide a primary obstacle in the hacker’s way.
Keep a complete data backup will ensure that even if ransomware software makes it into your system, you are not left vulnerable to the hacker’s demands.
Phishing involves posing as a trusted source like a bank official, or a person of your own company, to gain secret information and use that access to conduct big financial scams. Verizon reports that phishing still makes up approximately 33% of all cybersecurity threats. When you think about the reason for why it’s so prevalent, the answer becomes quite obvious. Phishing involves the least amount of investment and skill compared to other forms of cybersecurity attacks, and offers the highest return for hackers because they get to dictate the size of the transaction.
Hackers are getting creative and even posing as CEOs in their email messages to big company CFOs, pushing them to process payments to an account that the cybercriminals own, or asking for important credentials and passwords. This has become known as Whaling.
Spam filters and anti-malware programs are great at preventing email messages from unknown and unwanted sources, but phishing can occur across any communication channel, including messaging and communications apps like Whatsapp, Skype, and social media. This makes it much harder to police and control. We suggest you always double-check identities before you divulge important credentials or make a transaction on your company’s behalf. Companies must train their staff to do the same.
The most disheartening and damaging part of any cyberattack is the data loss that comes with a breach. Accenture placed the value of information loss for the average data breach at $5.9 million.
One of the challenges posed by data leaks is that there are multiple points where it can occur. Smartphones are a huge entry point for such threats. With employees processing important company data and downloading multiple apps on the same phone, the risk to companies is higher than ever. Hackers can quickly take control of phone settings and capture screenshots of important data.
Data leakage has become an even greater threat with the emergency of IoT and smart devices. Smart devices are seen as cool additions to the office or home but are rarely protected with strong security measures. This makes them the perfect target for data hackers.
Not all is lost, though. According to Cyber Observer, 80% of all data breaches can be prevented with basic actions. This means putting app locks and passwords on important information in employee smartphones and other devices and regular security checks of all IoT and smart devices in the office.
According to Forrester’s State of Application Security Report, 2020, software and web application vulnerabilities were the number one and two attack vectors for breaches. Application security is becoming increasingly important to the security posture of companies, and they are spending money and resources on tools to integrate security into the architecture, design, and development phase of the software development lifecycle. While spending on these tools and services helps, the human component should not be overlooked. Dimension Research published a report that stated that more than half of software developers have not received any kind of secure coding training. Without this type of training, developers will continue to create the same software vulnerabilities. Companies such as HackEDU provide secure coding training that is hands-on and educates developers effectively on the vulnerabilities that they are most likely to see, or that reside in their actual codebase.
We kept this one for last because it’s a difficult one to deal with. According to Verizon, 34% of all data breaches are caused by internal factors. Employees can accidentally or maliciously become the cause of huge cyber attacks. If passwords and important company data are used for personal gain or left unprotected by employees, this can harm the company in the long term.
Insider threats can develop simply, through a spam email or virus on an employee’s work computer. One way of preventing such incidents is through proper training of staff in security practices and protocol while dealing with confidential data.
We suggest giving access to sensitive information to the least number of people as you can. The people you choose should be trustworthy and responsible.
You can also install monitoring software to keep track of what employees are up to on their workstations.
We’ve listed out the most common cybersecurity issues that companies face, but there are plenty of other ways cybercriminals can attack your systems. Some things you can do to help protect your company’s assets:
- Perform regular data backups
- Invest in good anti-malware software
- Provide training on security practices to your staff
- Provide training on secure coding practices to your developers
While there’s no guarantee that you won’t be breached if you perform all these steps, there’s a much greater likelihood that you will be if you don’t, and you should incorporate all of these best practices into your company’s operations.
Donald Korinchak is a Cybersecurity Professional in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in business, leadership, and cybersecurity issues.