Cybersecurity is an important topic for all businesses interested in protecting their data. For organizations of any size, stolen information can have lasting impacts. In fact, some never recover, with 60% of small businesses closing within six months of a cyberattack1.
For IT admins, the concept of cybersecurity can be daunting, as it involves securing physical and virtual access to servers, systems, applications, data, and other equipment. The annual cost of cybercrime — involving companies that are hacked or otherwise disrupted by hackers — is projected to increase by 72% in the next five years. Cybercrime is on the rise, and as such, it is valuable for organizations to evaluate what cybersecurity threats are currently challenging the security of their businesses2.
Threats to Security Are Evolving
Cyberattacks exposed over 7.9 billion records over the first nine months of 2019, with only six of those breaches exposing over 100 million financial or personal records3.
With technology evolving at such a rapid pace, IT admins are struggling to thwart the near-constant threat of a cyberattack. Below we’ve outlined a few of the biggest cybersecurity threats that businesses and IT organizations need to be prepared for. Keep in mind, however, that this is by no means a comprehensive list, and diligence should be maintained.
Social engineers exploit people’s emotions to fool them into providing information that can range from personal to professional. They use trickery to establish trust, then exploit that trust to get what they want. These attacks seek to deceive people into releasing material like credit card numbers, social security numbers, and user credentials.
According to the 2019 State of the Phish Report, 83% of organizations experienced a social engineering attack in 2018, up from 76% in 20174. This form of attack thrives on fooling users into revealing information that can leave entire systems, networks, applications, and databases vulnerable for hackers to prey upon.
Similar to social engineering, ransomware is on the rise as well. This attack uses software designed to keep the user from their data or access to their IT resources and hold it hostage for payment.
Most commonly delivered as spam, this form of hacking is made possible by users clicking on a link, which then allows hackers to either disable the essential services on a system or lock a user out entirely. Ransomware can also be accomplished through nefarious websites. When users load the page, it executes malicious code that encrypts files or blocks access to their system.
This particular threat can be especially damaging for organizations that still house their data on-prem, as ransomware attacks can affect entire systems and servers.
Man-in-the-middle (MITM) attacks involve a hacker creating links that are essentially digital wiretaps between two or more users or IT resources. They do this to intercept messages between them and potentially insert new information. Commonly referred to as a form of network eavesdropping, this is accomplished without users realizing their communications are being controlled.
This form of attack works especially well at public establishments like hotels, where users join a public network. MITM attacks allow hackers to intercept conversations containing confidential information — as well as email chains — sent between users and their IT resources.
Prepare for an Attack Before It Can Occur
No matter the current means, compromised credentials remain the top attack vector to an organization. In fact, nearly two-thirds of IT professionals believe a cyberattack is imminent5.
Any organization can (and probably will) encounter a hacker at some point. The most important steps should be taken before and immediately after a hack occurs. For IT admins, this means making sure that all user identities, systems, networks, and applications are secured with multi-factor authentication, SSH keys, RADIUS, and other protocols. For users, that means alerting security personnel when you see any messages, alerts, or websites that appear abnormal or suspicious.
To learn more, consider browsing this security training resource for organizations. Written to inform users, it includes cybersecurity best practices and the types of threats they may encounter.
- Galvin, Joe. “60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here’s How to Protect Yourself.” Inc. Manuseto Ventures, May 7, 2018. Retrieved December 8, 2019. https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html
- Bissell, Kelly, & Ponemon, Larry. “The Cost of Cybercrime.” Accenture Security, 2019. Retrieved December 11, 2019. https://www.accenture.com/_acnmedia/pdf-96/accenture-2019-cost-of-cybercrime-study-final.pdf
- Goddjin, Inga. “Data Breach QuickView Report 2019 Q3 trends.” RiskBased Security, November 2019. Retrieved December 20, 2019. https://pages.riskbasedsecurity.com/hubfs/Reports/2019/Data%20Breach%20QuickView%20Report%202019%20Q3%20Trends.pdf
- Egan, Gretel. “2019 State of the Phish Report: Attack Rates Rise, Account Compromise Soars.” Proofpoint, January 31, 2019. Retrieved December 10, 2019. https://www.proofpoint.com/us/corporate-blog/post/2019-state-phish-report-attack-rates-rise-account-compromise-soars?utm_source=datafloq&utm_medium=ref&utm_campaign=datafloq
- “2019 Cyberthreat Defense Report.” CyberEdge Group, 2019. Retrieved December 12, 2019. https://cyber-edge.com/wp-content/uploads/2019/03/CyberEdge-2019-CDR-Report.pdf
- Brooks, Charles J., Christopher M. Grow, Philip Craig, and Donald Short. Cybersecurity Essentials. Sybex, 2018.