A lot happened around the world in 2018 – a year of historic moments. The age-old ban on women drivers in Saudi Arabia was lifted, Prince Harry wed Meghan Markle, Elon Musk’s Falcon Heavy successfully launched from the Kennedy Space Center, and France won the FIFA World Cup! But 2018 also saw a surge in data breaches – including a number of high-profile attacks like Quora, Marriott, British Airways, and Facebook ranking the top of many recorded lists from that year. These top cyber attacks will continue to shape the way enterprises around the world approach cybersecurity threats.
You can be sure that data breaches will not let up in 2019 but knowing which attack vectors are most prone to be explored can help in designing your cyber-threat management strategy.
Let’s take a look at 5 of the top cyber threats to businesses that companies should watch out for in 2019.
Ransomware, made famous by the crippling WannaCry attack in 2017, is a type of malware designed to deny access to a computer system or data by encrypting the information and holding it “hostage” until the ransom is paid. This cyber threat continues to be one of the top cyber attacks, and according to Business Insider, ransomware generates over $25 million in revenue for hackers each year. Additionally, 50% of companies don’t feel they are adequately prepared for this type of threat.
It’s been said that there has been a slight decline in ransomware compared to other threats, but the malicious software risk remains very real as the attacks are becoming more targeted. Instead of seeking mass infections, hackers are exploiting more precise vectors as the initial ingress. In order to lessen your chances of becoming a victim to this type of threat, it’s important to be proactive in your data protection strategies such as backing up your data to the cloud.
Phishing is a form of internet fraud where an attacker attempts to obtain sensitive information by pretending to be someone of familiarity through the use of electronic communication such as email or telephone. Playing on human’s innate trust, 91% of data breaches come from phishing, making this type of social engineering attack the leading threat vector for hackers. And as users are sharing an increasing amount of personal information through social media, criminals are finding a fruitful source of funds in information holders, which they target through phishing and ransomware attacks.
While no operating system is completely safe from phishing, taking actions like promoting a security culture within your business, deploying spam filters, keeping systems current with the latest security patches and encrypting all sensitive company data are a few important steps that you can do to protect yourself and your organization.
3. Data Leakage
2018 was a year of data breaches for what read like a list of who’s who of the world’s biggest companies. Data leakage is an action where classified information is transferred from a computer or data center to the outside world either intentionally or accidentally. This type of security incident can be damaging, costly and take time to repair.
According to the Ponemon Institute’s 2018 Cost of a Data Breach study, a cyber breach goes undiscovered for an average of 197 days, and by the time the incident is exposed and fixed, it is likely the damage is already done. Adding salt to the wound, 53% of organizations have experienced one or more breaches caused by a third party, costing an average of $7.5 million to remediate. The intent is generally to steal credentials, passwords and credit card numbers; though hackers will steal any data that can be sold.
Talk about a bad day: that’s if you’re finding out a cybercriminal managed to gain access to your network. Criminally breaking into computer systems to damage or steal data still offers rich pickings for some hackers. Computer predators victimize others for their own game and their motivation can be a number of reasons, like profit, protest, information gathering, challenge, or recreation.
Anyone who uses a computer connected to the internet is susceptible to the threats hackers pose. Phishing, spam email and bogus websites are typically the course of action for these criminals however, they can also try to access your data directly if you are not protected by a firewall. Packet sniffing, Man in the Middle, and backdoors are also viable means to infiltrate. Some tips to protecting against this type of threat? Keeping your OS updated, keeping up-to-date security programs, using strong passwords and encryption, smart emailing and backing up your data are all good practices.
5. Insider Threat
One of the largest unsolved issues in cybersecurity is an insider threat, and it’s not just a disgruntled employee’s actions you have to thwart; a careless insider can also cause devastating damage to a network. The losses from insider cyber threats can be significant often because the insider knows exactly where to look to obtain access and circumvent existing security measures. Although the possibility and severity of this type of risk are known and very real, resources and executive attention are rarely allocated to solve it. Users are the weak link in your network security, and more than ever, employees should be trained to remain vigilant.
Communicating your policy clearly and often, monitoring unusual or suspicious activity, and well documented offboarding are some best practices to help your organization reduce risk. The last thing anyone wants to do is add more layers to an already management-heavy security setup, but with the right attitude, approach and tools, this doesn’t have to be a brooding process.
As technology advances, so do the cyber threats to its security. Organizations need to be persistent in their data management practices, and it is equally important for employees to comply with frameworks set forth by management to reinforce a security mindset. Studying and understanding the top cyber attacks will allow your organization to create an effective cyber risk management program.
Download Now: Vendor Risk Management (VRM) Guide