Learn About the Biggest Cyber Threats Businesses Face Today
Cyber security threats continue to grow daily. Educating yourself about the top ten cyber security threats can help stop them from happening to you and your company. Learn more about the top 10 cyber security threats and how you and your clients can take steps to be protected.
Top 10 Cyber Security Threats
- Third Party Exposure
Using third parties for services, such as payment processing, does not absolve the end retailer of responsibility for a data breach. Furthermore, third parties can expose you to an attack, even if your company does not directly handle a large amount of sensitive information. Hackers can deploy malware through third party vendors and steal personal information, as they did in the Target malware attack in 2013. Even if the attack originated with a third party, you are still liable.
- Patch Management
Not staying up-to-date with software patches leaves companies vulnerable to any number of cyber security breaches. As soon as attackers learn of a software vulnerability, they can exploit it to launch a cyber attack. Starting in May 2018, two large-scale cyber attacks were launched by exploiting a critical weakness in the Windows operating system known as Eternal Blue. Crucially, Microsoft had released a patch for the Eternal Blue vulnerability two months earlier in March. Organizations that did not update their software with the patch were left exposed, highlighting the danger of this current cyber security threat.
- Cloud Vulnerabilities
As the amount of data companies store in the cloud increases, so too does the risk of a cyber attack. Cloud services are vulnerable to everything from account hijacking to Denial of Service (DoS) attacks, which prevent individuals and companies from being able to access their data. Many companies are under the impression they are secure because they employ technology to protect their data stored in the cloud and elsewhere. In reality, technology is only part of the solution. ProWriters’ Brian Thornton believes that companies must adopt a “holistic approach to cyber risk management,” and because no technology can completely eliminate vulnerabilities, insurance is an important piece of cyber risk management solutions.
Business E-mail Compromise (BEC) attacks, commonly known as whaling, are one of the biggest cyber threats today. Whaling involves attackers using deception to convince an employee they are a legitimate party in order to gain access to data. They have grown larger and more sophisticated in recent years, threatening businesses of all sizes. A recent FBI report revealed a 136% increase in global exposed losses between December 2016 and May 2018, rising to more than $12.5 billion in losses worldwide. Nearly one quarter of those losses occurred within the U.S.
Ransomware attacks are a serious and rapidly growing cyber threat. These attacks infect your network and hold your data hostage until a ransom is paid. While the money lost making this kind of payment can be significant, it can pale in comparison to the monetary damages that come from lost productivity and data destruction. Unfortunately, this threat isn’t going away anytime soon; according to Cisco’s Annual Cybersecurity Report, ransomware attacks are increasing at a rate of 350% per year.
- Mistaking Compliance for Protection
Simply being in compliance with data regulations does not mean one is protected from an attack. It would be more accurate to say compliance certification represents a snapshot in time when a minimum level of protection was confirmed as opposed to continuous and robust protection. For example, although companies strive to meet the Payment Card Industry Data Security Standard (PCI DSS) for their annual audit, this is not necessarily representative of their usual standard of protection. According to Verizon’s PCI Compliance Report, four out of five companies failed to maintain compliance at their interim assessment after previously meeting standards. Companies that were deemed PCI DSS-compliant have still suffered from cyber security breaches, some just weeks after they were certified. As these companies have learned, meeting adequate legal standards is not a substitute for cyber protection.
- Mobile Security Threats
Mobile technology can be a significant asset to businesses, but it can also expose them to potential cyber security breaches. Findings from a recent mobile security report conclude that one in five organizations suffer from mobile security breaches. The majority of these attacks came from malware and malicious WiFi.
- Bring Your Own Device (BYOD) Policies
Many companies today are encouraging employees to take their own devices from home to work as part of their Bring Your Own Device (BYOD) policies. This has several benefits including increased flexibility and convenience. However, BYOD policies can also leave companies exposed to serious cyber security breaches. Employees’ devices can be easier for hackers to access than company devices, creating an opening for attackers to breach networks and compromise data.
- Internet of Things (IoT)
The Internet of Things (IoT) connects devices from all over the world through the internet, allowing them to store, send and receive data. But because they are linked to the internet, they can be exploited as access points by hackers. As companies increasingly rely on IoT devices, many experts predict this will be one of the biggest cyber threats in 2018.
- Outdated Hardware
Not all threats to cyber security come from software. The pace at which software updates are released can make it difficult for the hardware to keep up, creating exposures that can put companies’ data at risk. As hardware becomes obsolete, many outdated devices will not allow updates with the latest patches and security measures. Devices that rely on older software are more susceptible to cyber attacks, creating a major potential vulnerability.
At the end of the day, insurance is an important part of a holistic approach to cyber risk management. To learn about ProWriters’ cyber risk management solutions or to discuss you or your clients’ potential exposure, please contact us today.