These Are the Biggest Cyber Threats Businesses Face Today
As more and more of what we do happens online, cyber security becomes an increasing area of concern. Cyber incidents cost companies billions of dollars every year and expose an enormous amount of personal data. At ProWriters, we’ve identified the trends in cyber risk to keep you informed and prepared. Learn more about the top 10 cyber security threats today and what steps you and your clients can take.
Top 10 Cyber Security Threats
- Third Party Exposure
Many retailers use third parties for services such as payment processing. As such, they often believe liability for a third party breach does not apply to them. In reality, using a third party vendor does not absolve them of responsibility for a data breach. Even if a company does not directly handle personal information—including social security numbers or credit card numbers—a third party can put them at risk. With malware, hackers can steal data through third-party vendors, as they did in the Target malware attack in 2013. Even if the attack originated with a third party, liability can’t be outsourced.
- Patch Management
Not staying up-to-date with software patches leaves companies vulnerable to any number of information security breaches. As soon as attackers learn of a software vulnerability, they can exploit it to launch a cyber attack. Indeed, many attacks start with outdated software. Two large-scale cyber attacks launched starting in May 2018 illustrate this trend in cyber security. The attacks exploited a critical weakness in the Windows operating system known as Eternal Blue. Crucially, Microsoft had released a patch for the Eternal Blue vulnerability two months earlier. Organizations that did not update their software were left exposed, highlighting the danger of this current cyber security threat.
- Cloud Vulnerabilities
As the amount of data companies store in the cloud increases, so too does the risk of a cyber attack. Cloud services are vulnerable to a wide range of cyber incidents. This includes account hijacking and Denial of Service (DoS) attacks, which prevent companies from being able to access their data.Many businesses believe they are secure because they use cloud security technology. In reality, technology is only part of the solution. Because no technology can completely eliminate vulnerabilities, a holistic approach is needed for robust protection. Insurance is an important piece of that protection as part of a comprehensive cyber risk management plan.
Business E-mail Compromise (BEC) attacks, commonly known as whaling, are one of the biggest cyber threats today. This type of phishing attack involves attackers convincing a target they are a legitimate party to gain trust and access to data. They have grown larger and more sophisticated in recent years, threatening businesses of all sizes. A recent FBI report revealed a 136% increase in global exposed losses between December 2016 and May 2018. Nearly one-quarter of those losses occurred within the United States.
Ransomware attacks are a serious cyber threat. These attacks infect your network and hold your data and computer systems hostage until a ransom is paid. While the immediate ransom can be significant, the monetary damages from lost productivity and data loss are often the most destructive. Ransomware is a popular way for attackers to target businesses, and trend lines indicate this will continue to be the case. According to Cisco’s Annual Cybersecurity Report, ransomware attacks have been increasing at a rate of 350% per year.
- Mistaking Compliance for Protection
Simply meeting data compliance standards is not the same as continuous and robust protection. For example, many companies need to meet the Payment Card Industry Data Security Standard (PCI DSS) for their annual audit. However, this is not necessarily representative of their usual standard of protection. According to Verizon’s PCI Compliance Report, four out of five companies failed to maintain compliance at their interim assessment. These were the same companies that previously met compliance standards.Companies that were deemed PCI DSS compliant have still suffered from cyber security breaches, some just weeks after they were certified. As these companies have learned, meeting adequate legal standards is not a substitute for cyber protection.
- Mobile Security Threats
Mobile technology can be a significant asset to businesses, but it can also expose them to potential cyber security breaches. Findings from a recent mobile security report conclude that one in five organizations suffer from mobile security breaches. The majority of these attacks came from malware and malicious Wifi.
- Bring Your Own Device (BYOD) Policies
Many companies are encouraging employees to use personal devices at work as part of their Bring Your Own Device (BYOD) policies. This has several benefits including increased flexibility and convenience. Some even claim it helps to increase productivity and morale.While there are numerous benefits, BYOD policies can also leave companies exposed to serious cyber security breaches. Personal devices can be easier to hack than company devices, creating an opening for attackers to breach networks and compromise data. It’s important to review these policies and ensure employees are properly trained to minimize the associated cyber risks.
- Internet of Things (IoT)
The Internet of Things (IoT) connects devices from all over the world through the internet. This allows for a network of devices that can store, send, and receive data. It offers a convenience that comes with improvements in technology, and many individuals are taking advantage of it.But because these devices are linked to the internet, they can be exploited as access points by hackers. As companies increasingly rely on IoT devices, many experts predict this will be one of the biggest cyber threats in the coming years.
- Outdated Hardware
Not all threats to cyber security come from software. The pace at which software updates are released can make it difficult for the hardware to keep up. This, in turn, creates exposures that can put companies’ data at risk. As hardware becomes obsolete, many outdated devices will not allow updates with the latest patches and security measures. Devices that rely on older software are more susceptible to cyber attacks, creating a major potential vulnerability. It is important to monitor this and respond quickly when devices become out of date.
At the end of the day, insurance is an important part of a holistic approach to cyber risk management. Cyber is a rapidly evolving exposure that requires dedicated expertise to address effectively. To learn about our cyber risk management solutions, check out our FREE eBook, Creating a Comprehensive Cyber Risk Management Plan. And when you’re ready for one-on-one support, schedule a call with a ProWriters expert today!