Date: 23-Jul-2020
Business leaders say cyberattacks are one of the most worrisome risks their organizations face, and it’s something companies of every size must deal with. A 2014 report by McKinsey and the World Economic Forum said that more than half of executives called cybersecurity a strategic risk for their companies. Proper security training and procedures can help, but oftentimes a company’s most vulnerable spot is its people.
“On many occasions these attacks succeed because employees haven't been properly trained to recognize and avoid suspicious links or email attachments,” says Adnan Raja of Atlantic.net, a global hosting provider.
Here are some of the top cybersecurity trends businesses are facing.
Ransomware is software that locks users’ computers and demands a payment for unlocking. The high-profile WannaCry version hit hundreds of thousands of computers in mid-May, disrupting business and communications around the world. The proliferation of ransomware kits has made it possible for anyone to reap the rewards of an attack, so ransomware infections are likely to only grow, Raja says.
Education and preparation are key steps for prevention, he says. “Proper email security training, as well as establishing better rules for email attachments and which users are allowed to run executable files and install software, can go a long way toward bolstering your defenses against a ransomware attack,” he says.
Even with the rise of ransomware, phishing will continue to threaten businesses through individual employees, experts say. Phishing attempts, which consist of soliciting information or money through what seem to be legitimate requests and channels, have gotten more specific, says David Schroth, managing director of Design Compliance and Security, which provides compliance and security solutions to businesses. “While this sort of thing has been happening for a long time, the criminals using social engineering have been getting better and more targeted to specific people within organizations to achieve their desired result,” he says.
A “phished” employee may wire money to an unknown account, provide ongoing access to a computer system or unwittingly infect the company’s system with ransomware, Schroth says. The increasingly effective targeting has highlighted the need of businesses to ensure that their users are trained and aware, Schroth says. In addition, employers should review their processes to reduce the risk of unauthorized transactions.
Cyberattacks are branching out to mobile devices such as tablets, wearable tech and other devices businesses may issue. “Mobile will be a growing point of entry for security breaches in 2017, because employees everywhere are doing more work on nontraditional devices,” says Dana Epp, chief technology officer at Kaseya, which provides IT management software. “Anything that has an IP address is a risk factor to a business — but at the same time it is also a value to the business, so it is a slippery slope. We just need to be smarter.”
For individual industries, healthcare employers especially are expected to see increased attacks. Healthcare organizations often have thousands or even tens of thousands of gigabytes of patient data they cannot afford to lose, Raja says, and this makes them all the more willing to pay handsomely to get their data back at any cost.
“Multi-factor authentication helps ensure that only your authorized employees can access your network,” Raja says. “Two-factor authentication should be applied not only to your VPN but to your organization’s LinkedIn and Google accounts and other online accounts as well.”
Subscribe to our Ebix blog or curate your subscriptions for the most relevant content and never miss a single article! Industry driven thought leadership delivered straight to your inbox with the click of a button. What could be easier?
