Due to the pandemic, many traditional brick-and-mortar businesses have been forced to digitalize despite not being prepared for it. This has led to many security risks.
Even businesses that have a history of operating online have been affected because their employees who started working remotely have fewer security measures on their home devices.
We want to help you deal with all these threats that could seriously damage your business and find out what you must do to protect it.
We reached out to 40 cybersecurity experts and asked them the following question:
What are the top cyber security threats that your clients face?
Some of the answers received talk about the same threats. This only shows the importance and the frequency of those risks. Other experts may describe a particular threat that you haven't encountered so far. It could be specific to a certain type of expertise or country
We appreciate the variety of answers that we received that allows us to form a complete picture of the latest cybersecurity threats
Without further introduction let's see what the experts had to say.
Shayne Caffrey — LeeShanok
Phishing attacks and social engineering are the two attacks we’re the most concerned about for our clients.
Most of the businesses we partner with invest in technology that is doing a great job at protecting against exploits and malware. But that technology can only go so far in protecting against human error.
Even if only 1 in 100 malicious emails make it through the filters we put in place, we have to trust that users are educated enough to recognize the 1% that hit inboxes.
Similarly, we educate our clients about how to recognize in-person and over-the-phone social engineering attempts. There is no technology that can fully block these attacks, so we rely on people to make smart decisions.
I mentioned that most of our clients invest in security technology. Some are lagging behind.
For example, some haven’t implemented multi-factor authentication, so we have to keep an extra sharp eye out for compromised credentials.
Others are still holding on to old firewalls rather than upgrading to next-gen models. For these clients, we still worry about malicious websites, connecting remotely without a VPN, and machines with malicious applications connecting to the network.
Michael Gray — Thrive
1. Ransomware Attacks
These attacks have only gotten worse and are not letting up anytime soon. They are an easy and low-risk way for criminals to make money.
Law enforcement is starting to crack down on the more egregious attacks (think Colonial Pipeline), but that will only shift the criminals’ approach from one large attack to attacking multiple midsize and small companies
2. Spear Phishing/Whale Phishing
Spear phishing and whale phishing continue to target people who have access to money. For example, if someone in ‘accounts payable’ gets their email compromised, their emails will be downloaded and their address book copied.
Attackers will try to convince vendors to route the money to a new bank, oftentimes successfully. They will also review the address book to see if they can spam someone in the address book to get their email compromised.
Expect to see an increase in ransomware on the users that have been compromised as the threat actors already have a foothold.
3. Network Appliances are “Hot”
Stand-alone network devices such as routers, firewalls, switches, etc. are not updated as often as servers; there will be more targeted attacks against them.
Businesses don’t want to incur the downtime associated with updating them, and many internal IT engineers prefer not to update firmware on these devices due to the perceived risk.
Artyom Sryvkov — EB Solution
There are a lot of things that can happen to your IT systems if they are not protected correctly. Here are the three biggest threats businesses face.
Probably the most common type of cyber attack. Here is how it goes — a hacker get access to one of the machines and uploads a malicious code (or tricks a victim into uploading it). Malicious code spreads through the network to all the machines and encrypts all the files. For decryption codes hackers ask for a ransom, thus the name — ransomware.
2. Identity theft
This one is rarer, but we still see it sometimes. It starts like a ransomware attack but instead of uploading encrypting software hackers keep low profile snooping around in your systems looking for private and sensitive information. Later, your information can be used for financial crimes or just sold to others.
3. Data loss and business process disruptions
This one is way very rare and usually, it’s very personal. After getting access to your IT systems hackers just wreak havoc. They may delete your databases, encrypt data, or modify files to break your operational systems completely. There are no financial benefits for hackers unless they were paid by your competitors to do it.
Cyber security awareness training is very important — most of security breaches happen due to staff being unaware or negligent. Try to have it 2-3 times a year.
And hire a professional to set it up for you. You can do it all yourself, no doubt. But people who do it for 10+ years already know all the possible vulnerabilities of your IT systems and how to cover them.
Mike Pedrick — Nuspire
Organizations large and small continue to face the threat of ransomware – it’s effective, it’s lucrative for attackers and it’s ubiquitous.
2. Extortion via data exfiltration
Attackers interested in capitalizing on the deployment of ransomware started employing data exfiltration protocols to increase their chances of getting paid by their victims. As time has progressed, some cybercrime organizations have started to find this extortion process more successful (and resource-efficient) and, in some cases, have backed off on the ransomware component.
3. Talent attrition
The reshuffling of talent following the global pandemic has led organizations to reconsider the costs – known and unknown — associated with losing tribal knowledge, experience, and tenure of key personnel to attrition.
4. Deepfakes/social engineering
AI-enhanced software platforms have led to the weaponization of deepfake audio and video content in social engineering campaigns. Even seasoned professionals and borderline-paranoid experts have fallen victim to such convincing content.
5. Emerging regulations
An increase in concern on the part of the general public regarding data collection/use and the rise of surveillance capitalism has reached local, state, and national governing agencies in the U.S. and around the globe. Organizations may find themselves facing compliance risks they may not be aware of or have had time to prepare for.
Dave Hatter — Intrust IT
More people are working remotely in environments that are typically MUCH less secure than a traditional office network behind a firewall supported by IT/cybersecurity professionals.
With the increasing frequency and impact of cyberattacks, it’s never been more important for SMBs to shore up their security or face potentially existential threats. I can tell you some real horror stories from 1st hand experience.
Throw some so-called “smart” devices (IOT) into the mix in both home and office environments and it’s a toxic hell stew for most SMBs.
For most individuals and SMBs, the growing threats are phishing in all forms (email, text, and voice), data loss, spoofing, malware including ransomware, Wi-Fi security, malicious websites that can steal credentials and download malware, and attack vectors now available thanks to all the IOT devices that are increasingly connected.
However, the biggest risk at the moment is Account Takeover/Business Email Compromise. I have firsthand experience with companies that have lost hundreds of thousands of dollars due to the attacks and we see them on an ongoing basis.
SMBs should take a layered approach to security and there are many concrete things that can be done. If I had to pick only the most important ones (I know you asked for 3) I would go with:
- Require a strong, unique password for every account.
- Create a policy and enforce it
- Supply a secure, user-friendly password manager to make the first item easier to implement
- Enforce multi-factor authentication (MFA), aka Two-factor authentication or Two-step verification wherever possible
- Consider a robust solution like Okta or Duo
- Require MFA one-time passcodes to be received via an authenticator app or hardware key rather than text
- Use a cloud-based platform like MS 365 that supports advanced spam and malware filtering
- Have a process and tell customers not to pay invoices if the payment information has changed without a confirmation
- Required automated patching for all devices to quickly plug software vulnerabilities
- Require advanced EDR/MDR/XDR end-point protection like SentinelOne (this is advanced anti-virus). Couple it with a 24/7/365 Security Operations Center
Sarah Frazier — CyberGRX
1. Third-party breaches are very common security threats.
In a study by the Ponemon Institute, 59% of respondents confirmed that they had experienced a data breach caused by a third-party vendor. The infamous SolarWinds attack is one of the most recent examples of a third-party breach.
Additionally, increasing remote work environments introduces even more third parties into an organization’s vendor ecosystem, thereby introducing even more risk. Each additional third-party vendor creates another attack vector that hackers can use to infiltrate your system.
Also, some remote employees engage in shadow IT—where they source, install, manage, and troubleshoot their own digital tools. This exposes your network to risks due to these items:
2. Downloading insecure applications
Malware that gets installed when a remote worker accidentally downloads corrupted or fake antivirus software
Vulnerabilities created by remote workers turning off certain privacy settings, firewalls, or other security measures on their devices
Dan Richings — Adaptiva
Businesses are always at risk from cyber threats, constant malicious online attacks, and spamming on their online business infra.
Furthermore, with the increasing usage of automation and AI, hackers can attack the entire internet-enabled ecosystem. Small businesses reportedly suffer more damage from a cyber attack.
However, more prominent companies and MNCs face constant breaches and DDoS attacks. Currently, among our client's businesses, the top five cybersecurity threats are:
1. Phishing attacks
75% of breaches every online business face is phishing, which asks you to download a file, or click a link, only by giving access to sensitive information. Sometimes, it compromises your mail ID too
2. Malware attacks
Various threats like viruses, trojans, and ransomware usually enter your device when you access an unsecured website. Additionally, it gives backdoor entry to the attackers, who can access the data
3. Ransomware attacks
This hits thousands of businesses every year. In this attack, the attacker encrypts the business's data, makes it hard for the business owner to retrieve it, and later asks for vast sums of money, causing data loss.
4. Social engineering attacks
These attacks involve manipulating people to do something that gives the attackers access to their personal and private info. Such attacks include tactics like phishing, typosquatting, tailgating, or malicious plugins.
5. DDoS attacks
This is the most common attack faced by online businesses, where attackers flood their websites with malicious traffic. It increases the physical vulnerabilities and decreases the website server functionality by increasing downtime.
Geordie Wardman — Onestop Devshop
1. Stolen Information
Though this sounds ridiculous, humans are capable of making errors. Apple fell victim to stolen information after an employee left a new iPhone prototype lying around. After a few hours, the hardware and specs of the new phone, which had not been released, were all over the internet.
Ransomware is a malicious program, which blocks access to a computer until you pay a fee. You will receive a message that your computer or phone is hacked in such a case. The person will also tell you that they will give you back the access if you pay a fee.
3. Password Guessing
Password guessing may seem like a simple technique, but stolen passwords could be incredibly damaging. Some company employees leave passwords on notebooks, allowing any malicious person to access them. Carelessly placed passwords could give malicious individuals authorized access to computer systems.
4. Recording Keystrokes
Hackers can email you malware known as keyloggers, which records what you type on your computer. The malware then passes the data to hackers, who use it to access sensitive data.
5. Phishing Attack
A phishing attack comes from a third-party hacker who creates sites that look genuine.
6. Virus or Malware
Cyber attackers can send viruses or malware to individuals or businesses to wipe data off their computers.
7. Distributed Denial-of-Service (DDoS)
DDoS is a form of protest that cybercriminals typically use on large companies.
Paolo Sartori — TWC IT Solutions
Businesses of all sizes are at risk from (and targeted by) cybercrime. Cybercrime puts customer and client information in danger for smaller organisations that do not have full-time cybersecurity staff, which could have severe and expensive results.
The most significant ones, according to our data, are:
It is crucial to back up data so that it can be restored to prevent data loss or to allow enterprises to carry on operating after a malware assault.
Antivirus software can effectively protect websites from malware by looking for the typical technical characteristics of malware or searching for previously recognised software. Some antivirus programs can also identify fraudulent websites and alert users before they submit essential information.
3. Out-of-Date Software
In the age of machine learning (ML) and artificial intelligence (AI), outdated software may also not be patchable, making it easier to be the target of more sophisticated cyberattacks (AI).
It is vital to keep all hardware, software, and applications up to date since while ML and AI are employed in defensive methods, they are also used in attacks, taking cybercrime to new sophisticated levels.
One out of every 99 emails contains a phishing scam. By becoming more technologically savvy and providing employee training on how to recognise social engineering and report phishing emails, websites, and links, organisations are becoming less vulnerable to these attacks.
Andrew Wildrix — Intrusion
The top cyber threats my customers face are:
Ransomware is so prevalent now because its been profitable, low risk, and commoditized on the dark web. Many people don’t realize that paying the ransom invites further attacks. Very few solutions are killing the command and control necessary to interrupt this form of attack.
2. Infiltration via partner networks
Almost 20% of victims I encounter have been compromised by a weak partner network. This is especially common in healthcare, where security standards for partner networks are virtually non-existent.
Phishing is so successful because of the human element involved. You can idiot-proof security.
4. Compromised IOT devices
IOT devices and printers are an easy vector because of the way they are designed and implemented. There are a few infrastructure-based solutions that can be used with SDN to mitigate this threat, but most companies never address it until it’s too late.
5. Mobile Device Vulnerabilities
Mobile devices go everywhere and report almost everything to virtually anything that asks. Agents on these devices looking at call homes and blocking malicious connections should be a foundation of every cyber defense plan.
Aaron Reason — Consolidated Communications
Lately, attackers have been pivoting towards «Living off the Land» (LotL) attacks, which means that rather than launching a bespoke attack, hackers use a company's existing infrastructure against them instead.
Not only is this cheaper and easier for hackers, but it's also an effective method for helping them blend into the existing IT environment since they're leveraging legitimate company code and systems.
Essentially, they're able to hide in plain sight among normal network activity and administrative tasks, making it difficult for network administrators to pinpoint nefarious activity.
Using that method alongside malware and more traditional hacking methods makes LotL attacks particularly difficult to detect and prevent. Because of this, «rogue IT» is a top cybersecurity threat that our clients face.
Victor H. — VCTR.co
The top three threats my clients face are phishing, social engineering & the good o’ bruteforce/leaked password attempts
With years of existing owning digital assets, tech security has improved A LOT. The normal spam filters, 2fas & basically minimized password attempts have reduced the easy way of getting access/data.
I would say the human aspect is the majority of the vulnerability now — because we are the most “hackable” element in the grand scheme of things.
We leak data from oversharing, reusing passwords, and our social media presence
Alex Tray — NAKIVO
Cyber attacks remain one of the biggest threats to Internet security. Phishing and malware are the most common social engineering attacks caused by human mistakes that our customers face, leading to data loss.
Human errors remain the weakest link in the company’s cybersecurity strategy and cause 95% of cyber breaches.
To decrease human errors, we recommend providing regular employee training and opting for data protection solutions with role-based access control, multi-factor authentication, and encryption.
VPNs are a certain method to guarantee that network connections are secure and protected from cyber threats, mainly while using public Wi-Fi connections.
Data protection solutions for remote workers are becoming even more important nowadays, and data backup software, like a backup for Microsoft 365, is an extensive part of the success story in business productivity.
Bob Herman — IT Tropolis
The top security threats faced by our clients are spear phishing campaigns, usually in an effort to exploit vulnerabilities on devices not patched up to date, or to obtain credentials of a user/an employee on the inside of an organization.
When compromised, the bad actors often employ ransomware in order to obtain a payment or threaten to publish the data publicly/online.
The best approach to protect against spear phishing is to implement a Security Awareness Training (SAT) program, thereby ensuring employees are aware of the different methods used in phishing attempts.
Also, businesses must keep computers up to date with security patches to minimize potential vulnerabilities.
Other important measures to protect against cyberattacks include implementing multi-factor authentication (MFA) for access to all critical systems, utilizing a next-generation anti-malware/Endpoint Detection & Response (EDR) security product, verifying all critical data is backed up regularly & can actually be restored in the event of an incident, and employing a 24/7 Security Operations Center (SOC) with “eyes on glass.”
Hagr Elweshahy — TeliApp Corporation
A cyberattack can happen to any organization, at any time and may be found after the fact to be the result of a software engineering flaw of an internally or externally developed software application, or instead, as the result of an action taken by an organization team member.
While phishing emails remain the most known and common attack most organizations face, the following are more complex attacks that require regular ongoing training to prevent
1. Spam Emails
Also called Domain Spoofing is when the email sender uses a tool to fool the victim into believing that the email is from a legitimate sender. The hacker may include a link upon which the victim clicks to perform a function, and in doing so compromise the network, the device or the victim’s personal or work data.
2. Malicious social media messaging
Also known as social media phishing, hackers create fictitious but seemingly legitimate profiles on frequently used social media platforms to steal private information by posting nefarious links through which the hacker captures private data and stored passwords
3. Compromised business email
This is a security exploit in which the hacker targets an individual on an organization’s network.
By gaining access to the victim’s email, the cybercriminal sends emails from the victim’s emails to the victim’s contacts, disguised as a trusted team member working in the same organization.
The ultimate goal is to trick one of the contacts into clicking on the malicious link within the sent email, which causes undesirable consequences, such as stolen data and passwords
Tom Kirkham -IronTech Security
Ransomware and extortionware are by far the most common cyber threats to companies. The most popular way to distribute ransomware is as simple as sending an email.
In fact, right now phishing emails can be used in myriad strategies from a criminal perspective.
Take Apple gift cards, for example. “If a new employee receives an email with a simple task from a supervisor requesting they go out and purchase 10 Apple gift cards and email them the codes on the back, there’s a good chance that the employee will go out and do exactly that.
Why wouldn’t they? By default, without the proper cybersecurity training, the urge to comply with orders overrides the suspicion of a potential threat.
These kinds of social engineering cons are a recurring problem organizations of all sizes face with the damage ranging from thousands to millions of dollars in loss.
In fact, any cybersecurity breach is multifactorial in its origin, similar to a plane crash. There could be mechanical failures involved, as well as human error, as well as weather conditions. There simply is no single defining threat. It’s systemic.
Likewise, the only real way around cyberattacks is by setting up a holistic approach that includes firewalls, authentication systems, password managers, all the technical components — and employee training and continuous education.
Every single member of a team needs to be empowered with the shared goal of security in mind, or human error is always a massive potential gap.
Peter Vavrosky — Black Belt Consulting
Our team at Black Belt Consulting has been active in protecting small to medium businesses in North Texas since the rise of the modern ransomware movement and we have had the privilege of working with local and national law enforcement in protecting critical infrastructure
Over the years, we have seen unique threats and attack methods come and go and we have watched as cybercrime has advanced, both in terms of capability and of damage.
The last few years however have marked a turning point in cybersecurity threats as we have observed that threat actors from nation-states have been aggressively targeting businesses in the US.
On top of this, the rise of ransomware as a service (RaaS) has been a calling that is too enticing for cyber criminals to ignore and powerful groups around the world have sprung up overnight to take advantage of this model.
New threats are continually on the horizon, but I will share a few that we are seeing here in Texas.
The first threat we are seeing exploited is the rampant use of internet of things (IoT) devices frequently deployed in offices and homes. These include devices such as connected doorbells, wireless fridges or light bulbs, internet-enabled printers or surveillance systems.
It is commonly known that these devices have inherently weak security, and they are easily exploited, often giving hackers complete access to the internal networks of businesses and homes across the country. There is even a search engine developed to help hackers find these connected devices.
The second threat we are seeing is the rampant rise of business email compromise (BEC). Once a hacker is able to exploit a user account through a cloud-based email service such as Microsoft 365, they are able to develop targeted phishing campaigns for all of the contacts in that person’s account.
Hackers know that users are getting used to typing in their usernames and password for email access frequently and that many people simply do not check the URLs that they are inputting their credentials into, so they design special forms that mimic the layout of a typical Microsoft 365 prompt.
Once the credentials have been entered, hackers are able to take over the account.
The third threat that we are seeing is the targeting of cloud-based systems.
Almost every critical service is hosted in some kind of cloud these days. This is a target far too tempting for hackers because all of the keys to the kingdom are under one roof.
All they have to do is break into the system that houses those keys and they have access to thousands and potentially millions of accounts. A false assumption is often made by businesses that the “cloud is secure.”
While many cloud services practice excellent security, they are still run by people, and people can make mistakes. Hackers are typically patient people and will continue to wait and prod until a mistake is made and then exploit the weaknesses they have found.
Finally, I would like to share one thought with the readers. The world of cybersecurity is one of constant change and many in this space feel like they are playing an intricate game of cat and mouse.
There are some excellent tools and technologies on the market that help protect your data but I would caution you on relying on one particular product that promises “total security.” There is no such thing.
If there was, the tech companies would be using it and you wouldn’t see their names plastered all over the news each week because of a security breach.
Security cannot be solved by installing an app or deploying a piece of hardware. Rather, your business must adopt a security-centric mindset and deploy policies designed to protect every aspect of the business.
It is often far better to train your people on how to spot cybercrime and maintain good corporate and personal cyber hygiene than it is to deploy the latest app that promises to solve all of your security problems
Danielle Deibler — Quad9
1. Supply chain and logistics threats are just beginning to go public and be understood. Before recent years hardware was an enterprise or military grade challenge — now it’s an everybody challenge.
It's all out there, from the widely publicized SolarWinds attack, the alleged microchip added to SuperMicro boards, and malware attacks like Mirai and Daxin.
Now more than ever, you need to understand the end-to-end supply chain on devices. That means the hardware, firmware, and software, including the OS
2. IoT devices are everywhere. Consider the little gadgets you leave behind in your rental property — what happens with that virtual trash left in the physical world once you vacate? How much worse is the scale of the threat for business and government entities?
3. Think about the trend of residential properties providing integrated Internet services. Do they have an IT pro that locks things down, or are they using the default username and password on the Wi-Fi unit? Is the same person fixing the oven and running the network?
It’s time to up your authentication game. Utilize hardware-based devices for multi-factor authentication and a trusted VPN provider to avoid exposure to cyber threats over which you have zero control. Minimally use a protective DNS service like Quad9.
Autonomous systems — imagine the worst-case scenario with our current cyber protection- this one is not mine. Our CTO and I were talking about horrific outcomes of AI and he pointed out this.
You are in an autonomous vehicle in 2030 and it gets hacked by a bad actor. The actor wants to seed chaos, loss of life is the goal. Your self-driving car runs up on the sidewalk and kills hundreds while you look on helplessly
Michael Chepurnyak — Ein-des-ein
We observe that cyber security threats have been affecting not only giant market players but also small and medium companies we have cooperated with.
DDoS attacks are becoming more common and serious, with cybercriminals trying to take websites down while attempting to steal valuable client data.
We recommend considering a response plan in case such a situation happens, strengthening the network defense and not keeping data on one server.
Unfortunately, phishing attacks are still not losing “popularity” among ways to steal user data and money. Cyber thieves use fake communication instruments, such as emails with attached links or website worms very similar to the original one.
Eventually, users get tricked, open links, and enter their credit card data or login details. Our FinTech clients are constantly working on solutions to prevent such situations in the future.
We also have clients working in the IoT field, and not only businesses are taking advantage of this growing technology, but also hackers who may exploit devices connected via the Internet as a vulnerable point to steal data.
Here, companies are on their way to creating a secure environment, improving insecure web, cloud, or mobile interface, insufficient security configuration, etc.
Alexandru Neacsu — Cybertech
1. Bot-driven vulnerability scanning attacks
I would say the first place easily goes to bot-driven vulnerability scanning attacks that are way too common nowadays. They can last for days and have the downside of acting like a type of DDOS sometimes and slowing down a client’s network to a crawl if we do not take any actions to mitigate them
There is also the risk that it might find something and be able to breach security and compromise a client’s application or service.
The second place will have to be phishing type of attacks but those are easier to mitigate as all that is needed is a good security policy that applies company-wise.
3. DDOS attacks
The third place will go to the good, old, DDOS attacks that tend to be easier to pull off, especially if the hackers have access to a bot net, using ns providers like Cloudflare can mitigate those types of attacks but it still depends heavily on the bot-net size.
Justin Grizard — Network Remedy
We are still seeing email phishing getting more sophisticated, targeting accounting depts with payment redirection requests.
Also, C suite level impersonation emails trying to start a conversation with staff that thinks it is a CEO or COO they are talking with to try and gain access to their network and or information they can use to steal company IP and or even theft of money via a gift card scam.
While some of these scams are easy to see, we are seeing an uptick in longer-term scams that play out over several days or even weeks to train to gain the confidence that the person they're talking with is the person they have always dealt with via e-mail in the past.
As an MSP, we are talking with our clients and deploying tools that help mitigate this risk as much as possible there's no way to eliminate it as cybercriminals will continue to find new ways.
The biggest threat continues to be the one that has always plagued the industry human error people in not recognize when they're being scammed. Part of our strategy is educating our clients on what to look out for.
Peter Strahan — Lantech
One of the biggest issues our clients face is what we like to call ‘securing the remote worker’. Prior to the pandemic, with office working very much the norm, cybersecurity was a lot simpler for SMEs. You could secure the office network with a firewall, and you could enforce security protocol on-site.
With the shift to remote work this was no longer the case, and people carried out their work remotely, on laptops that in many cases were extremely vulnerable to attack by cybercriminals.
These criminals understood that there was an opportunity, by targeting these devices, to access sensitive company data- think of it a bit like a trojan horse.
With more and more companies implementing hybrid and remote working, much of our job at Lantech centers around advising clients what the necessary cyber-security measures to take are in order to facilitate working from home.
I’m all for remote working, but too many businesses are still failing to adequately secure their company information when they implement it, even after two years.
Andrey Ivashin — Dyninno
We live in the IT era – our lives have been digitized. The regular, written form of data has transformed into digital data, and this digital data is stored somewhere in the Network.
Data has become the new currency — based on digital data analysis, businesses are making strategic business decisions, and vital medical conclusions are being drawn from digital data analysis, too.
Since the value of data has been increasing hackers and cyber attackers are interested in stealing any data they can possibly get access to. This means that hackers could steal sensitive commercial data and threaten to publish it, ransomware all systems, or violate data integrity and influence your business results and processes.
The more we are digitalizing — the more vulnerable we become. Therefore, the importance of information security is increasing.
Unfortunately, professional «hacking-as-a-service» became a low-cost and more attainable service, too — now intruders do not even need to invest in expensive hardware nor have deep IT knowledge — they can just inquire about such service on Darknet markets.
It leads to an increase in the count of simple, but massive cyber threats that harm both individuals and organizations.
Talking about our experience — I can say that we see tens of thousands of cyber-attack attempts on Dyninno Group systems daily.
Dan Carroll — Monmouth Computer
Malware is short for malicious software that infiltrates your computer system without the owner's permission. The malware’s purpose could be to spy on your system, trigger pop-up ads that can be annoying, or even destroy your system.
Phishing attacks sites by using fake communication to trick the receiver into opening a message, like an email, and carrying out certain actions such as providing credit card information.
3. Password Attacks
This is a type of threat that people are most familiar with. If cyber attackers can access your password, they will be able to see very sensitive information. Social engineering is a type of password attack that involves human interaction and tricking people into breaking standard security practices.
SQL stands for Structured Query Language, resulting from inserting malicious code into a SQL server. The server will then release information.
David Lee — SecZetta
The top threats our customers face are the same that everyone faces.
- Lack of discipline around third-party accounts.
- Little or not enough emphasis on user education.
- Lack of focus on the fundamentals
Cyber threats haven't evolved all that much in the last decade. We just came up with new marketing phrases and slapped zero trust and machine learning labels on everything and called it progress.
The reality is we need to continue to build products that make it easier for security professionals to embrace the fundamentals.
We need to educate our users on the type of threats they face and how to handle them securely, and finally, we need to apply the same rigor and process to third-party identity management that we do to the workforce
Kevin Dominik Korte — Univention
One of the main threads faced by many of our clients is social engineering for password resets.
In an age where I can find your best friend on Instagram, the city you were born on Facebook, and your first supervisor on LinkedIn, any password reset that verifies identity using these common denominators is bound to fail.
They are too simple and widely shared, yet banks, business applications, and private software are happy to ask for my mother's maiden name.
Consequently, several new clients came to us, after losing valuable corporate data, to attackers with valid passwords on prominent cloud services.
Eric Sessions — Intelitechs
One of the main attack vectors people face today is Social Engineering which is a multifaceted approach for the hackers. Attacks come from several different sources, including:
1. Phishing whaling attacks
High-profile employees are targeted, such as members of the c-suite, to steal sensitive information from a company
2. Email impersonation or spoofing
Someone is acting like they are someone else by emailing from a slightly altered email address and using the same name or signature
3. Inbound direct phone calls
Someone is acting as a vendor and asking to review a proposal with them on the phone that they will email over with a link, baiting you into clicking so they can gain access to your system
The best way to combat these types of attacks is by implementing security measures that prohibit the ability to spoof emails.
A security certificate must be assigned to the email servers to verify first-hand traffic. Then a next-gen email spam filter can be implemented. Lastly, the human firewall must be hardened by teaching end users the things to look for in emails and hyperlinks.
Ultimately, the end-users in a business need to be trained on policy and procedure as well as best practices when working with the technology tools they use.
Paul Baka — SSLTrust
While the context of Internet/cyber security couldn’t ever truly have been described as “simple,” the current situation is perhaps more complicated and involved than ever before. Broadly speaking, SSLTrust’s clients face a greater array of cyber security threats than have ever been present before.
Our experience has shown that phishing attempts have always been a popular attack vector, for example, and it’s certainly hard to deny the effectiveness of social engineering.
I have personally witnessed extremely sophisticated phishing attempts that led to leveraging a client’s out-of-date or unpatched software to gain greater access than would’ve otherwise been possible. A scary proposition, but it’s easy to fall for something that’s been tailor-made for a particular target.
Then there’s DDOS to consider because we’ve seen firsthand that many security implementations can, indeed, be broken through by brute force — even today.
However, these are all well-known and established threats, and it’d be a mistake to believe that a contemporary (and properly motivated) malicious third party wouldn’t be able to think outside the box. Emotets, keyloggers, and the abuse of zero-day vulnerability are all exceedingly common.
Michael Pusateri — Siepe
Phishing attacks are becoming more prevalent across all industries with firms continuing to rotate between traditional in-office settings at remote working parameters. There are three things firms should do to safeguard themselves and their customers against phishing attacks:
1. Password security
It's become almost habitual to reuse passwords across different accounts. Unfortunately, this makes it very easy for hackers to access loads of data and information if they're able to penetrate one of your accounts.
Use different passwords and make your passwords complex. Use different words, a combination of capital and lower-case letters, multiple numbers, and different characters.
2. Leverage multi-factor authentication
If a password does become compromised, multi-factor or third-party authentication will require additional means of identification which the attacker will not have.
Taking a few extra seconds to implement this step and login each time is worth it, as it drastically enhances security against phishing attacks.
3. Intrusion Detection Systems IDS/Intrusion Prevention Systems IPS
The networking prevention system can be very effective in deflecting phishing attacks. They carefully monitor, inspect and filter traffic between all of your company's web applications.
This has become particularly important for firms in the financial sector where account and money transfers can be properly monitored and prevented in real-time if a hacker gains access.
Mark Cooley — Involta
These hackers have become more sophisticated in their ability to keep you from regaining control. So much so that even after paying the cybercriminal the sum of money requested to release your data, many businesses are still not receiving all of their data back.
2. Malware on mobile devices
The cyber threats most seen on mobile devices include viruses, spyware, and phishing attacks, just to name a few. In a more casual work-from-home environment, employees are sharing files through mobile applications, arranging travel and even conducting financial transactions.
Infiltrate internet infrastructure to potentially force a business to shut down for a period of time.
4. Session hijacking
Say you are in the process of researching valuable information for your client and a hacker intercepts your session and disconnects you from the server while proceeding to replace your IP address with an IP address controlled by the hacker.
At this point, the server doesn’t know that it is no longer communicating with you and instead continues the session with the hacker. This means you just lost complete control over your server and the internet connection is no longer safe.
Andrew Woodhouse — RealVNC
There are two critical threats companies need to keep an eye on supply chain attacks and state actor-level attacks.
Supply chain attacks can occur when someone commits malicious code into an upstream repository. Additionally, organizations are using third-party software more often now, which can pose a real risk.
People assume open-source software is safe, but it’s often too easy for someone to sign up as a developer and begin submitting bad code.
In addition to understanding and managing risk, it’s important to understand the systems and software you’re developing and decide which risks you’ll mitigate.
State-level actor attacks occur when people have the resources to find the 0 day issues and compromise the company, whether it’s RealVNC or someone else.
For example, if Russia decided to wage a cyber war with the United States or the United Kingdom, it wouldn’t be difficult for their hackers to use their resources to attack our systems; they would be able to increase monitoring levels to understand what’s in a system.
These attacks can be prevented or mitigated by understanding where you’re weak and putting monitoring in place that will deter state-level actors.
Tomasz Juszczak — Prographers
The top cyber security threats are phishing attacks. There can be hundreds of people working on a system that is «hacker proof», multiple bug bounties realized, but by the end of the day, a human gets fooled. That's what makes a leak of sensitive data.
Phishing attacks can have many forms.
- A trojan horse in pdf file attached to main that looks very similar to company IT's.
- A link in the email text that links to a site almost identical to your internal system, but that's controlled by a hacker.
- Or even a phone call from the «IT department» about some issue.
It's very important to teach all employees and their's clients about this vector of attack because even some low-value target that does not have access to any internal system can send an email to request some credentials or start others before the mentioned attack.
Mark Kirstein — Cosant
While many security experts and SMBs routinely think that cybersecurity threats emerge from technology, the biggest threat is social engineering. And avoiding that threat means addressing not only the technology vulnerabilities but addressing the human vulnerabilities.
People make mistakes and enable password compromises. People click on nefarious links. People are victims of fraudulent social engineering and accidentally wire money or send gift cards.
Securing the people aspect is only marginally about technology. It’s ultimately about governance, which is policy and procedures.
Policies capture management intent. They are the rules that employees are expected to follow and implement. Procedures are the specific ways that each policy is carried out by employees.
So, for example, a policy may dictate that no money transfer of more than $5,000 can take place without verbal management approval. The procedure would dictate that prior to initiating a wire transfer above $5,000, the finance department must call and speak to the CEO for approval.
Thus, the social engineering that impersonates the CEO asking for a wire transfer is prohibited by the policy and procedure, not shiny, blinking lights.
Policy and procedures are the non-sexy part of cyber security, but the most important area to counter the biggest cyber security threat: is social engineering.
Maciej Dziergwa — STX Next
According to STX Next's 2021 Global CTO Survey, which surveyed 500 global CTOs about the biggest challenges facing their organizations, 42% of CTOs say their companies have no cybersecurity at all.
This means that they’re exposed to cyberattacks and missing one of the key ways organizations can effectively protect themselves.
The top cyber security threats that our clients face remain those that rely on human error.
Even though employees at most organizations are more aware of the dangers of email phishing or of clicking on suspicious-looking links, hackers are increasing the stakes.
For instance, they are utilizing machine learning to create and disseminate convincing fake communications much more quickly in the hopes that recipients may unintentionally damage the networks and systems of their business.
Through such assaults, hackers can access private databases and steal user logins, credit card information, and other sorts of personal financial information.
Andrey Savich — SolveIt
1. Man-in-the-middle attack (MitM)
When users access a remote system from their devices over the Internet, they are communicating with the system server to receive or send data. Hackers may place themselves between a user and a system server. Once it happens, a hacker has access to sensitive data and is able to compromise it.
2. Password attacks
A hacker may get access to the password of a user by guessing in a random or symmetric way, gaining access to the system database, or using social engineering.
3. Social engineering attacks
This kind of attack means manipulating users in a psychological way and requires them to perform actions that give hackers access to the users’ confidential information. Types of attacks: phishing, spread phishing, baiting, whaling attacks.
4. Advanced persistent threats (APT)
Attackers gain unauthorized access to system networks or hardware and this may be undiscovered for a long period of time. They can steal sensitive and private data, avoiding detection by system security members.
Ryan Black — PC Corp
In the post-pandemic era we currently find ourselves in, organizations that we work with are mainly concerned about securing the hybrid work model and mitigating risk against internal and external threats now that users for, at least a portion of the week, are predominantly working remotely.
They are more likely to use unsanctioned devices outside the purview of the organization.
How can we validate the identity of the user, their endpoint, and provide secure access to applications and organizational resources?
How can we be confident that users on personal devices when working from home are not introducing additional cybersecurity risks in terms of data loss or exfiltration from internal or external threats?
Ultimately, how can we as an organization retain similar degrees of control, enforce company policies, and retain a similar security posture that we had on premises in this new era of work?
How do we keep our confidential data and intellectual property secure while maintaining visibility on user behaviour and the health of devices being used and blocking access if/when needed?
Dimitri Shelest — OneRep
Cyberattacks and data breaches target businesses of all sizes thus putting their own and customer data at risk.
According to a 2021 study by Positive Technologies conducted among financial organizations, fuel and energy companies, government bodies, IT, and other sectors, external cyber attackers can penetrate 93% of company networks within 2 days or so via credentials compromise.
Another recent global research by Splunk and the Enterprise Strategy Group found that 49% of the 1,200 organizations they studied suffered a data breach over the past two years, up from 39% in their survey in 2020.
There are quite a few ways to orchestrate a cyberattack — from email compromise to targeted spyware, ransomware or phishing attacks. However, an often unexplored vulnerability lies in a company's employees.
The pandemic brought a rapid transition to remote work and since then, remote and hybrid workers have been one of the greatest challenges for companies and their security.
Businesses need to rethink their approach to cybersecurity towards one that addresses risks to individual employees.
In addition to paying acute attention to the technology, security protocols, and policies used, companies must include online privacy protection for workers in order to minimize risks of fraud, cyberattacks, and social engineering.
Companies would also do well to train their staff about the latest risks and tricks cybercriminals use to breach security.
Richard Bailey — Atlantic.Net
Security is a serious concern for our clients and one of the first topics discussed when entering client negotiations. Customers turn to Atlantic.Net looking for help to improve the security posture of their infrastructure, and we are seeing definite trends in the cyber security threats each is facing.
SMBs are worried about keeping frontline services secure from data breaches, particularly the challenges employees face defending against social engineering.
Training certainly helps, but catching an employee off guard doesn't take much. As a result, companies are turning to integrated security tools trained to detect and stop data leakage.
We are seeing greater demand for API-based cloud-native security protection, such as live security monitoring of application stacks, the edge, and data security.
Demand is also high for Web Application Firewalls (WAF), predominantly for 0-day vulnerability protection, but also to protect against server misconfiguration and defend serverless workloads.
Dragos Badea — Yarooms
By far the most common issue that most businesses face is phishing, simply because it is the lowest effort and highest potential upside method of cyber security breaches.
It's always a lot easier to cast a wide net and wait for human error to stumble into it than it is to code a powerful emotet, for example.
I don't really see this changing in the near future simply because phishing consistently works.
It does not usually become a problem of the scale that you see with some of the bigger and more elaborate attacks that focus on denial of service or ransomware but it does net cybercriminals a certain level of success
Boris Jabes — Census
The most common cyber security threats that our clients face include phishing scams, malware and ransomware attacks, and data breaches.
1. Phishing scams
This is a type of online fraud that involves hackers posing as legitimate businesses or individuals in order to trick victims into providing personal information, such as credit card numbers, banking information, or passwords.
Often, these scams take the form of emails or other messages that appear to be from a trusted source, but are actually from a malicious third party.
2. Malware and ransomware attacks
Malware is a type of software that is designed to damage or disable computers and computer systems. Ransomware is a type of malware that encrypts a victim's data and then demands a ransom be paid in order to decrypt it.
These types of attacks can be especially damaging to businesses, as they can result in the loss of important data or systems being taken offline.
3. Data Breaches
This is unauthorized access or disclosure of sensitive information, such as customer credit card numbers or Social Security numbers.
These breaches can occur when hackers gain access to a company's computer systems, or when employees accidentally disclose information through email or social media.
Data breaches can have serious consequences for businesses, including reputational damage and financial losses.
Thank you so much to all the experts that have contributed to this expert roundup! Please share it with your friends and followers on social media.