With cybersecurity concerns making the news almost daily lately, you may have asked yourself what you can do to stay safe online these days. When it comes to remaining safe, the best way to prevent any potential issue is to be prepared—and the best way to prepare is to simply stay aware. In terms of the cyberspace, stay up to date on new cybersecurity software, technologies or trends, and more importantly, keep tabs on known threats or issues in the field already.
To help keep your personal information or company safe online, we've outlined four of today's most pressing cybersecurity threats below.
1. Insider Risks: The Threats Came From Within
Although we often hear the phrase "hacked" haphazardly thrown around, most companies do not suffer from attacks by external hackers.1 In fact, a 2016 IBM report determined that 60 percent of all cyber attacks were carried out by insiders or those already working in a company or organization—of these, 75 percent harbored malicious intent, compared to the 25 percent committed by inadvertent actors. This, as you can imagine, makes the cybersecurity issue much more difficult to deal with.
When someone works within the company, their login credentials are recognized and approved by the computer system and corresponding software, meaning trusted employees can release a virus or set up malware without the system administrator or IT support noticing.1 Oftentimes this can allow an attack to go on longer, potentially leading to more sensitive information being revealed or compromised.
For those with malicious intent, take a moment to assess what company data is considered to be sensitive or valuable, and then strengthen your defenses there, perhaps restricting access to necessary personnel only or requiring email authentication.
For inadvertent actors, consider holding a company meeting to address known cyber schemes, so employees know to open emails with caution and to flag items immediately when concerned. If you know your staff, you can make sure they know the best practices to keep your assets safe and out of a hacker's fingertips.
2. Intruder Alert: Data Breach in Progress
In essence, a data breach is when someone has access to an account, device or system without permission. While you may be familiar with a friend whose social media account was "hacked," the issue is more complicated than it may initially seem. More often than not, those who claim to have been hacked may have actually given their account information away, although unwittingly.1
Human error is frequently the cause of data breaches. For instance, phishing attacks are among the most common types of breaches, accounting for over half of all data breaches in 2016.2 With phishing, an employee is tricked into opening an unsafe email or clicking on a link that downloads malware—ultimately providing the cybercriminal access to their device and to their network.
You might wonder why someone would open an email from an unknown sender, but it's not always that simple. In many cases, the emails are sent from a close friend, a manager or executive in the company or another legitimate-seeming source, only to later discover the damages done to their accounts.2
Once inside a personal site or system, criminals can use the stolen personal information to order credit cards or transfer money over time. In a company, however, the damage is far greater. In the United States, a single data breach costs an average of $6.5 million—no small fee to pay for human error.3
At times, however, data breaches can be caused by much more malicious software, which leads us to cyber threat No. 3.
3. Ransomware: Buy Your Data Back
Now considered to be the No. 1 security concern for companies, ransomware is malicious software that hijacks your computer and encrypts its files and content, threatening to erase all data within a short span of time, unless a bitcoin ransom is paid.4
The difficulty of dealing with ransomware in the long run is that it creates a sort of catch-22 situation. In the face of losing such sensitive or sentimental data, panic often takes over, and ransoms are paid, thus creating a cycle that only continues: More money to cybercriminals, more computer systems taken over, more files encrypted, more encrypted files purchased, more malware purchased, and so on.
In the first quarter of 2016 alone, ransomware cybercriminals were paid $209 million.4 At this rate, the FBI estimates that amount will reach $1 billion by the end of the year.5 Imagine what that money will go to.
Perhaps the more insidious aspect of ransomware is that it often targets the institutions we rely on most.5 Hospitals or healthcare organizations are increasingly victimized because of their inherent vulnerability—which cybercriminals know all too well. Many of these organizations are unaware of the threat malicious emails pose and are uninformed when it comes to assessing these types of risks.6
In short, the best defense against ransomware boils down to user education, updated security software and consistently backing up your data on hard drives—and doing so very, very frequently.4
4. An Unfilled Cybersecurity Workforce
With data breaches, phishing schemes and cyber attacks happening so often, and in some of the largest corporations in the U.S., you may have asked yourself at some point why these companies didn't simply employ a better IT department—but that may not always be possible.
Although companies are expected to spend $1 trillion on cybersecurity globally from 2017 to 2021, more than 1 million cybersecurity positions went unfilled in 2016.8 And why? Because companies are struggling to find well-educated and skilled professionals to fill these roles.9 Because the software in the cyberspace changes so often, professionals must stay up to date on changes in the field, as new viruses and hacks are being developed regularly.
Overall, cybersecurity is often regarded as something of an arms race. Those with the best equipment or "manpower" tend to come out ahead. However, despite a corporate willingness to invest in cybersecurity, the shortage in the field persists. With so much on the line, what can you do to help keep your information and your company safe?
1 Van Zadelhoff, M. (September 2016). The Biggest Cybersecurity Threats Are Inside Your Company. Retrieved on May 15, 2017, from hbr.org/2016/09/the-biggest-cybersecurity-threats-are-inside-your-company
2 Kharif, O. (January 2017). 2016 Was a Record Year for Data Breaches. Retrieved on May 15, 2017, from bloomberg.com/news/articles/2017-01-19/data-breaches-hit-record-in-2016-as-dnc-wendy-s-co-hacked
3 Smith, C. (February 2017). 100 Frightening Cyber Security Statistics and Facts. Retrieved on April 28, 2017, from www.expandedramblings.com/index.php/cybersecurity-statistics/
4 Crowe, J. (August 2016). Ransomware by the Numbers: Must-Know Ransomware Statistics 2016. Retrieved on May 22, 2017, from www.blog.barkly.com/ransomware-statistics-2016
5 Sneed, A. (March 2016). The Most Vulnerable Ransomware Targets Are the Institutions We Rely On Most. Retrieved on May 16, 2017, from scientificamerican.com/article/the-most-vulnerable-ransomware-targets-are-the-institutions-we-rely-on-most/
6 Francis, R. (May 2017). Ransomware makes healthcare wannacry. Retrieved on May 16, from www.csoonline.com/article/3196827/data-breach/ransomware-makes-healthcare-wannacry.htm
7 Morgan, S. (June 2016). Cybersecurity Business Report: Cybersecurity spending outlook: $1 trillion from 2017 to 2021. Retrieved on May 23, 2017, from www.csoonline.com/article/3083798/security/cybersecurity-spending-outlook-1-trillion-from-2017-to-2021.html
8 Setalvad, A. (March 2015). Demand to fill cybersecurity jobs booming. Retrieved on May 23, 2017, from www.peninsulapress.com/2015/03/31/cybersecurity-jobs-growth/
9 (2015). Cybersecurity Jobs, 2015. Retrieved on May 16, 2017, from www.burning-glass.com/research/cybersecurity/