The internet has been around for more than forty years, and during that time it has led to an unprecedented revolution in the way we work, live, and spend our leisure time. Companies have been able to create, or adopt radically new business models, and their employees have adapted to new ways of working. However, with such a paradigm shift, comes the ever-changing risk of criminal activity. Cyber crime continues to evolve and grow across the globe, and particularly in the entrepreneurial United States. Common cyber security issues are increasingly being seen. Let’s look at the top threats that affect US businesses.
Third-Party Exposure
Cyber criminals are able to manoeuvre around security systems by hacking networks that are less well protected, particularly those belonging to third parties with access to the hacker’s target. Think back to the 2021 data leak from Facebook, where over 214 million accounts on Facebook, Instagram, and LinkedIn were accessed through a joint third-party contractor, Socialarks.
These kinds of attacks are becoming even more likely, with over 50% of US businesses willing to hire freelancers due to the remote working trend caused by Covid-19. Cyber security firm CyberArk reported that 96% of organizations give external parties access to critical systems, which can provide an unprotected access route to their data.
Poor Cyber Hygiene
Cyber hygiene refers to practices and habits taken when using technology, such as the use of unprotected Wi-Fi, or failing to implement safeguards like VPNs, or multi-factor authentication (MFA). Unfortunately, research shows that Americans’ cyber hygiene habits are less than ideal.
Nearly 60% of organizations rely on nothing more than human memory to manage passwords, with a further 42% of organizations using physical sticky notes! Over half of IT professionals do not require the use of two-factor authentication for access to company accounts, and just 37% of individuals use two-factor authentication for personal accounts.
Social Engineering
Social engineering attacks rely on human error, making them one of the most dangerous cyber security issues US businesses must be aware of. When 85% of data breaches involve human interaction, it’s clearly much easier to trick a human than to hack a system. Social engineering attacks include techniques such as email impersonation and phishing, but continue to adapt to changing trends and technologies.
Employing MFA on all accounts and rigorous cyber security training for all staff members, is a crucial step in reducing social engineering attacks, and the business risk they represent.
Poor Data Management
We live in the era of Big Data. The amount of data created by consumers doubles every 4 years, but over 50% of that data is never analyzed or even used. Excess and unnecessary data can leave valuable information more vulnerable to cyber-attacks. Breaches caused by mistakes made during routine data handling, can be as costly as those that occur from more sophisticated methods.
The move from a world of Big Data, to one of ‘Right Data’ and targeted information, organizations will need to rely more heavily on automation, which comes with its own set of cyber-security risks.
Ransomware
Ransomware is not a new threat, but the impact has become significantly more costly as the years have gone on. Between 2018 and 2020, the average cost of a ransomware attack grew from $5,000 to nearly $200,000, with system downtime now standing at an average of 21 days.
Around two-thirds of cybersecurity professionals surveyed in 2021, said their companies were harmed by significant revenue loss due to a ransomware attack. In the United States, 31% of businesses were forced to close their entire business for a period of time after an attack. This figure is a remarkable 34% for the United Kingdom.
Vulnerabilities with Mobile Devices
The pandemic has seen an increase in mobile device usage, which in-turn has led to more people using home devices to do sensitive work tasks. Just under half of all companies surveyed were involved in a security incident due to malicious malware being downloaded by an employee.
Ironically, this has led to cyber-criminals targeting mobile device management (MDM), one of the solutions that tries to keep data and devices safe. These attacks can be very effective, since the entire population of an organisation’s mobile devices are likely to be connected to the same network.
Internet of Things (IoT)
The rise of the so-called Internet of Things, where a rapidly increasing number of devices are now network connected, leads to our final group of threats. From smart doorbells, with integrated CCTV cameras, to refrigerators that can order your groceries for you. In 2020, four-in-ten Americans indicated that they were more interested in adding smart home features, or devices, to their residences. By itself, this may not be a problem, but combine it with the worrying lack of cyber hygiene, and there is a big problem heading our way.
However, it’s not just homeowners’ that should be concerned. The total number of connected IoT devices is expected to reach 3.5 billion in 2023, with experts predicting that over 25% of all business cyber-attacks, will be IoT-based by 2025. Perhaps the cyber threat to your fridge does not worry you, but what if it acted as a gateway to more valuable and vulnerable systems on the network?
About Intaso
Intaso are a UK boutique head hunting and talent solution firm with Cyber and Information Security expertise. We have extensive first-hand experience across all elements of attracting the right talent, from often unfound and untapped resources. We believe that having a genuine passion for the industry, pride in the quality of our services, a tailored range of talent solutions, and a personal approach means we have a unique offering, which has worked with businesses of all sizes and industries.
If you are looking for the best talent in the industry, or want to discover a great new role, please get in touch. We would love to hear from you.