While there are a number of hardy perennials that feature in the list of major security threats every year, such as phishing scams, spyware and ransomware, the dramatic shifts in business and working practices during the pandemic have increased their potency.
Remote working has opened up a wide range of potential points of attack for cyber criminals. For instance, if employees log onto the company network from unsecured public WiFi, it’s far easier for cyber criminals to gain access.
Reeling them in
Some of the most popular and effective forms of cyber attack involve phishing and social engineering. According to the IDG 2020 Security Priorities Study, 36% of security incidents were caused by remote employees falling victim to phishing or other non-malicious violations of security policy.
The widespread usage and success of phishing attacks is a testament to the enduring deficiencies in employee security awareness. All too often, workers are unaware of their roles and responsibilities in the enterprise security strategy.
With more employees working from home, this is an urgent issue. As such, employees need training and awareness of their roles in your security plan.
Do they understand why security policies are there? Make them aware of the risks they pose by replying to emails or clicking on links without thought or pause, such as opening the company to ransomware and other kinds of malware that can jeopardise operations.
Living on the edge
The increase in remote endpoints outside the corporate network amplifies the danger posed by common cyber threats.
As a consequence, your security strategy should account for all endpoints, irrespective of user, device branch or location. It should identify and respond to threats before they spread across the network and ensure security software on devices is always patched and up to date.
Vulnerabilities created by unpatched software are one of the most common attack points for cyber criminals.
The 2017 Equifax data breach is a prime example, exposing the sensitive information of 143 million US consumers. This breach was caused by the failure to apply a security patch for third-party software on its servers.
Your security policy and solutions should include patching and updating software. Unfortunately for many businesses, this basic practice is often overlooked.
The inside job
Internal security threats are a major issue for all businesses. These can be divided into three categories: negligent employees/contractors, credential theft and criminal/malicious insiders.
A recent report by the Ponemon Institute, The Cost of Insider Threats, found the overall cost of insider threats had risen from $8.76 million in 2018 to $11.45 million in 2020.
Over the same period, the number of incidents increased from 3,200 to 4,716. Large organisations spent an average of $17.92 million to resolve insider-related incidents.
Most inside threats were due to negligence (62%), followed by criminal/malicious insiders (23%) and credential theft (14%).
To counter insider threats, many companies are deploying user training awareness (55%), data loss prevention (54%) and user behaviour analytics (50%).
As with other cyber threats, employee training and awareness is an effective countermeasure. Simply teaching employees to be more careful in their digital activities can significantly reduce the risk of negligence and exposure.