The top 10 cyber security challenges for businesses

Cyber security is becoming an increasingly important issue for businesses worldwide, with the financial and reputational cost of data breaches creating significant headaches for unprepared boards.

While technology is helping organisations to optimise their operations through various innovative means, the number of cyber security threats that companies must tackle has grown.

But what risks do cyber security experts face in 2017? Here is a list of some of the key problems that organisations must consider as we head deeper into the year.

1. Ransomware

We’ve covered the danger of ransomware in our blog before, and the recent McAfee Labs 2017 Threats Predictions report said this form of malware will remain a problem for businesses well into the second half of this year.

Ransomware typically prevents users from accessing important information and data on their computers or networks until a payment is made. However, cyber criminals don’t always free up devices once the ransom is met and often try to extort more money out of their victims.

2. Distributed denial of service (DDoS) attacks

DDoS attacks have crippled multiple big names over the past few years, including the BBC, cloud-based internet performance management firm Dyn, and presidential hopeful Donald Trump’s election campaign website.

“DDoS attacks will not only scale up this year to a terabit per second in some instances, but also increase in frequency to a total of 10 million attacks,” said Phill Everson, UK head of cyber risk services at Deloitte.

“The volume and scale of such breaches would challenge the defences of organisations, regardless of size.”

3. Hacktivism

Not all cyber criminals are profit-oriented, and the rise of hacktivism means a growing number of people are breaking into computer systems for politically or socially charged reasons.

These attacks can be even more damaging than traditional threats because hacktivists are often trying to make a statement, so their efforts are usually very publicly damaging for an organisation’s reputation.

There are also significant safety concerns if hacktivists can override safety mechanisms or publish documents that pose national security risks.

4. The Internet of Things (IoT)

McAfee estimates there will be approximately 1.8 billion connected devices in consumer hands by 2019. Hacking into such systems will become more common over the coming years, with ransomware and hacktivism thought to be key problem areas.

There is also a significant privacy threat, as smart devices typically contain a considerable amount of sensitive information that cyber criminals could access. According to McAfee, some products sold this year may already have backdoors installed that criminals can leverage.

5. Dronejacking

Organisations and consumers are using drones in new and exciting ways, and cyber criminals are likely to take advantage of this growing popularity by hacking into the technology.

The McAfee report said experts have already shown how easy it is to take over a toy drone, land it on the roof of a home or business and hack into local wireless networks.

6. Social engineering

As cyber security technology and preventative measures become more complex, criminals will turn to social engineering in an effort to bypass such systems.

This involves manipulating or deceiving key individuals into divulging important data or financial information, such as through phishing techniques.

Figures from the Anti-Phishing Working Group revealed phishing attacks surged 65 per cent in 2016 when compared with the previous year.

7. Insider threats

Businesses don’t just face external threats; there is a significant chance of cyber security issues arising internally. In fact, the IBM 2016 Cyber Security Intelligence Index found that 60 per cent of data breaches in the preceding year were due to insider threats.

Of these, more than two-thirds were people with malicious intent, while the remaining incidents were due to ‘inadvertent actors’. The latter refers to innocent individuals who accidentally allowed attackers access to information, or who failed to follow security measures.

8. Machine learning

Machine learning algorithms are helping businesses perform complicated data analysis tasks on huge quantities of data at phenomenal speeds with minimal manual input.

The technology is used to detect fraud, predict the success of marketing campaigns and automate consumer product suggestions, as well as numerous other innovative applications.

However, McAfee predicts machine learning will be leveraged to commit crimes, such as aiding fraudsters in identifying high-value targets among large datasets.

9. Mobile malware

As a growing number of people use mobile devices to perform everyday business tasks, the likelihood that cyber criminals will attempt to exploit weaknesses in the technology rises.

Kaspersky Lab recently revealed that mobile malware attacks tripled between 2015 and 2016, with the firm identifying 8.5 million malicious installations. The organisation also found that instances of both mobile banking Trojans and mobile ransomware increased by a rate of 1.6 times over a 12-month period.

10. Fake ads and feedback

Consumers are frequently bombarded with advertisements online, and the proliferation of fake ads and phishing attacks have eroded trust in net-based marketing collateral.

Meanwhile, purchased ‘likes’ and other forms of fabricated feedback are exacerbating the problem, leaving customers sceptical of the validity of various online advertising methods.

Even businesses that are not involved in such activities may find fake ads and other nefarious marketing tactics are affecting their legitimate campaigns.

Boosting cyber security preparedness

This top ten list highlights some of the key cyber security risks that businesses are facing now and will continue to see in the future.

Keeping ahead of sophisticated cyber criminals requires a mixture of the right systems and software, the best security professionals and boardroom buy-in for cyber security measures.

Given the pace of technology evolution, organisations must work hard to stay ahead of resourceful cyber criminals who are looking to exploit the vulnerabilities in core business systems.

Our Market Reports combine our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.