Specialist insight

Cybersecurity threats: where do they come from and what’s at risk

Cybersecurity is big news. Every company, every organisation is a potential target.

The worldwide cost of cybercrime is estimated to reach $2 trillion by 2019; IBM CEO Ginni Rometty believes it’s the greatest risk to every company around the world. And yet, despite international awareness campaigns, many organisations are still a step behind when it comes to understanding and responding to the growing threat.

Where cybersecurity threats come from

It’s usually the large-scale external attacks that make the news. But many of the day-to-day cyber risks come from inside your company. These can include leaks by employees who, intentionally or inadvertently, reveal passwords and sensitive information, or the action of malicious insiders – employees or known associates who seek to use their access and information to damage or exploit company networks.

External attackers are, of course, an ever-growing threat – searching 24/7 for gaps in your security to gain access to your systems, or trying to break your online presence from the outside. Any sensible, robust approach to cybersecurity needs to recognise and deal with both internal and external threats.

Every business is at risk. The connected nature of modern business means that hackers will often target smaller businesses as a route into their larger partners, customers, or suppliers. Larger businesses now routinely demand that all suppliers and partners, however small, have proper cybersecurity measures in place.

Types of cybersecurity threats

The threat landscape is constantly evolving. Some of the most common cyber threats include:

Distributed denial-of-service (DDoS) attacks. A network of computers overload your website or software with useless information, causing a crash and forcing you offline. These are preventable with antivirus software, firewalls and filters.

Bots and viruses. Malicious software that installs itself (bots), or tricks employees into installing it (Trojan Horses), on your systems to gain control or steal data. Up-to-date software and SSL certificates, strong antivirus protection and informed employees can help avoid these.

Hacks. Malicious outsiders finding flaws in your security to access your systems and control or steal information. Regularly updating passwords and security systems are both key to foiling hacks.

Phishing or pharming. Attempts to gain sensitive information by fraudulently impersonating a trustworthy source. Phishing is email-based, while pharming centres around bogus sites and servers. Awareness is vital to help all staff avoid this tactic.

What’s at stake

Data breaches alone see upwards of 4.4 million data records being lost or stolen worldwide every single day.

Take the 2015 data breach at UK telecoms company TalkTalk. Web pages containing databases no longer supported by their producer were accessed by hackers, who stole the personal data of 156,959 customers. The result was lots of negative publicity, reputational damage and a record fine of £400,000 from UK authorities. With major changes occurring to SSL (which encrypts many web pages) in 2017 many more businesses are at risk.

One of the world’s largest DDoS attack ever took place in 2016, when US network provider Dyn was targeted. The attackers had harnessed the Internet of Things (internet enabled devices like cameras and fridges) to conduct the attack, and took down many major websites as a result. As the Internet of Things continues to expand, the risk is set to increase.

Cyber threats can also directly impact company products and finances. When Sony Pictures was hacked in 2014, leaks threatened to undermine or devalue their products and ended up costing the company an estimated $300 million. In 2016,
the Bangladesh Central Bank lost $80 million to hackers who gained access to their systems, stole sensitive passwords and transferred funds to fraudulent accounts abroad.

What should my business do?

Effective cybersecurity doesn’t need to be complicated or expensive. Think of it in the same way you’d approach the physical protection of your home or workplace – by being vigilant, keeping things secure, and ensuring everyone in your team knows what to do (and what not to do).

Be vigilant. A fully-featured antivirus/business security product such as AVG Business Security with AVAST Mobile Device Management, installed across all company-owned and user-owned devices and managed centrally, acts as your vigilant eyes day and night against external threats such as ransomware, phishing/pharming attempts, and bot/virus attack.

Secure everything. Security experts Trustify found that 88% of high profile security breaches in 2015/16 were the result of poor encryption – it’s like leaving your front door unlocked or letting confidential files lie open on an office desk. Fully-implemented encryption solutions, such as Entrust SSL Data Encryption, will lock away confidential information and deter hackers.

Train everyone. Use cybersecurity checklists and training to get your team up-to-speed and fully cybersecurity-aware, and implement deeper cybersecurity staffing solutions such as Chief Information Security Officer-as-a-Service and Data Protection Officer-as-a-Service, cementing your business’s compliance with key standards such as the new General Data Protection Regulations (GDPR), Government Cyber Essentials, and PCI-DSS Compliance.

With such high stakes, it’s never been more important to stay on top of cybersecurity issues, and ensure your business is protected. Regus clients can access special Trustify offers through the Regus Marketplace – take a look today to see how your company could benefit.