The landscape of cyber threats is constantly evolving. Between August 2020 and August 2021, ransomware attacks increased by 64%. No organisation is immune to falling victim to a ransomware attack, however thankfully many businesses are investing time and resource to protect their network and systems. One key component of maintaining strong cyber security is employee education. Being able to recognise common threats is great, although there are many threats that businesses will not be aware of. In this article we will discuss 6 cyber threats commonly overlooked.
Shadow IT
Hardware or software which has not been reviewed by IT can be a huge risk to a business. This includes cloud services or applications for increasing productivity. The risk of using the unauthorised software is that it may have a vulnerability that could lead to an attack on a business’s network or system. Equally, if staff are using unauthorised file sharing platforms, it leaves the possibility of sensitive data being vulnerable to a cyber breach. An additional example may include employees using personal devices like laptops and smartphones to access company networks and data. A pre-existing virus may have already infected the users laptop and will spread on the network.
USB Drop Attacks
If you ever find a USB stick on the floor, especially in a company car park or outside the company entrance, do not plug it into your machine! Cyber criminals will drop USB sticks infected with malware on the floor hoping an employee will plug it into a work device. If successful the hacker can infect your systems with ransomware locking your data. Education and understanding risk is key to preventing such attacks.
Social Media Phishing
Phishing attacks are some of the most common attacks and have been for many years. These are social engineering attacks where an attacker sends a fraudulent message designed to trick an employee into revealing sensitive information or clicking on a malicious link. Typically, these attacks are through email, and many employees are wary of this and think twice before opening an email from an unknown sender. However, these attacks also take place on social media, where employees are less likely to consider the consequences of opening a link from someone on LinkedIn. Employees should treat messages on social media, or SMS messages with the same level of scrutiny they do for emails.
One of the most common attacks are phishing attacks. These are fraudulent communications disguised to be from a reputable source in order to trick employees into revealing sensitive data. Usually these attacks are sent via email with a malicious link included. Many employees are wary of these attacks and think twice before clicking on a suspicious email. However, recently we have noticed more of these attacks are taking place on social media, where employees are less likely to consider consequences of opening a link. Users should treat social media sites like LinkedIn, with same level of scrutiny as they do for outlook.
Insider Threats
Individuals with access to company data and systems, intentionally or unintentionally, can cause harm to the business. This includes ex-employees that purposely infect a computer or current employees willing to sell company data. To prevent inside threats, setting up role-based access controls only allows employees to access data required for their job.
IoT
Devices with access to a business’s network are vulnerable to being exploited. Hackers can use TV’s, smart speakers, smart coffee makers and CCTV systems to spread ransomware. To mitigate risk, the devices should be on a separate network to the servers and computers.
Malvertising
Believe it or not, hackers are now buying legitimate advertising space on websites and embedding malicious code. Once you click on the ad, it will direct you to a malicious website that will infect your device and spread across the network. To avoid falling victim always keep your browser up to date and avoid clicking on advertisements.
To keep your business secure with a complete cyber security solution, contact us today.