Top 10 cyber security threats

With shifts in the digital landscape and more devices becoming connected, Cyber magazine takes a look at the top 10 cyber security threats

Cyber security is one of the fastest-growing industries, with the digital landscape rapidly changing. More people than ever before are realising the importance of data protection, and are becoming more aware of cyber security threats. We take a look at ten of the top cyber security threats facing organisations today.


10. Endpoint Security

As more companies move resources into the cloud and rely on remote workstations, the attack surface increases. The challenge for organisations is how best to secure these off-premise systems and personal devices. Endpoint attacks are frequently used by cybercriminals to gain access to larger networks. By requiring endpoint devices to meet security standards before being granted network access, enterprises maintain greater control to effectively block cyber threats and attempts. 


9. Third-Party Exposure

Different relationships, even with the same vendor, expose an organisation to different levels of risk. Many retailers use third parties for services such as payment processing. Even if a company does not directly handle personal information—including social security numbers or credit card numbers—a third party can put them at risk. With malware, hackers can steal data through third-party vendors. 

8. Formjacking

Formjacking is a type of cyber attack where hackers inject malicious JavaScript code into a webpage form–most often a payment page form. When a site visitor enters their payment card information and hits submit, that malicious code collects the payment card number–as well as other information like the customer’s name, address, and phone number. The code then sends this information to another location of the attackers’ choosing. 

In many cases, cybercriminals hijack the checkout page on eCommerce sites to steal financial information and credit card numbers. The goal is to skim valuable data submitted on the forms.  Symantec’s Internet Security Threat Report shows formjacking dramatically increased. The report showed an average of 4,800 websites are compromised with formjacking code each month.


7. Cryptojacking 

Cryptojacking is a type of cybercrime that involves the unauthorised use of people's devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency. Like many forms of cybercrime, the motive is profit, but unlike other threats, it is designed to stay completely hidden from the victim.

Mining for cryptocurrency requires immense amounts of computer processing power, therefore hackers make money by secretly piggybacking on someone else’s systems. For businesses, cryptojacked systems cause serious performance issues and costly downtime as IT teams track down and remove cryptojacking code.


6. Internet of Things (IoT)

The Internet of Things (IoT) connects devices from all over the world through the internet. According to Deloitte, with the IoT, sensors collect, communicate, analyse, and act on information, offering new ways for technology, media and telecommunications businesses to create value—whether that’s creating entirely new businesses and revenue streams or delivering a more efficient experience for consumers.

Because of its convenience, many individuals and businesses are taking advantage of IoT, but the very thing that makes them convenient also makes them vulnerable. Hackers can exploit internet connectivity as an access point to steal data. As companies increasingly rely on IoT devices, many experts predict this will be one of the biggest cyber threats in the coming years.

A Fortune Business report indicates that the Internet of Things (IoT) market is likely to grow to $1.1 trillion by 2026. 


5. Patch management 

Many attacks start with outdated software. Not staying up-to-date with software patches can leave companies vulnerable to information security breaches and as soon as attackers learn of a software vulnerability, they can exploit it to launch a cyber attack.

Patch management is the process of distributing and applying updates to software. These patches are often necessary to correct errors (also referred to as “vulnerabilities” or “bugs”) in the software. 


4. Social engineering 

Social engineering attacks exploit social interactions to gain access to valuable data.  Cyber criminals trick and manipulate their targets into taking certain actions, such as bypassing security measures or disclosing certain sensitive information. Even the best cyber security systems can’t stop a social engineering attack, because the target lets the hacker into the system. 


3. Phishing attacks 

Phishing attacks continue to play a dominant role in the digital threat landscape. In its 2021 Data Breach Investigations Report (DBIR), Verizon Enterprise found phishing to be one of the most prevalent action varieties for the data breaches it analysed. Its researchers specifically observed phishing in more than a third (36%) of breaches. That’s up from 22% a year earlier.


2. Cloud vulnerabilities   

The more we rely on the cloud for data storage, the higher the risk of a major breach. Cloud services are vulnerable to a wide range of cyberattacks, but many businesses believe they are secure because they use cloud security technology. 

In reality, technology is only part of the solution. Because no technology can completely eliminate vulnerabilities, a holistic approach is needed for robust protection. Insurance is an important piece of that protection as part of a comprehensive cyber risk management plan.

1. Ransomware attacks 

Ransomware is a type of malware that prevents you from accessing your computer or the data that is stored on it. The computer itself may become locked, or the data on it might be stolen, deleted, or encrypted. The attacker will then demands a ransom from the victim to restore access to the data upon payment. 

The frequency of ransomware attacks has increased dramatically over the past year, with 93% more carried out in the first half of 2021 than the same period last year, according to Check Points mid-year security report. According to a U.S. Treasury Department report, there was an estimated $590 million in suspicious activity linked to ransomware attacks in just the first six months of the year. For all of 2020, that amount was just $410 million.



Featured Articles

BlueVoyant's Tom Moore Talks Legal Procedure Following Hack

BlueVoyant's Tom Moore explains how companies should act with legal council following a cyber attack

GDPR: Studying the World's Strictest Security Law 6 Years On

We take a look at the history, impact, and future of GDPR to see how it has effected the cyber sphere six years after its enactment

Banking Titan Baird Gives 9 Pointers for Cyber Investors

Investment bank Baird have made nine observations from RSA Conference that investors should consider when investing in today’s cyber market

OpenText's Pillr Buy Show Acquisitions Still in its Strategy

Cyber Security

Zoom Prepares for Quantum World with Post-Quantum Encryption

Cyber Security

Tenable: Security Expertise Gap Threatening Cloud Expansion

Operational Security