This article was updated April 22, 2024.
Cybersecurity incidents and breaches often result from improperly secured systems and a lack of user education and awareness, which means you can often prevent them with a more stringent cybersecurity strategy.
Since 2019, the Internet Crime Complaint Center (IC3) received an average of 652,000 complaints per year affecting victims across the globe with losses totaling over $10 billion in 2022. The main incidents businesses and individuals reported were ransomware attacks, phishing scams, and business email compromises.
Headlines make it seem like breaches happen only to large organizations; however, attackers target small and midsized organizations more frequently due to their lack of sophisticated security controls.
According to the 2023 IBM Security Cost of a Data Breach report, organizations with less than 500 employees reported that the cost of a data breach was around $3.31 million. This was an increase from the prior IBM report.
The majority of those attacks—98%—were financially motivated, according to the 2023 Verizon Data Breach Investigation.
The Biggest Cybersecurity Threats
It’s important to understand the most common cybersecurity threats your organization could face as you strengthen cybersecurity controls and attempt to avoid these issues.
The most widespread cybersecurity threats are ransomware and phishing.
What Is Ransomware?
Ransomware is malware an attacker installs on a victim’s system via a phishing attack or infected website to lock or encrypt a victim’s data until they pay large sums of money.
Some ransomware variants could infect multiple systems at once and disable an organization’s operations for days, and sometimes even weeks.
Ransomware attacks have risen 13% since 2019, with an average cost of $1.85 million. There are $1.7 million ransomware attacks every day. Phishing and business email compromise make up the prime vectors for these attacks to succeed.
What Is a Phishing Attack?
Email phishing is a social engineering technique that uses email to deceive end users into providing sensitive information, such as:
- Passwords
- Social Security numbers
- Payment card numbers
It’s also one of the main delivery methods of a ransomware attack.
A phishing email will typically use an attachment that looks trustworthy to carry the ransomware program; it infects the target’s computer when you open it and may spread to other systems.
What Is Business Email Compromise?
Business email compromise is a specific corollary of phishing. It’s a heightened level of deception that involves impersonation, as the attacker uses artificial intelligence to create behavioral profiles of key executives and mimic email behavior.
An employee will receive an email that asks for sensitive information like a request to switch account numbers, or to move funds from one bank to another. However, the attacker will make the email look as though it came directly from a C-level executive, which is why these attacks have also become known as CEO fraud.
Risks of a Ransomware Attack
Two common consequences of a ransomware attack are cyberextortion and data breaches.
What Is Cyberextortion?
Ransomware is the most common type of cyberextortion. Cyberextortion occurs when cyber-criminals demand payment through the use of or threat of some form of malicious activity against a victim, such as data compromise or denial-of-service attack.
Victims of ransomware usually face demands to pay criminals in cryptocurrency. However, reports also exist of other currencies, gift cards, and ransoms of up to several thousand dollars, with some payments in the millions.
What Data Is Sensitive to a Data Breach?
A ransomware attack places the organization’s data at high risk, as cyber-attackers will now exfiltrate the data and most attacks are now double extortion attacks. According to BlackFog, 89% of reported ransomware incidents in 2022 used data exfiltration.
The threat of leaking sensitive data to the public and to the Dark Web has become a ploy to threaten businesses with releasing potentially sensitive information.
Data Types Susceptible to Cybersecurity Threats
- Source code. Code that houses the building blocks of any proprietary software.
- Proprietary information and systems. Databases that include trade secrets, business strategies, product designs, and even operational procedures.
- Personal identifiable information (PII). Data that could identify a specific individual and can identify, contact, or locate a particular person on its own or with other information.
- Protected health information (PHI). Information about health status, provision of health care, or health care payments that can link to a specific individual.
- Customer lists. A data set that may contain PII, contact information, proprietary research, financial information, or competitive analysis. This data is usually intended for internal use only.
There’s much debate circling the central question of a ransomware attack; if you get hit, should you pay the ransom?
The US Department of Justice recommends not paying a ransom as it doesn’t guarantee you’ll be able to recover all of your data; some victims that paid a ransom were targeted again because they paid, and paying encourages more of this cybercriminal activity.
The FBI and the Cybersecurity & Infrastructure Security Agency (CISA) suggest ransomware victims notify law enforcement so they can track incidents and assist in future prosecution.
In the end, organizations have to weigh the costs and benefits of how much money they lose each day that attackers lock them out of their systems—and determine the risk and benefits of paying.
Other Common Cybersecurity Threats
While ransomware, phishing, and data leakage represent some of the top threats organization’s face, hacking and insider threats still happen frequently. An organization’s risk assessment program needs to cover all bases.
What is Hacking?
Hacking refers to activities that seek to compromise systems. Gaining access to IT systems from outside an organization is still a cybersecurity threat that requires organizations to prepare. Hacking gains access to sensitive data and exfiltrates that data for profit, or just for the thrill.
Hacking uses numerous methods to try and gain access to systems, including social engineering, tricking staff into revealing usernames and passwords, or exploitation of software vulnerabilities and misconfigurations.
If a hacker can’t get through the firewall protecting a target’s network infrastructure, then they’ll move on to the next easiest place, which is the network’s applications and systems.
With the move of infrastructure and applications into the cloud, the cloud-based configuration issues have become a prime target for attackers and cybercriminals. Most organizations will have cloud misconfigurations due to lenient access control, lax storage policies, or publicly exposed assets.
Hackers can also exploit another vulnerability: outdated or unpatched software. Software companies frequently release patches, which critically secure the application’s security vulnerabilities but can take time to install.
Zero-day vulnerabilities are those vulnerabilities that leave no time to fix them before they are exploited by an attacker. Sometimes these vulnerabilities are known to a vendor, but they don’t have a patch, or it can’t be patched.
What Are Insider Cybersecurity Threats?
Although it’s difficult to hear, many cybersecurity breaches come from inside an organization.
Roughly one-third of data breaches reported last year emerged from an insider, contractor, or an employee. Insider threats are classified as malicious threats, unhappy workers, and accidental errors. According to the Gurucul 2023 Insider Threat Report, 74% of organizations say insider attacks have become more frequent and more than half have experienced an insider threat in the last year.
Insider threats are more difficult to detect, and an employee can cause them intentionally or through negligence.
We’re Here to Help
If you have questions about how to protect yourself against cyberthreats, please contact your Moss Adams professional.