In 2019, cybersecurity risks have shown that they are here to stay and are quickly becoming a global concern for businesses of all sizes. Stealth and low cost of entry make cybercrime a very lucrative career path for hackers, and the data is showing the number of attacks is increasing at alarming rates. Sitelock’s 2019 Website Security Report stated an increase in cyber-attacks of 59% in 2018, with an average of 62 attacks per day for the entire year. And with the frequency of attacks growing substantially in the last year, the severity of such attacks has increased as well. A cybercrime study conducted by Dr. Michael McGuire found the cybercrime market’s profitability to be in excess of $1.5 trillion. To put this profitability into perspective, this number would put this industry in 17th place on the world’s GDP list, just ahead of the Netherlands.
With cyber-crimes being an hourly occurrence, the time is now for businesses of all sizes to take this threat seriously and evaluate current cybersecurity programs to ensure internal data is being kept safe. This article will look at three emerging cyber risks businesses need to be on the lookout for in 2019 and beyond.
Malware attacks are a big issue right now that is getting worse by the day. Accenture estimates that the average cost of a malware attack on a company is around $2.4 million. With cyberattacks only increasing in frequency and attacking new targets, such as smartphones and third-party applications, these costs will only increase moving forward. Malware attacks usually hide within communications that appear on the surface to be innocent and legitimate- however, once a link is clicked, it is already too late. These threats get even worse when you consider that a large majority of malware attacks on businesses are triggered by an employee who does not follow proper cybersecurity protocols when receiving communications from unknown parties. Malware attacks will only increase in volume and impact in the years to come, and they will show why it is so important for businesses to properly train their employees to identify and detect malware communications before they cause harm to the organization. Businesses with mobile devices and other technologies may be at an even greater risk as more devices creates greater exposure to malware threats.
Cloud computing is a relatively new technology platform which allows businesses to throw out legacy IT infrastructures, lower their operational costs, and increase transparency among different business units. Cloud computing has become so popular, Forbes published a statistic showing that 77% of businesses have at least one application of their computing infrastructure in the cloud. This significant adoption by businesses delivers a golden opportunity for cybercriminals to exploit for illicit gains. Sophisticated attackers target cloud apps and associated users to steal data and perform illegal operations. Hackers have the options of either attacking the cloud platform itself or indirectly through cloud platform users. The big-picture problem with cloud abuse by hackers is these platforms are a pool system which benefits off the network effect, whereby more users equals more value for the entire network. A cloud attack could shut down the entire platform while the host company identifies and treats the system vulnerabilities. This would cause major interruptions for businesses using cloud systems to complete core operational activities. Cloud data will be a cybercrime target to keep a watch on as these services continue to grow in popularity and adoption in the business world.
Cyber risks are most often viewed as existing outside the organization, not within. This is a misconception, however, and there is ample data showing that insider threats can be just as prevalent and harmful as outside attacks by cybercriminals. A 2018 Insider Threat Report found that 66% of respondents consider malicious insider attacks or accidental breaches to be more probable than external attacks. This is quite a startling statistic to many, but it shows that there are legitimate reasons why businesses should be concerned about the real threat of insider cyber-attacks. For one, company employees are much more familiar with internal data systems than an external hacker who could be thousands of miles away. Insiders know the “lay of the land” with a business’s internal systems that house sensitive data; from personal health information to customer financial records. Those who work within the company will know exactly which vulnerabilities can be exploited for personal gain and will have an advantage on being able to cover their tracks once a breach is recognized. This is a threat which will continue to be a concern for businesses of all sizes in 2019 and beyond.
Cyber threats to your business are not going away any time soon. These threats come from all over the world and hide behind a cloak of mystery and secrecy. Businesses need to become aware of the present and emerging cyber risks which can both adversely impact their business’ operations and threaten the survival of the organization itself. Cybercriminals could not care less if your business suffers from a financial loss at the hands of their work, so make sure your business is aware and ready to fight back when these hackers come looking for trouble.
Cory Mangum, MBA, CPCU