Cyber threats are evolving all the time, becoming more prevalent and increasingly sophisticated. Alarmingly, Gartner predicts a threefold increase in the number of organizations worldwide that will experience attacks on their software supply chains by 2025, compared to 2021. The impact of a security breach could be business critical, causing untold financial and reputational damage. Therefore, it’s vital to know which threats to watch out for. Here’s a run-down of the top five most common cyber threats today:
1. Social engineering attacks (or phishing)
Most security breaches are due to social engineering — where criminals trick people into giving out confidential information, clicking on malicious links, or providing entry to secure systems. Approaches can be made via email or telephone, sometimes even using voice impersonation software to make it more convincing. Mark Gendein, Principal Architect at Thomson Reuters, says, “These scams are becoming more effective, which is concerning, as you might expect growing awareness to make them less so.”
2. Ransomware
This is where criminals use malware to hold an organization’s data for ransom, either by blocking access to it or threatening to publish it. Typically, ransomware is downloaded and installed when users open malicious email attachments, click on infected links, or visit infected websites. It’s an extremely widespread type of cybercrime because it is so profitable. Along with the costs of recovering what could be extremely sensitive information — especially for law firms — operational downtime, regulatory sanctions, and potential loss of business could also cost firms dearly.
3. Mobile security attacks
More than six billion people worldwide use smartphones and many often use the same device for professional and personal use. Fake apps that look like genuine apps are infiltrating the App Store and can con users into granting permissions or infect the phone with viruses and malware, enabling criminals to take over accounts and gain access to sensitive data.
4. Remote working risks
Now that more people than ever are working remotely, there are potentially far more weaknesses in employers’ systems. Staff may be using out-of-date routers in their homes, working on their own vulnerable devices, or connecting to unsecured wi-fi networks in cafés. According to Jesse Mrasek, Senior Cloud Solutions Architect at Microsoft®, “Very few people know how to patch home routers effectively to update them against threats and it may not even be possible if the routers are old. Carrying out device management at scale is a significant logistical challenge for businesses.” Organizations may need to create, review, and strengthen “bring-your-own-device” policies.
5. Identity-based cloud security threats
Being “in the cloud” can be more secure than hosting everything on premises, given that major service providers like Microsoft spend billions on security and have teams of experts constantly chasing down threats. However, it does depend on what you are doing. Weak spots can occur, especially where some elements are self-hosted in the cloud.
Gendein says, “There are some great tools out there to help you manage security in the cloud, but you have to know how to use them.” As noted above, technology may not be enough to protect you. Typically, attacks will target the identity holder — the firm rather than the service provider — and phish for staff to provide access to log-in details or other data.
Usually, these criminals aren’t chancers; they are highly organized and clever, running their operations like a business. They know exactly how to get what they want. The risks for firms are ever present and ever changing, so there’s always more that can be done to minimize vulnerabilities and strengthen defenses. Learn more about how to do so in “Three key ways to make your firm more cybersecure.”
