Navigating cybersecurity under normal circumstances is a challenge, let alone in an uncertain world where Covid-19 has caused a rapid shift in the way people and organisations work. This shift has led to cybercriminals upping the ante by devising new and easier ways to manipulate people and hack into companies, making cybersecurity threats greater than ever before.
In this blog, we explore the 5 cybersecurity threats CEOs need to understand so they feel confident that their company is properly protected in the event of an attack.
#1. Social engineering
This involves cybercriminals manipulating people so that they divulge confident and sensitive information including passwords, bank details and computer access.
As businesses continue to use video conferencing applications and SaaS services like Dropbox, Slack, and Office 365, hackers are improving their impersonation skills with more sophisticated attack types – making it easy for people to fall for their tricks.
As a CEO, if you invest time in raising staff awareness around social engineering, it will make employees think twice before answering an abnormal request.
#2. Ransomware and malware
This involves an attacker using software to deny a person access to their computer or system until a ransom is paid. These threats not only cost the company money but also have a huge impact on disrupting the company as you clean up the network and restore business operations.
Unfortunately, ransomware is on the rise. IBM’s 2020-2021 Data Breach Report shows that $4.24M was the average cost of a data breach in 2020 and that email was responsible for 94% of all malware threats.
You can get on the front foot by following our Essential Eight Cybersecurity Framework, as identified by the Australia Cyber Security Centre.
#3. Supply chain attack
This involves a company’s system being intruded by a third party who has access to the systems and/or data. As digital supply chains are on the rise, so too are the opportunities for hackers to intrude.
This means it’s important for CEOs to be vigilant with software updates and security patches to minimise the risk of becoming a victim when working with third parties.
#4. Insider threats
This involves the actions of employees, former employees, or company contractors who have access to critical company data and cause harmful effects through malice, greed, or plain ignorance. Insider threats are growing within small businesses as more employees have access to multiple accounts that hold more data.
As a CEO it’s important that you create a strong culture of security awareness, as this will help stop threats caused by ignorance or carelessness.
#5. Password attack
This involves an attacker learning an employee’s password to login and access emails, documents, and other sensitive information. This type of threat is more of an issue for small businesses whose employees have weak or easily guessed passwords (e.g. birthdays).
A recent report from Preempt (a security firm) found that an average of 19% of enterprise professionals use easily guessed passwords or share passwords across accounts.
CEOs can help ensure employees are using strong passwords by providing Business Password Management technologies. These platforms suggest strong passwords that can’t be easily guessed.