EZ MSP Blog
The Top 5 Cybersecurity Threats to Businesses for 2019
It’s 9:00pm on a Sunday night and you are writing down a list of action items for the following morning as an executive of your company. You begin checking your emails on your phone when suddenly you receive an email from a generic Microsoft alerts email address. The email states that it has been seven days since you have authenticated with Office365 and requires a login for Microsoft OneDrive. You know that your company uses Office365, so you decide to click the link in the email and navigate to the sign-in page. After you enter your company credentials, the website says that the credentials you have entered are invalid. You then enter another set of credentials only to receive the same error message. You decide that you will check-in with your in-house IT technician, Joe, first thing in the morning to get the matter straightened out.
When you arrive at the office in the morning, Joe is rapidly walking towards you with a look of panic. Joe tells you that several employees received emails from you to update their passwords and as of 3am last night, several servers have crashed and were exploited by hackers. Your business has now been compromised. The list of important action items you made the night before is put on hold while you now must assess the financial and reputational damage to your organization.
The scenario above is a nightmare for any business at any scale. As stated in a 2018 report conducted by Mandiant/FireEye, a top cybersecurity firm, the top three industries suffering the most significant attacks were finance, healthcare and high-tech. That said, the first step any business decision-maker must take to keep day-to-day operations secure is to become aware of the most common and costly security situations. Here are EZMSP’s Top 5 Cybersecurity Threats to Businesses for 2019:
Phishing
One of the most common security threats, Phishing is a cybercrime in which one or more targets receives an email/telephone/text message from an individual or organization claiming to be a legitimate source to steal sensitive information from unsuspecting victims. Phishing has been around since the early 2000s but is more prevalent today than ever. Sensitive information such as credentials (usernames, passwords), personally identifiable information and banking/financial information are frequently sought out by fraudulent parties. A combination of employee awareness and training, security-focused processes and the appropriate technology implementations greatly reduce the likelihood of a compromised network.
Ransomware/RaaS
One of the more destructive threats, ransomware has been the culprit behind some of the most costly and devastating attacks on organizations. Ransomware is a form of malware that encrypts personal or system data, thereby allowing the attacker to request a ransom in exchange for the decryption of the data. According to a 2017 report by AlienVault, a leading cybersecurity provider, ransomware is the fastest growing security threat, and its sophistication is only growing. Cybercriminals are now packaging this malware in the form of Ransomware-as-a-Service (RaaS), an on-demand service that allows even novice cybercriminals to launch their own ransomware attacks with a few clicks and a cryptocurrency payment.
Cryptocurrency Mining/Cryptojacking
With cryptocurrency on the rise, criminal activity is more prevalent now than ever. One of the latest threats that can often go undetected is Cryptojacking. Cryptojacking is a process where an attacker infects a system and utilizes the compromised system’s CPU and GPU power to mine cryptocurrencies like Bitcoin. The mined cryptocurrency is then exchanged for cash, making this threat a lucrative activity for cybercriminals. The threat to the business comes in the form of system crashes and performance issues due to the hijacking of CPU and GPU power used to solve algorithms in the mining of the cryptocurrency. According to Forbes, as of 2018, Cryptojacking is proving to be more lucrative and more popular than ransomware.
Data Loss/Insider Attacks
Employee negligence, whether accidental or intentional, is likely the leading cause of technological security threats in business. Poor password management, opening unsafe email attachments, plugging in unknown USB flash drives and freely giving too much information out to the wrong person will cripple your organization. Attackers will use social engineering techniques to obtain credentials from unsuspecting employees to gain unauthorized access to the network to steal information and other valuable assets.
Compliance
For heavily-regulated industries such as healthcare and finance, maintaining compliance is vital for the sustainability of your business. HIPAA, FINRA and PCI compliance require networks, systems and processes to be well-documented and robust, so investing time and funds into this area really pays off and mitigates risk. For example, strict policies, thorough training and appropriate technical measures, such as multi-factor authentication (MFA) and data loss prevention (DLP), will help mitigate the exposure of protected health information (PHI) in a HIPAA compliant environment.
The fight against cybersecurity threats is not one that your business should fight alone. Being well-informed and well-equipped with the latest knowledge and tools is crucial. At EZ MSP, we help simplify these seemingly complex and daunting challenges so you can focus on the core aspects of your business.
If you’re concerned about any of the above, or just want to discuss these challenges further with someone knowledgeable and approachable, please reach out to us.