Seven Cybersecurity Issues That Easily Go Unnoticed

Businesses and organisations that don’t take cybersecurity seriously do so at their own peril – but sometimes no matter how careful you are being, you can fall foul of cybercriminals. The fact is that some cybersecurity issues and challenges can be harder to spot than others and it can lead to problems going unnoticed. Here we will take a look at seven surprisingly common cybersecurity issues that businesses overlook.  By Chester Avey
 
 
1. Business email compromise
A business email compromise (BEC) is a type of phishing attack that is becoming increasingly common. The aspect of BEC that makes it a little trickier than the standard phishing attack is that the fraudulent email comes from a genuine account. During a BEC attack, the criminal will gain access to the email account of a high-ranking executive in a business. They will then use this email account to request a payment from the accounts department into a fraudulent account.
 
The accounts department sees this email is from someone that they trust, and they make the payment as requested. It can then be a long time later before anyone at the company realises that any mistake has ever been made – usually at the point someone reviews the accounts and finds a hole in the budget.
 
2. Cryptojacking
Cryptojacking occurs when cybercriminals take control of parts of your system and use the computing power in order to mine for cryptocurrencies such as Bitcoin. The scary thing is that this can be going on in the background without you even realising that it is happening.
The thing that makes cryptojacking hard to notice is that fact that it won’t cause any major problems for your business. You might see a slowdown in your operations, or computers being a little more temperamental, but there won’t be anything that makes it impossible for your business to continue operating as normal. 
 
3. Lack of expertise
Is there a lack of cybersecurity expertise in your business? It wouldn’t be surprising. In fact, there is a critical shortage of cybersecurity expertise worldwide. It is estimated that by 2021, there will be as many as 3.5 million unfilled positions across the cybersecurity industry. 
 
But not only are businesses struggling to recruit the correct level of cybersecurity staff to keep their organisation secure – they also are not providing enough training. A recent study revealed 63 per cent of companies are falling behind in providing adequate cybersecurity training to staff, which is worsening the problem overall. 
 
4. Knock-on effects
Something that many businesses fail to take into account is the many ways that cybersecurity can affect various parts of the organisation. It is well understood that a breach can cause financial expense and mean the loss of important customer information, or even private company data such as intellectual property. However, this is not the full extent of the damage.
 
Cybercrime can cause serious reputational damage – in fact, a report from Ipsos MORI revealed that cybercrime was considered the largest individual risk to reputation for organisations – even more so than poor customer service or malpractice by staff. 
 
Perhaps even less publicised that this is the effect that a breach can have on your SEO efforts. It can affect how your site is presented on Google, lead to bad reviews of your site, and even cause downtime – all of which are damaging from an SEO perspective.
 
 
5. Formjacking
Formjacking is one of the fastest growing types of cyberattack – it is often considered to be the virtual equivalent of cash point skimming. It has become popular with cybercriminals due to the fact that it is very difficult to detect, and can provide scammers with a large amount of personal and financial data for comparatively little work.
 
Hackers will inject a piece of code into an ecommerce site, and then wait for customers to use the checkout. When they do, the code reads the personal details such as credit card numbers and sends the information to the hacker. The transaction goes through as normal, and the victim as well as the website itself will be unaware that anything has happened. 
 
6. Cyber fatigue
An underappreciated issue in the world of IT and throughout businesses generally, cybersecurity fatigue occurs when people become overwhelmed by the cybersecurity issues that they face. There are many reasons that cyber fatigue can strike, and it can affect people at all levels of an organisations.
 
In fact, around 30 per cent of chief information security officers (CISOs) are reported to have felt almost like giving up. Humans are still the weak link in cybersecurity defences, and cyber fatigue can be a major challenge in keeping company assets safe. For example, if your IT staff are asked to take on too much responsibility it can lead to fatigue as they are constantly dealing with potential attacks.
 
This can even be true in experienced cybersecurity professionals if they are asked to deal with some forms of cybersecurity software
 
7. The Internet of Things
Businesses and organisations are becoming increasingly connected – it’s not longer just desktop computers and mobile phones that can access the internet; it’s almost every electronic device you can buy. Collectively, these devices are known as the Internet of Things (IoT), and it is estimated that there will be as many of 27.1 billion connected devices in use by 2021
 
While there are benefits to having devices that are internet connected, it also presents a serious cybersecurity challenge.
 
Every single IoT device is a potential weak point that could be exploited by cybercriminals. And unlike computers and tablets, other IoT devices typically are not designed with security in mind, and come with a wide range of weaknesses. Given the fact that fewer than half of all businesses believe that they can detect IoT breaches, it shows how easily this issue can be overlooked. 
 
Chester Avey is an independent business consultant.              Image: Nick Youngson
 
You Might Also Read: 
 
Its Your People Who Contribute To Data Theft:
 
 
 
« One $Million Stolen Every Minute
Extra-Terrestrial Hacking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BSI Group

BSI Group

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence

Allianz

Allianz

Allianz Cyber Protect is a comprehensive cyber insurance provided internationally and tailored to your company´s risk profile.

Alarum Technologies

Alarum Technologies

Alarum Technologies (formerly Safe-T) is a global provider of cyber security and privacy solutions to consumers and enterprises.

achelos

achelos

achelos is an independent software development company providing innovative technical solutions for micro-processor chips / security chips and embedded systems in security-critical application fields.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

Altaro Software

Altaro Software

Altaro provide backup solutions that are intuitive, easy to use, well-priced and backed by outstanding 24/7 support as part of the package.

Haechi Audit

Haechi Audit

Haechi Audit is a leading smart contract security audit firm. We provide the most secure smart contract security audit and smart contract development services to our global clients.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

Iterasec

Iterasec

Iterasec provides a full range of security services to hacker-proof your products and make software engineering process secure by design.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

Nuance Communications

Nuance Communications

From revolutionizing the doctor-patient relationship to reinventing the way brands connect with their customers, Nuance technology helps organizations push the boundaries of what’s possible.

Skyhigh Security

Skyhigh Security

Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.