Seven Cybersecurity Issues That Easily Go Unnoticed

Businesses and organisations that don’t take cybersecurity seriously do so at their own peril – but sometimes no matter how careful you are being, you can fall foul of cybercriminals. The fact is that some cybersecurity issues and challenges can be harder to spot than others and it can lead to problems going unnoticed. Here we will take a look at seven surprisingly common cybersecurity issues that businesses overlook.  By Chester Avey
 
 
1. Business email compromise
A business email compromise (BEC) is a type of phishing attack that is becoming increasingly common. The aspect of BEC that makes it a little trickier than the standard phishing attack is that the fraudulent email comes from a genuine account. During a BEC attack, the criminal will gain access to the email account of a high-ranking executive in a business. They will then use this email account to request a payment from the accounts department into a fraudulent account.
 
The accounts department sees this email is from someone that they trust, and they make the payment as requested. It can then be a long time later before anyone at the company realises that any mistake has ever been made – usually at the point someone reviews the accounts and finds a hole in the budget.
 
2. Cryptojacking
Cryptojacking occurs when cybercriminals take control of parts of your system and use the computing power in order to mine for cryptocurrencies such as Bitcoin. The scary thing is that this can be going on in the background without you even realising that it is happening.
The thing that makes cryptojacking hard to notice is that fact that it won’t cause any major problems for your business. You might see a slowdown in your operations, or computers being a little more temperamental, but there won’t be anything that makes it impossible for your business to continue operating as normal. 
 
3. Lack of expertise
Is there a lack of cybersecurity expertise in your business? It wouldn’t be surprising. In fact, there is a critical shortage of cybersecurity expertise worldwide. It is estimated that by 2021, there will be as many as 3.5 million unfilled positions across the cybersecurity industry. 
 
But not only are businesses struggling to recruit the correct level of cybersecurity staff to keep their organisation secure – they also are not providing enough training. A recent study revealed 63 per cent of companies are falling behind in providing adequate cybersecurity training to staff, which is worsening the problem overall. 
 
4. Knock-on effects
Something that many businesses fail to take into account is the many ways that cybersecurity can affect various parts of the organisation. It is well understood that a breach can cause financial expense and mean the loss of important customer information, or even private company data such as intellectual property. However, this is not the full extent of the damage.
 
Cybercrime can cause serious reputational damage – in fact, a report from Ipsos MORI revealed that cybercrime was considered the largest individual risk to reputation for organisations – even more so than poor customer service or malpractice by staff. 
 
Perhaps even less publicised that this is the effect that a breach can have on your SEO efforts. It can affect how your site is presented on Google, lead to bad reviews of your site, and even cause downtime – all of which are damaging from an SEO perspective.
 
 
5. Formjacking
Formjacking is one of the fastest growing types of cyberattack – it is often considered to be the virtual equivalent of cash point skimming. It has become popular with cybercriminals due to the fact that it is very difficult to detect, and can provide scammers with a large amount of personal and financial data for comparatively little work.
 
Hackers will inject a piece of code into an ecommerce site, and then wait for customers to use the checkout. When they do, the code reads the personal details such as credit card numbers and sends the information to the hacker. The transaction goes through as normal, and the victim as well as the website itself will be unaware that anything has happened. 
 
6. Cyber fatigue
An underappreciated issue in the world of IT and throughout businesses generally, cybersecurity fatigue occurs when people become overwhelmed by the cybersecurity issues that they face. There are many reasons that cyber fatigue can strike, and it can affect people at all levels of an organisations.
 
In fact, around 30 per cent of chief information security officers (CISOs) are reported to have felt almost like giving up. Humans are still the weak link in cybersecurity defences, and cyber fatigue can be a major challenge in keeping company assets safe. For example, if your IT staff are asked to take on too much responsibility it can lead to fatigue as they are constantly dealing with potential attacks.
 
This can even be true in experienced cybersecurity professionals if they are asked to deal with some forms of cybersecurity software
 
7. The Internet of Things
Businesses and organisations are becoming increasingly connected – it’s not longer just desktop computers and mobile phones that can access the internet; it’s almost every electronic device you can buy. Collectively, these devices are known as the Internet of Things (IoT), and it is estimated that there will be as many of 27.1 billion connected devices in use by 2021
 
While there are benefits to having devices that are internet connected, it also presents a serious cybersecurity challenge.
 
Every single IoT device is a potential weak point that could be exploited by cybercriminals. And unlike computers and tablets, other IoT devices typically are not designed with security in mind, and come with a wide range of weaknesses. Given the fact that fewer than half of all businesses believe that they can detect IoT breaches, it shows how easily this issue can be overlooked. 
 
Chester Avey is an independent business consultant.              Image: Nick Youngson
 
You Might Also Read: 
 
Its Your People Who Contribute To Data Theft:
 
 
 
« One $Million Stolen Every Minute
Extra-Terrestrial Hacking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Cyber Triage

Cyber Triage

Cyber Triage is an automated incident response software any company can use to investigate their network alerts.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Achtwerk

Achtwerk

Achtwerk manufacture the security appliance IRMA for critical infrastructures and networked automation in production plants.

Cyber Security Malta

Cyber Security Malta

Cyber Security Malta is part of Malta's National Cyber Security Strategy which aims to combat cybercrime, strengthen national cyber defence and provide cyber security awareness and education.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

SevenShift

SevenShift

SevenShift is a security consulting firm with a wealth of experience in the worlds of Cybersecurity and Internet of Things (IoT).

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

BlackFog

BlackFog

BlackFog is a leader in device data privacy, data security and ransomware prevention. Our behavioral analysis and anti data exfiltration technology stops hackers before they even get started.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

Web3fied

Web3fied

Web3fied is a seed stage company building the future of decentralized digital identity and credentials management.

Training.com.au

Training.com.au

Training.com.au is a comparison website through which those looking to learn about different aspects of cyber security can compare learning courses from training providers from across Australia.

Nullify

Nullify

Nullify is your automated security sentry that continuously finds and fixes security issues across your codebase.

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center is a state-of-the-art facility to deliver advanced cyber training programs and build the next generation of Azerbaijan’s cybersecurity professionals.