Seven Cybersecurity Issues That Easily Go Unnoticed

Businesses and organisations that don’t take cybersecurity seriously do so at their own peril – but sometimes no matter how careful you are being, you can fall foul of cybercriminals. The fact is that some cybersecurity issues and challenges can be harder to spot than others and it can lead to problems going unnoticed. Here we will take a look at seven surprisingly common cybersecurity issues that businesses overlook.  By Chester Avey
 
 
1. Business email compromise
A business email compromise (BEC) is a type of phishing attack that is becoming increasingly common. The aspect of BEC that makes it a little trickier than the standard phishing attack is that the fraudulent email comes from a genuine account. During a BEC attack, the criminal will gain access to the email account of a high-ranking executive in a business. They will then use this email account to request a payment from the accounts department into a fraudulent account.
 
The accounts department sees this email is from someone that they trust, and they make the payment as requested. It can then be a long time later before anyone at the company realises that any mistake has ever been made – usually at the point someone reviews the accounts and finds a hole in the budget.
 
2. Cryptojacking
Cryptojacking occurs when cybercriminals take control of parts of your system and use the computing power in order to mine for cryptocurrencies such as Bitcoin. The scary thing is that this can be going on in the background without you even realising that it is happening.
The thing that makes cryptojacking hard to notice is that fact that it won’t cause any major problems for your business. You might see a slowdown in your operations, or computers being a little more temperamental, but there won’t be anything that makes it impossible for your business to continue operating as normal. 
 
3. Lack of expertise
Is there a lack of cybersecurity expertise in your business? It wouldn’t be surprising. In fact, there is a critical shortage of cybersecurity expertise worldwide. It is estimated that by 2021, there will be as many as 3.5 million unfilled positions across the cybersecurity industry. 
 
But not only are businesses struggling to recruit the correct level of cybersecurity staff to keep their organisation secure – they also are not providing enough training. A recent study revealed 63 per cent of companies are falling behind in providing adequate cybersecurity training to staff, which is worsening the problem overall. 
 
4. Knock-on effects
Something that many businesses fail to take into account is the many ways that cybersecurity can affect various parts of the organisation. It is well understood that a breach can cause financial expense and mean the loss of important customer information, or even private company data such as intellectual property. However, this is not the full extent of the damage.
 
Cybercrime can cause serious reputational damage – in fact, a report from Ipsos MORI revealed that cybercrime was considered the largest individual risk to reputation for organisations – even more so than poor customer service or malpractice by staff. 
 
Perhaps even less publicised that this is the effect that a breach can have on your SEO efforts. It can affect how your site is presented on Google, lead to bad reviews of your site, and even cause downtime – all of which are damaging from an SEO perspective.
 
 
5. Formjacking
Formjacking is one of the fastest growing types of cyberattack – it is often considered to be the virtual equivalent of cash point skimming. It has become popular with cybercriminals due to the fact that it is very difficult to detect, and can provide scammers with a large amount of personal and financial data for comparatively little work.
 
Hackers will inject a piece of code into an ecommerce site, and then wait for customers to use the checkout. When they do, the code reads the personal details such as credit card numbers and sends the information to the hacker. The transaction goes through as normal, and the victim as well as the website itself will be unaware that anything has happened. 
 
6. Cyber fatigue
An underappreciated issue in the world of IT and throughout businesses generally, cybersecurity fatigue occurs when people become overwhelmed by the cybersecurity issues that they face. There are many reasons that cyber fatigue can strike, and it can affect people at all levels of an organisations.
 
In fact, around 30 per cent of chief information security officers (CISOs) are reported to have felt almost like giving up. Humans are still the weak link in cybersecurity defences, and cyber fatigue can be a major challenge in keeping company assets safe. For example, if your IT staff are asked to take on too much responsibility it can lead to fatigue as they are constantly dealing with potential attacks.
 
This can even be true in experienced cybersecurity professionals if they are asked to deal with some forms of cybersecurity software
 
7. The Internet of Things
Businesses and organisations are becoming increasingly connected – it’s not longer just desktop computers and mobile phones that can access the internet; it’s almost every electronic device you can buy. Collectively, these devices are known as the Internet of Things (IoT), and it is estimated that there will be as many of 27.1 billion connected devices in use by 2021
 
While there are benefits to having devices that are internet connected, it also presents a serious cybersecurity challenge.
 
Every single IoT device is a potential weak point that could be exploited by cybercriminals. And unlike computers and tablets, other IoT devices typically are not designed with security in mind, and come with a wide range of weaknesses. Given the fact that fewer than half of all businesses believe that they can detect IoT breaches, it shows how easily this issue can be overlooked. 
 
Chester Avey is an independent business consultant.              Image: Nick Youngson
 
You Might Also Read: 
 
Its Your People Who Contribute To Data Theft:
 
 
 
« One $Million Stolen Every Minute
Extra-Terrestrial Hacking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

Netsparker

Netsparker

Netsparker provide a web application security scanner to automatically find security flaws in your websites, web applications and web services.

Secmentis

Secmentis

Secmentis is a cyber security consultancy specializing in penetration testing, threat intelligence, and proactive defense for your IT infrastructure.

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

RBCCPS is an interdisciplinary research and academic centre within the Indian Institute of Science focused on research in cyber-physical systems.

ID Agent

ID Agent

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions.

Capsule8

Capsule8

Capsule8 is the only company providing high-performance attack protection for Linux production environments.

Eclypsium

Eclypsium

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networks.

Redhorse

Redhorse

Redhorse provides top-tier consulting to help clients address mission-critical government problems in National Security, Networking Technology, Energy and the Environment.

Swiss Cyber Institute (SCI)

Swiss Cyber Institute (SCI)

The Swiss Cyber Institute is a registered cyber security education provider by the State Secretariat for Education, Research, and Innovation SERI.

NARIS

NARIS

NARIS is the leading provider of an integrated Governance, Risk and Compliance platform called NARIS GRC.

Digitale Gründerinitiative Oberpfalz (DGO)

Digitale Gründerinitiative Oberpfalz (DGO)

Digital Founder Initiative Oberpfalz's goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

Surfshark

Surfshark

Surfshark is a cybersecurity company focused on developing humanized privacy & security protection solutions to secure people's digital lives.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.