Seven Cybersecurity Issues That Easily Go Unnoticed
Businesses and organisations that don’t take cybersecurity seriously do so at their own peril – but sometimes no matter how careful you are being, you can fall foul of cybercriminals. The fact is that some cybersecurity issues and challenges can be harder to spot than others and it can lead to problems going unnoticed. Here we will take a look at seven surprisingly common cybersecurity issues that businesses overlook. By Chester Avey
1. Business email compromise
A business email compromise (BEC) is a type of phishing attack that is becoming increasingly common. The aspect of BEC that makes it a little trickier than the standard phishing attack is that the fraudulent email comes from a genuine account. During a BEC attack, the criminal will gain access to the email account of a high-ranking executive in a business. They will then use this email account to request a payment from the accounts department into a fraudulent account.
The accounts department sees this email is from someone that they trust, and they make the payment as requested. It can then be a long time later before anyone at the company realises that any mistake has ever been made – usually at the point someone reviews the accounts and finds a hole in the budget.
2. Cryptojacking
Cryptojacking occurs when cybercriminals take control of parts of your system and use the computing power in order to mine for cryptocurrencies such as Bitcoin. The scary thing is that this can be going on in the background without you even realising that it is happening.
The thing that makes cryptojacking hard to notice is that fact that it won’t cause any major problems for your business. You might see a slowdown in your operations, or computers being a little more temperamental, but there won’t be anything that makes it impossible for your business to continue operating as normal.
3. Lack of expertise
Is there a lack of cybersecurity expertise in your business? It wouldn’t be surprising. In fact, there is a critical shortage of cybersecurity expertise worldwide. It is estimated that by 2021, there will be as many as 3.5 million unfilled positions across the cybersecurity industry.
But not only are businesses struggling to recruit the correct level of cybersecurity staff to keep their organisation secure – they also are not providing enough training. A recent study revealed 63 per cent of companies are falling behind in providing adequate cybersecurity training to staff, which is worsening the problem overall.
4. Knock-on effects
Something that many businesses fail to take into account is the many ways that cybersecurity can affect various parts of the organisation. It is well understood that a breach can cause financial expense and mean the loss of important customer information, or even private company data such as intellectual property. However, this is not the full extent of the damage.
Cybercrime can cause serious reputational damage – in fact, a report from Ipsos MORI revealed that cybercrime was considered the largest individual risk to reputation for organisations – even more so than poor customer service or malpractice by staff.
Perhaps even less publicised that this is the effect that a breach can have on your SEO efforts. It can affect how your site is presented on Google, lead to bad reviews of your site, and even cause downtime – all of which are damaging from an SEO perspective.
5. Formjacking
Formjacking is one of the fastest growing types of cyberattack – it is often considered to be the virtual equivalent of cash point skimming. It has become popular with cybercriminals due to the fact that it is very difficult to detect, and can provide scammers with a large amount of personal and financial data for comparatively little work.
Hackers will inject a piece of code into an ecommerce site, and then wait for customers to use the checkout. When they do, the code reads the personal details such as credit card numbers and sends the information to the hacker. The transaction goes through as normal, and the victim as well as the website itself will be unaware that anything has happened.
6. Cyber fatigue
An underappreciated issue in the world of IT and throughout businesses generally, cybersecurity fatigue occurs when people become overwhelmed by the cybersecurity issues that they face. There are many reasons that cyber fatigue can strike, and it can affect people at all levels of an organisations.
In fact, around 30 per cent of chief information security officers (CISOs) are reported to have felt almost like giving up. Humans are still the weak link in cybersecurity defences, and cyber fatigue can be a major challenge in keeping company assets safe. For example, if your IT staff are asked to take on too much responsibility it can lead to fatigue as they are constantly dealing with potential attacks.
This can even be true in experienced cybersecurity professionals if they are asked to deal with some forms of cybersecurity software
7. The Internet of Things
Businesses and organisations are becoming increasingly connected – it’s not longer just desktop computers and mobile phones that can access the internet; it’s almost every electronic device you can buy. Collectively, these devices are known as the Internet of Things (IoT), and it is estimated that there will be as many of 27.1 billion connected devices in use by 2021.
While there are benefits to having devices that are internet connected, it also presents a serious cybersecurity challenge.
Every single IoT device is a potential weak point that could be exploited by cybercriminals. And unlike computers and tablets, other IoT devices typically are not designed with security in mind, and come with a wide range of weaknesses. Given the fact that fewer than half of all businesses believe that they can detect IoT breaches, it shows how easily this issue can be overlooked.
Chester Avey is an independent business consultant. Image: Nick Youngson
You Might Also Read: