6 Trending Cybersecurity Issues

Topics: Cyber Liability

Summary: No organization, no matter the size, is immune from a cyber attack. Learn the six trending cybersecurity issues that could wreak havoc on a business and find out how to prevent them.

Six Cybersecurity Risks to Businesses

Every employer faces the reality that they could be the target of cybersecurity attacks or data breaches, which can jeopardize their credibility and cost thousands of dollars (or more) in damages. The total number of cyber attacks increased by 50% in 2021, with the education, healthcare and research industries getting hit particularly hard. By following simple preventative steps, business owners can protect their organizations from cyber attack risks

6 Trending Cybersecurity Risks

Watch Out for These Cybersecurity Risks

The COVID-19 pandemic has impacted how, when and where we work. A large portion of the workforce is still working remotely, most if not all of the time. The change to remote work and a reliance on cloud-based services, such as online meetings and file sharing, has opened up more opportunities for cyber attacks. Businesses must focus on securing their company and customer data now more than ever. 

Below are six cybersecurity risks that can wreak haoc on a business and how employers can train their employees to be diligent for cyber attack red flags. 

Cybersecurity Risk #1: Deepfakes

Deepfakes, developed from artificial intelligence technology, can take an image of one person and replace it with another person’s likeness. There were over 85,000 deepfake videos reported in 2020. As the technology is easier to use, more people are making these types of videos, and their impact could be felt across the business, political and media worlds.

Tips to Prevent Deepfakes
  • Watch out for deepfake videos spreading fake news
  • Check for authenticity before you share the videos that you think could be deepfakes
  • Beware of fraudsters using deepfake videos in social engineering schemes

Cybersecurity Risk #2: Ransomware Attacks

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money (or ransom) is paid, or some other action is completed. Sometimes, a ransomware attack is as simple as forcing the user to complete a survey. The most common types are lock screen and encryption ransomware. The lock screen shows a full-screen message that prevents the user from accessing their PC or files. Encryption modifies files so they can't be opened.

The number of malicious cyber attacks, such as ransomware, continue to grow and adapt every year. In fact, ransomware attacks rose by 93% in 2021 compared to 2020, though we have seen a decrease in certain ransomware variants in 2022. Ransomware attacks have targeted school systems, healthcare information and industrial complexes. The cybercriminals are now getting bolder in their attacks by interrupting supply chains and critical infrastructure, such as the hack into the Colonial Pipeline operating system in 2021. 

Tips to Prevent Ransomware
  • Use secure networks, strong passwords and up-to-date systems
  • Be sure to patch regularly
  • Learn how to identify and avoid malicious links
  • Maintain secure backups of essential files
  • Use MFA (Multi-Factor Authentication) whenever possible, but especially for any remote acces tools used by employees or vendors

Cybersecurity Risk #3: Smart Home Devices

The Internet of Things (IoT) technology has allowed us to connect to our cars, homes and multiple devices like never before. IoT devices continue to be developed with even more connectivity. Erickson predicts there will be close to 29 billion connected devices in 2022, which will produce tons of data needing protection from cyber attacks. This can range from thermostats, your fridge or even front door access.

Prevent Cyber Attacks Via Smart Devices
  • Don’t use the factory settings
  • Pick a strong password and check privacy settings and permissions
  • Change your passwords frequently and do not disclose your passwords
  • Check smart devices for security problems and updates regularly
  • Consider setting up a separate network for smart devices

Cybersecurity Risk #4: Data Privacy

Data privacy is a consumer’s understanding of their rights as to how their personal information is collected, used, stored and shared. The use of personal data must be explained to consumers simply and transparently, and in most cases, consumers must give their consent before their personal information is provided. As big data grows, privacy concerns are also increasing. The possibility of data breaches can put your business’s sensitive information in the hands of identity thieves.

The protection of data privacy came to the forefront with the launch of the General Data Protection Regulation (GDPR) by the European Union in 2018. The GDPR applies to all data directly or indirectly related to an identifiable person in the EU that is processed by an individual, company or organization.

Any small business which processes the personal data of people within the EU is subject to the GDPR, no matter where in the world the business is based. Currently, there is no U.S. federal standard for data privacy protection, but many states have their own data privacy laws, including California's Consumer Privacy Act (CCPA) and New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD) with more states creating data privacy laws in their legislatures. 

Be Prepared for Data Privacy Laws
  • Determine if these laws affect your business
  • Review and update data security and data breach notification procedures
  • Update your site’s privacy policy and terms of use
  • Create opt-out, know and delete methodologies for email notifications
  • Respond to data removal requests promptly and document your actions
  • Consult with legal counsel to understand how these laws could apply to your circumstances

Cybersecurity Risk #5: Spear Phishing

Phishing is a type of social engineering scam that attempts to fraudulently obtain sensitive information using email. The email appears to come from someone that you know or have done business with. However, the message might include poor grammar, syntax errors, broken links, and the email address might be slightly different from the familiar one. The email could be written with a sense of urgency, demanding an immediate response or change. According to Cofence, 91% of cyber attacks start with spear phishing, a type of scam that targeted directly at a particular person in an organization.

Know the Signs of Spear Fishing
  • Train your team to not click on links unless they are positive that they trust the source
  • Watch out for messages that appear to be from people you know but are actually spoofed
  • To verify, pick up the phone and call a known number to double-check if a change is requested (especially regarding an account number change request or invoice payment) 
  • Use anti-virus software, two-factor authentication and other security measures

Cybersecurity Risk #6: Human Mistakes that Lead to Data Breaches

In the past few years, there has been a rash of well-known cyber attacks on businesses, including British Airways, Marriot Starwood and Citrix. Cybercrime activities will cost businesses an estimated $10.5 trillion annually by 2025.

The 2018 Verizon Data Breach Investigations Report found that human mistakes caused 21% of data breaches. We are all human and make mistakes. It is importan to train employees to be aware of common ways to protect the company, and even themselves. 

Proactively Protect Your Business from Cyber Attacks
  • Create a cybersecurity policy that supports your data protection strategy
  • Train your employees on how to avoid phishing and other cyber attacks
  • Make sure remote workers are using strong cybersecurity protocol
  • Change passwords after employees leave the company

cyber insurance banner

Cyber Insurance From AmTrust Financial

With threats of cyber attacks growing, companies need protection from data breaches. All organization should offer data security training and create a company-wide data breach policy with a response plan ready to implement when/if it is needed.

A Cyber Insurance policy from AmTrust provides additional security to safeguard your company against loss and damage due to a cyber attack. Contact us today to find out how you can benefit from a cyber insurance policy, and how to protect your organization from cybersecurity attacks and other data breach threats.

This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.

Time Zones