Boss Lady

The 5 biggest threats to business cybersecurity

on

Whether you run an SME or are part of a multinational conglomerate, the most prevalent (and terrifying) threat to businesses over the past decade has been, without a doubt, cybersecurity. As new technologies drive innovation and growth, these rapid digital transformations often leave organisations unprepared when it comes to defending their newly upgraded networks.

In 2018, cybercrime cost Australian businesses approximately $5 billion. In a 2019 Bitglass Insider Threat Report, 59% of those surveyed said their organisation had experienced at least one insider attack over the past year, with more than two thirds believing the attacks had become more frequent.

And unfortunately, none of this is predicted to let up in 2020. Let’s take a look at the biggest cybersecurity threats to your business in 2020, and what you can do to defend and protect.

1. The rollout of 5G technology

The fifth generation of wireless technology is now here and due to be fully rolled out in Australia by the end of 2021. The initiation of 5G technology means that more devices than ever before will be connected to the internet; this also means that more devices than ever will be exposed to harmful cybersecurity threats. Your organisation must devise a plan for defending company mobile phones, security systems, smart devices and company vehicles, as well as its regular computer network.

How to protect your business in the age of 5G

In order to protect your business while the 5G technology is being rolled out, your IT team will need to take greater steps to uphold their ‘cyber duty of care’. Proactive cybersecurity investments need to be made, and everyone, from the corporate board through to low-level management, must be aware of how to address cybersecurity risks. Common types of attacks to prepare for in the 5G-world include DDoS attacks (Distributed Denial of Service), Trojan viruses, malicious scripts and malware.

2. Phishing attacks

Phishing attacks are the classic cybersecurity breach, in fact a study conducted by Verizon has revealed nearly one-third of all data breaches last year involved phishing. Phishing is a low-risk, high-strategy reward for cybercriminals, they involve victims receiving a fraudulent email, text or website link that encourages them into sharing sensitive information with a sense of urgency. This can include bank account details, portal login information, or credit card information. Obviously, giving a hacker access to your business’s network can wreak havoc on your business operations as they install malware and ransomware.

One phishing method that will continue to increase in numbers in 2020 is ‘lateral phishing’. This involves a cybercriminal launching a phishing attack from a corporate email address that they’ve already gained control of. Employees are much more likely to divulge confidential information when it’s apparently coming from a C-level executive at their company!

How to protect your business against phishing attacks in 2020

Effective tactics for combating phishing attacks remain mostly simple; you need to make sure every employee is trained to recognise a phishing attempt. Custom anti-phishing technological solutions should be employed in 2020 to detect dodgy links and unverified requests for information.

3. Attacks on smart devices

As the number of smart devices in both homes and business starts to increase, so do the cybersecurity threats that come with them. Whether it’s a smart watch, Bluetooth speaker, Google Home, Alexa or alarm clock, not all devices have effective security measures installed, which can lead to the infiltration of the business networks they are connected to.

How to keep your smart devices secure

With all employees owning and using their own smart devices for business use, there are seven simple yet effective actions you should take to keep your smartphone secure:

  1.       Always use a 6 digit lock code or facial ID to unlock your device.
  1.       Be selective about app permissions and limit which apps have access to your device and personal information
  1.       Always make sure you update your device with the latest software. Updates are usually released to patch bugs and security vulnerabilities that have been found with the OS
  1.       Use secure apps for sensitive communications that encrypt messages to ensure your confidential communications remain just that
  1.       Hide lock screen notification content to make sure your private message or business email contents are not displayed for the world to see
  1.       Use a password manager and when creating a password and always use a password that’s unique and hard to guess
  1.       Use a VPN when connecting to WiFi in public especially when sending and receiving confidential information

4. Internal staff errors

Unfortunately, even in 2020, there are still many businesses that aren’t investing adequately in training their employees to ensure they don’t fall victim to cybersecurity attacks and put valuable network information at risk. Whether they accidentally and cluelessly allow their accounts to be compromised through a phishing attack, or if they upsettingly choose to abuse their access privileges for their own personal gain – the employees who access your network on a daily basis are, unfortunately, a threat in themselves.

How to upskill your staff in cybersecurity practices for 2020

Training staff in cybersecurity practices should be an ongoing occurrence, rather than a one-off exercise. Threats can evolve quickly, and your staff will need to learn new defences in 2020. According to a DDLS survey, more than two thirds of respondents said that they found it challenging to ensure their teams skills were up to date, suggesting in-house cyber security training is not a priority.

There are a wide range of cybersecurity courses available from a multitude of vendors, so you’ll be able to pick and choose the aspects that are most appropriate for your business’s needs. This is particularly important when dealing with public cloud services like Amazon Web Services and Microsoft Azure.

5. A lack of cybersecurity experts within organisations

Beyond educating your current staff on cybersecurity measures, another issue facing businesses in 2020 is the seriously short supply of cybersecurity experts. As the number of openings for cybersecurity management positions within organisations grows rapidly, the number graduating from university is simply not matching this demand. Cybersecurity Ventures recently estimated that a global shortage of professionals will reach 3.5 million unfilled positions by 2021.

The solution for the cybersecurity talent crisis

If you’re reading this and considering a career change, the obvious solution is to become a cybersecurity expert yourself! ‘Ethical hackers’ are employed by companies to break into their own computers or devices to test the company’s defences and discover potential vulnerabilities in their systems. The average starting salary for an ethical hacker in Australia is $110,000, with businesses that make this investment achieving major advantages over cyber criminals.

Three key tips and takeaways

In summary, here are the three main points to focus on for your business or within your organisation to protect it from cybersecurity threats as we head into 2020.

  • Keep all your firmware and security software updated
  • Focus on upskilling your employees to make sure everyone is aware and capable of identifying and dealing with a potential cybersecurity threat
  • If you’re able to, consider hiring an ethical hacker to conduct consistent testing and analysis of your organisation’s cybersecurity measures.

About Sue Webb

Sue Webb is The Process Portfolio Manager for DDLS & has worked with the company for around 12 years. Sue comes from a cybersecurity background, completing a first class honours thesis in Wireless Network Security and receiving the faculty medal for her efforts.  Sue then went on to lecture in both Information Security and Computer Security at a Tertiary level before joining DDLS.  You can find Sue on Linkedin.

Recommended for you

error: Content is protected !!