What are the biggest cyber threats to your business?
by Jason Holloway on Mar 6, 2024
You’re no doubt aware of common cyber threats such as viruses and malware. They’ve been around almost as long as the internet has and, while they’ve done significant damage in the past, there are now excellent solutions that prevent your organization against them.
But as technology evolves, so do cyber threats. With anti-virus and anti-malware software so effective, cyber criminals need to develop alternative methods for breaching IT networks.
Cyber crime cost UK businesses an average of £4200 in 2022 and 32% of UK businesses reported suffering a cyber attack or breach in 2023. For medium businesses, this rises to 59%. 69% of large businesses reported an attack.
In 2022, 43% of UK businesses were insured against cyber attacks – an increase over 2020 when only 32% were insured.
Spoofing, phishing, smishing, denial-of-service, code injection, social engineering, email brand impersonation, and DNS tunnelling are just a few of the types of attack currently being employed.
The list is forever growing as protection improves and hackers search for new weaknesses to exploit. To keep businesses safe, cyber security teams need to stay one step ahead, ensuring they are not only aware of the latest threats but also how to stop them.
Let’s take a look at four of the most common types of cyber attack businesses face today.
A phishing attack typically takes the form of an email sent to a large number of individuals or organisations to attempt to trick them into revealing sensitive information. The email will be designed to look as though it is sent from a trusted source such as a bank, supplier, or IT company. Spear phishing is a more sophisticated attack where emails are personalised to target a specific organisation or individual.
The most common cyber threat facing UK businesses in 2022 is phishing (83% of identified attacks).
The goal is usually to trick the recipient into clicking what appears to be a legitimate link and entering information that hackers can use to steal money. Most notably, this technique was used to steal over $100 million from Google and Facebook.
Smishing might sound cute, but it most certainly isn’t. The term comes from a combination of SMS and phishing and is essentially the same as the latter but via text message instead of email. As users and spam filters have become wise to the dangers of phishing emails, cyber criminals have switched to texting instead. The brief and simple nature of texts makes them easier to appear authentic and with so many people now using their own mobile devices at work, company networks are much more accessible in this way. Research shows that people are much more likely to open links in texts rather than emails, and this led to the theft of $100,000 from customers of one bank.
Smishing is one of the more difficult attacks to circumnavigate, as it requires users to be aware of the messages they receive, and your devices to be secure and managed correctly.
Solutions like Mobile Threat Defence, an always-on, running in the background service, locks down the phone in case of any threats (e.g. Public Wifi Access or dodgy apps). Coupled with good device management, you can rest easy from the threat of users clicking on links in their SMS messages.
This is a type of phishing attack where cyber criminals portray themselves as representing a particular brand. They send emails that appear to have come from the brand they are impersonating to individuals in an attempt to trick them into revealing information such as login credentials or credit card numbers. These come in a variety of forms such as technical support responses, job offers, e-commerce orders, invoices, and many more. Ubiquiti Networks lost nearly $47 million when it was targeted by cyber criminals using email brand impersonation to request transfers of money over several months.
When you register a domain, by default, it is vulnerable to direct email impersonation (spoofing), meaning anyone can send an email as your domain. They don’t even need to steal your email account credentials and login.
Due to the impact of COVID-19, numerous DMARC projects were temporarily side-lined in favour of more immediate business continuity initiatives. Regrettably, many organisations have since struggled to resume these vital projects amid a rise in domain impersonation attacks. Many organisations are simply unaware this direct domain vulnerability exists or believe SPF with a reject mechanism (-all) mitigates the vulnerability. Perhaps you are aware but don’t know where to start.
Conosco’s managed EDS services safeguard your business, employees, and customers against the financial ramifications and reputational harm stemming from email fraud and brand impersonation. Our experts do the work, so you don’t have to!
Social engineering incorporates all of the above and more. Think of it as psychological manipulation or a confidence trick to gain access to an organisation’s network and sensitive data. It can take the form of phishing, smishing, or email brand impersonation. But it can also be carried out using minimal technology.
For instance, someone may phone a company pretending to be a member of staff and ask for information that only employees are allowed. They could even walk into a large office posing as an employee who has lost their security pass to gain access to the building from where they can then infiltrate the network. Social engineering is all about gaining trust by whatever means necessary so that the victim willingly hands over information without realising the implications.
Due to its sophisticated nature, this could take place over several months or even years. Once inside the network, cyber criminals remain hidden, building up knowledge about their target before striking at the most opportune moment.
Barbara Corcoran, a judge on Shark Tank (the US version of Dragon’s Den), was victim to a social engineering scam that almost cost her $400,000. Having built up knowledge around her business, the scammer posed as her assistant and emailed her bookkeeper requesting payment for an investment property. Simple, but almost incredibly costly.
82% of boards or senior management in UK businesses see cyber security as a high priority. This is an increase from 77% in 2021.
How can you keep your business safe from cyber attacks?
There is, unfortunately, no single silver bullet to prevent cyber attacks. Firstly, because they come in so many different forms, and secondly because they are constantly evolving. You may have security systems in place to protect against all of today’s cyber attacks, but what about tomorrow’s?
Cyber crime cost UK businesses an average of £4200 in 2021. For just medium and large businesses, this number rises to £19,400.
The only way to ensure your business data is always secure is to employ a dedicated security team that proactively monitors your network and stays up to date with the latest threats. It’s no easy task, and one that can only be carried out effectively by experts.
That’s why Conosco offers dedicated cyber security services for businesses of all sizes. As well as installing the best security solutions, we provide 24/7 monitoring and user education to keep your organisation protected.
The first step is to carry out a vulnerability assessment to identify existing weaknesses in your network. From there, we can make recommendations and build a roadmap to prioritise improvements and prevent attacks. Get in touch today to discover how our experts can give you complete peace of mind that your business and employees will be safe from any cyber attack.
FAQ
Q: How prevalent were cyber attacks on UK businesses in 2023, and what challenges did medium and large companies face compared to smaller ones?
A: In 2023, cyber attacks remained a significant threat to UK businesses, with 32% of companies reporting incidents. The impact varied across different business sizes, with medium businesses facing a higher risk at 59% and large companies reporting a substantial 69% incidence rate. The challenges for medium and large enterprises often stem from their complex structures and extensive networks, making them attractive targets for cybercriminals seeking valuable information and financial gains.
Q: What is the impact of social engineering, especially in terms of the time cyber criminals may spend gathering information before launching an attack?
A: Social engineering poses a sophisticated threat, involving psychological manipulation and confidence tricks to gain access to an organisation's network and sensitive data. The impact of social engineering is notable for its patience, as cyber criminals may spend months or even years gathering information about their target. Once inside the network, they remain hidden, accumulating knowledge before strategically striking. This systematic approach distinguishes social engineering as a formidable and time-consuming tactic in the cyber threat landscape.
Q: What steps can businesses take to address brand vulnerability, and how do Conosco's managed EDS services contribute to safeguarding against email fraud and brand impersonation?
A: To address brand vulnerability, businesses can take proactive measures such as implementing DMARC projects and ensuring domain security. Conosco's managed EDS services play a crucial role in safeguarding against email fraud and brand impersonation by offering comprehensive protection. Our experts manage the vulnerabilities associated with direct email impersonation (spoofing), providing businesses a robust defence against cyber threats. Our services mitigate the risks of financial losses and reputational harm stemming from email fraud, allowing organisations to focus on their core operations without compromising security.
You May Also Like
These Related Stories
Brand Impersonation: why it matters and how to protect your business
Brand impersonation has become one of the most common cyber threats, affecting both consumers and businesses. Through ph …
How to Protect Your Business From a Cyber Security Attack
Written by Hylton Stewart, Head of Security at Conosco Cyber security threats continue to rise, with trends over the las …
Cultivating a cyber-responsible culture
In 2007, cyber responsibility was brought to public attention when HMRC sent two CDs containing the private data of 25 m …