This year, in an effort to drive awareness of cyber security risks, we’ve developed A Quick Guide to Cyber Security Trends.
In this short guide, we’ve captured some of the latest information about key cyber threats, the leading causes of data leakage and more. Below are the first six on the list.
1. Organisations are failing to cover the cyber security basics
An NTT Group report showed that the top ten external vulnerabilities accounted for nearly 52% of all identified external vulnerabilities. Something as simple as applying available updates for operating systems and applications could prevent basic exploits.
2. Exploit kits continue to threaten organisations’ defences
According to Microsoft, exploit kits account for 40% of the most commonly encountered exploits. 2016 was characterised by a change in the exploit kit (EK) environment. The demise of the Angler and Nuclear EKs in the first half of the year left the field open for established EKs like RIG and Neutrino, as well as new players like Sundown, Sweet Orange and Magnitude.
3. People are the weakest link when it comes to cyber security
Worse than external attacks are malicious insiders, because they take advantage of their position within the company and their privileged user access to gain information for their own use – often with a financial motive. Verizon reports that privilege abuse is the leading cause of data leakage by malicious insiders. To help manage this risk, every company should know where its data is and monitor the activities of authorised users.
4. Phishing costs businesses
Disruption of employee activities, malware infection, compromised accounts and loss of data are all consequences of phishing attacks. Lost employee productivity is the largest cost associated with phishing, in the range of $1.8 million for a 10,000-person company, as Ponemon Institute reported.
5. The ransomware business is still booming.
According to an August 2016 report from Osterman Research, almost one out of every two participants indicated that their organisation had suffered at least one ransomware attack in the past 12 months. The report identifies that emails with malicious links and attachments account for 59% of ransomware infections. Users are more than twice as likely to be infected by clicking something in an email than by visiting an infected website directly.
6. The risk from OAuth connections is growing amid an app explosion
Non-sanctioned applications create a risk for enterprises. They connect with the corporate infrastructure and can communicate freely with the corporate Cloud and software-as-a-service (SaaS) platforms at the point that users grant access through open authentication. According to Cisco, 27% of 222,000 assessed applications present a high-risk.
Once you’re done regarding this, be sure to check out our e-book, The Cyber Testing Playbook. It’s full of actionable advice you can use to improve your organisation’s security posture and keep your employees safe.