Editor’s note: This post was originally published in February 2020 and has been updated in October 2022 for accuracy and comprehensiveness.
Cyber security continues to be a threat to businesses in 2021. Despite advancements in Cyber Security solutions, 2019 has already seen 4 billion records breached, according to Norton. These vary from mega-breaches that grab the headlines and tend to hit large global organizations to the hundreds.
Over the past months, organizations such as Capital One, Georgia Tech and even the UK Police have been hit with data breaches. Norton reported that there was a 54% increase in the reported number of breaches in the first half of 2019 compared to the same period in 2018. This means that cyber security threats for businesses remain a very real problem to businesses.
5 Lesser-Known Cyber Security Threats for Businesses
There are many reasons why organizations leave themselves open to cybersecurity threats. Having a robust cyber security policy and investing in cyber security software can help to mitigate the majority of threats.
Here are five of the lesser-known cyber security threats that have caused problems for multiple organizations.
1. Supply Chain
Whilst your own cyber security measures and policy may be extremely robust, other organizations within the supply chain might not have the same level of security.
With the increase in information sharing and the ways and means we have of sharing data, it seems that opportunities for exploitation have increased. Software is one way of mitigating cyber security threats. Although, education plays an important role and the opportunity to pull suppliers and partners together can also help to reduce the cost to all businesses in the supply chain.
2. Backing Up to the Cloud
The cloud presents many opportunities for businesses and employees to work remotely. With the increase in flexibility and functionality, comes a variety of threats to cyber security that each business needs to control and manage.
The biggest issues occur when people back up corporate information to their personal iCloud/Google account. In case employees use personal devices, it is even more difficult to manage the apps and the permissions that they ask for.
3. Untrusted Browser Extensions
Browser extensions can be brilliant. They can help us to go about our day-to-day jobs more efficiently and provide us insights into our browsers that we may have had to work a lot harder to find. A process that often gets overlooked in cyber security policies is vetting. These should be vetted like any other piece of software. At the end of the day, they potentially have the opportunity to track everything you are doing online presenting a serious threat to cyber security. Whether you are vetting them or your IT department keeps a closer eye on them for you, all extensions should be vetted like an app or software. Check for the permissions they ask for and look at the reviews left by other users.
4. Weak Passwords
This might not fall in the lesser-known bracket. However, it falls into the ‘never changed it or haven’t changed it for a long time bracket.
Nowadays, businesses are relying more and more on cloud-based services that need password access. Although, one of the biggest problems faced by organizations is employees selecting passwords that are too weak. Another issue is using the same password for many accounts.
There are numerous software solutions to help businesses manage their password security including third-party sites such as One Password or LastPass. Google also provides its own password management service. Multi-factor authentication is the most secure way to go. This means that employees will need more than just a password to gain access to business accounts. Steps can include verification texts sent to a mobile device or using authentication applications.
5. Dodgy USB Sticks
The USB stick can be a cause of major cyber security issues. Some of this is done with malicious intent. People transfer a virus to their computer thinking they are using a brand new, clean USB. As with most of the items on this list, education is important. Company-wide, it’s important to keep operating systems up-to-date and make sure you have effective anti-virus software installed.
Moving more and more into 2021, cyber security is more important for businesses than ever. Cybercriminals are finding more ways of breaching cyber security measures. That’s why it’s crucial to ensure your security policy is robust. Also, it is important to ensure that you have a comprehensive educational program in order for your employees to be aware of all the latest threats.
This is a guest post by Lynne Jeffery, the Head of Public Safety Solutions at NEC New Zealand. Lynne has over 20 years of experience in the global technology sector with specific expertise in biometrics and cybersecurity solutions.
Dimitris Athanasiadis oversees Operations and Customer Relations in Megaventory.