What is the biggest cybersecurity threat to businesses in 2021 and 2022 that affects all businesses

The types of cyber attacks that pose the most serious threat vary depending on the business. There are many different kinds of attacks that hackers might launch, including phishing attempts, ransomware, distributed denial-of-service (DDoS), and more. However, not all threats are created equal.

For example, a ransomware attack is usually much more harmful than a DDoS attack because ransomware mostly impacts the company’s ability to do business rather than preventing access to its network infrastructure.

Social Engineering Attacks

Social engineered attacks are among the most popular and some of the most cleverly disguised. The tactic often begins with an email, letter, phone call, or text message that tricks the victim into revealing valuable personal information such as passwords and other sensitive data.

While it may be common sense for most that the IRS does not call you, some people still fall victim to the scam telling you of the trouble you will be in, unless you verify your information.

 

Combining Multipoint of contact on a single victim

A more elaborate approach is combining email, letters, and phone calls, into one targeted attack on an individual.

multiple phishing attemps

Although, a person may ignore an email, or have it sent to spam, they may not be as likely to ignore a phone call and/or letter in the mail as well.

These could be as simple as verifying pick-up information for a package from the UPS store, verifying an access code to a 3rd party service or subscription you have such as a bank or credit card account, or a corporate generated email from within your company asking for internal access, or verification of your direct deposit information.

As you can imagine the bad actors have all the time in the world to come up with strategies to scheme people. For the rest of us, we have our day jobs to worry about, our bills to pay, our home life to take care of, etc.. You can clearly see that they have more time and vested interest to come up with elaborate schemes. With that said, the most effective phishing attack, is the one that will come out tomorrow… To keep everyone aware of this, it’s important to provide cyber training.

What you can do about it today

I am sure that if you are in a large corporation you could have a white board presentation by some cyber security expert that will show you some slides and explain why it’s not a good idea to use sticky notes with your passwords around your screen. Here are some tools, that those of us who do not have personal tutoring can utilize:

Webroot Security Awareness Training. You can get free trial from their website,

It’s video presentations made easy to understand, which is the most important part of training, keeping the end user engaged. It also only costs a few bucks per person to deploy, they offer testing on employees that you can do after to see what they learned.

There are many companies out there that provide security training, so select the one that works for you. We have used Webroot, which we have had great success with for our clients. It’s an easy platform to follow and understand, and appeals to non-technical people, which is who phishing attacks primarily target.

Secure your email!

Another thing to consider is getting Advanced Threat Protection from Microsoft or a 3rd party spam filtering solution. It only costs a few dollars per mailbox, but enables many benefits such as:

Microsoft Defender for Office 365, it protects you from sophisticated threats hidden in email attachments and links, as well as offers cutting-edge defenses against zero-day threats, ransomware, and other sophisticated malware attempts.

With app protection for Office mobile apps, you can limit the copying or saving of company data to unapproved applications and locations.  Best of all these services are available through Office 365 subscription you already have.

You can configure this plan through your office portal for all users in the organization. The cost is roughly $8 per user over the business standard plan.

If you need help navigating through the portal, don’t hesitate to reach out to us at AlphaCIS. We can help navigate you through the process of upgrading your subscription.

 

author avatar
Dmitriy Teplinskiy
I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity