Malicious cyber-attacks, phishing scams and denial-or-service attempts are on the rise these days, affecting financial, health and education sectors the most.
Among all types of cyber-crimes, phishing scams have turned out to be the most troublesome for businesses, causing huge losses and data breaches never seen before in history.
At TEISS 2017, the audience was asked what kind of malicious attacks were their greatest concern in the next 12 months. While 10% of them said that Distributed denial-of-service (DDoS) attacks were their greatest concern, almost one in three (34%) picked Ransomware as the culprit in chief. While a fee people chose other types of malicious attacks like malware and APTs, nearly half of them (47%) agreed that social engineering and phishing scams were their greatest concern.
Earlier this month, security firm ESET noted that small and medium businesses are highly vulnerable to phishing attacks because of lack of cyber-awareness and lack of cyber-security training, compared to bigger firms which have in-house cyber-security teams and awareness programmes.
"A large enterprise has a number of backstops and usually has a response ready when it happens. But a small organization … the initial infection can probably lead to something more serious and greater," says Stephen Cobb, senior security researcher at ESET. The fact that smaller firms often act as vendors or suppliers to bigger firms exposes the larger firms to phishing attacks or data breaches.
However, of late, many large businesses and institutions have fallen victim to phishing scams. While a phishing scam last week gained access to Gmail contact lists and spammed hundreds of accounts, many top US universities, including the Carnegie Mellon University, were targets of a potent phishing attack. A similar phishing scam in April swindled $100 million from the likes of Google and Facebook. These instances suggest phishing scams are no longer targeting small and medium businesses alone.
The audience at TEISS 2017 were then imparted a session on ransomware and social engineering, focusing on the threat landscape and some key features of how both types of attack could be conducted. Following the session, the audience were asked the same question again, but the results turned out to be different.
While the count of those who believed ransomware was the greatest concern came down from 34% to 24%, those who considered DDoS as the gravest cyber-attacks went down from 10% to just 3%. However, while 47% initially believed that social engineering and phishing scams were their greatest concerns, their numbers grew to 68% after the session was conducted.
In an interview given to The Economic Times recently, Kelly Bissell, MD of Global Accenture Security said that end-to-end cyber-security isn't present in most businesses and the reasons behind this are lack of funds available to smaller businesses, lack of skilled cyber-security talent and poor implementation of biometrics.
He added that company boards should discuss and implement tough cyber-security standards so that repeated incidents of cyber-attacks do not cause potential loss of business and financial loss. This is especially significant since the GDPR, which will take effect from next year, will impose fines of either 4% of a company's annual worldwide turnover or €20 million, whichever will be higher, if the company fails to secure confidential customer data from cyber-attacks.