Cyberattacks are increasing. Some estimates suggest a cybercrime is committed somewhere in the world every 11 seconds and that cybercriminal activity is one of the biggest threats confronting businesses over the next twenty years.
Despite the magnitude of this threat, many business leaders remain largely ignorant about cybersecurity. Here are four realities that cyber experts from the University of New South Wales stress that every business leader should know.
All businesses are vulnerable
All businesses nowadays are linked to the internet, whether it be via a website, email, computerised database, payment system, or another digital channel. Cybercrime can affect any internet-connected organisation, whether it be a local corner store or tech-savvy start-up, large multinational company or major government agency.
The biggest cyber threats are phishing attacks and compromised emails
In phishing attacks, hackers try to collect confidential information using misleading emails or websites. The word was formed in the 1990s specifically to describe this fraudulent activity.
An email compromise is like email phishing, but more targeted in that criminals pose as a prominent company executive to convince an employee to provide information or money. It is a particularly pernicious form of phishing because the email pretends to be from within the business.
Although viruses in the form of ransomware, spyware, or other malicious software (malware) receive a lot of attention from the media, they are not the most prevalent cyberthreat. Cybersecurity firm Fireye Inc, reports that over 80% of email attacks do not involve malware.
Employees are the first line of defence
Firms must invest in employees training designed to help them allow them to identify and respond to cyberthreats. Antivirus software and firewalls are extremely important. But people, not programs, should be the first line of defence against cyberattacks. Phishing is successful because of human, not technical, fallibility. A technical solution can help, but regular employee training is a must.
Cyberthreats are constantly evolving
Cyberattacks vary by firm size and industry type. Hackers are incessantly developing new threats. Business leaders must be ever vigilant and seek advice from cybersecurity trained staff, as well as external IT services experts when necessary.