According to research by cybersecurity software firm Check Point, corporate networks worldwide experienced a 30% increase in weekly cyberattacks in the second quarter of 2024 compared to the same period in 2023 and a 25% rise from the first quarter of 2024.
Inadequate cybersecurity measures can have serious implications for businesses. The consequences of poor digital hygiene include data loss, data breaches, financial damage, and reputational damage — which is difficult to quantify but could have the biggest long-term impact.
As part of Cybersecurity Awareness Month in October, several industry leaders shared their views with Techopedia on the most pressing cybersecurity challenges that businesses face and how to address them effectively.
From managing employee access to encrypting sensitive data and network traffic, read on to learn the methods that companies can use to address common cybersecurity challenges and ensure more robust security all year round.
Key Takeaways
- Corporate cyberattacks rose 30% YoY in Q2 2024, stressing the need for improved security practices by all companies.
- Deepfakes and personalized phishing scams increase both the complexity and scale of modern cyber threats.
- Former employees with lingering access to business systems pose a significant insider risk.
- Remote work environments expose businesses to additional risks, including public Wi-Fi vulnerabilities.
- Our experts share their top six security challenges — is your company leaving exploitable gaps?
Top 6 Cybersecurity Challenges (& Their Solutions)
6. Blackmail Scams through Personalization and Deepfakes
Blackmail scams are becoming increasingly common as advanced personalization techniques and technologies like deepfakes make it easier for malicious actors to create convincing threats.
Phishing and social engineering tactics are becoming more sophisticated and incorporate blackmail techniques that use victims’ personal details to heighten a sense of fear and urgency, noted Nati Tal, Head of Guardio Labs.
Tal told Techopedia:
“To guard against these sophisticated scams, users should adopt a multi-layered security approach that includes multi-factor authentication (MFA) and security tools that can block phishing emails and suspicious websites before they reach you.
You have to use privacy settings to make it harder for scammers to gather details for personalizing attacks.”
Businesses should provide employees with regular cybersecurity training so they understand the potential threats they may be exposed to, and are aware of the techniques and psychological tricks that attackers use.
There also needs to be best practices so that if employees suspect a scam, they know who to consult with internally before responding.
This is key, as research suggests that as much as 95% of cybersecurity issues can be linked to human error.
5. Former Employee Access to Business Systems
Properly managing employee offboarding and fully revoking their access to company systems and data is crucial.
It is common for employees who have left an organization to still have access to accounts for weeks or even months — creating a significant insider threat, noted Larry O’Connor, CEO and Founder, Other World Computing (OWC).
This gives malicious actors the opportunity to steal sensitive data or sabotage critical systems. And the risk has grown as remote work, and the use of cloud computing services has increased, making it more difficult to keep track of who has access to various applications and devices.
When employees leave, all their internal application and service account access must be removed in a timely manner — even instantly. Their permissions could either be disabled completely or reassigned to another employee.
Robust identity and access management controls — such as multi-factor authentication — can also help to prevent unauthorized access to company systems, even if login credentials become compromised, O’Connor said.
In addition, maintaining backups of critical data is key, so that IT teams have a secure fallback in the event that malicious insiders do succeed in deleting or corrupting data.
4. Safeguarding Vulnerable Company Documents
Businesses commonly use Office suite documents and PDF files to share information internally, often including sensitive company or customer data. However, users may not be aware of these documents’ vulnerability to cyberattacks.
Users may assume that PDF files are safer than Excel or Word documents because they are not as easy to modify and are not used to spread macro viruses.
However, PDF files can contain embedded links and scripts that, like macro viruses, can execute when users open the file and download malware, redirect browsers to spoof websites, or exploit system vulnerabilities.
According to DeeDee Kato, Vice President of Corporate Marketing, Foxit, businesses should use software that provides protection features — including encryption, digital signatures and redaction tools, so that only authorized users can access sensitive information.
They also need to use advanced permission settings to control access to editing, printing, and other functionalities, as well as audit trails, tracking capabilities, and watermarking to limit unauthorized distribution.
This is also important for compliance with data protection laws.
3. Outdated In-Office Device Policies
According to data compiled by the U.S. Bureau of Labor Statistics, 35% of employees did some or all of their work at home in 2023, up from 24% in 2019 before the COVID-19 pandemic.
While remote working offers employers advantages in terms of job satisfaction and access to a wider talent pool, it also opens up a host of cybersecurity risks, as employees are likely to work in less secure environments at home or elsewhere.
Cache Merrill, a cybersecurity expert at Indian outsourcing software developer Zibtek, said:
“Employers can no longer rely on the security strategies that were designed for in-office working; data is no longer just being accessed under one office roof where IT can supervise.”
Company devices are more vulnerable to exploits, data breaches and theft when they are outside the office. Employees are more likely to use the same devices for professional and personal tasks.
They may even access company data from devices that they share with other members of their household, noted Venky Sundar, Founder and President – Americas, at Indusface.
So businesses with remote employees need to ensure their cybersecurity policies are updated to incorporate instruction to maintain security outside the office as well as in-office. Policies should be designed on the basis that a hack is inevitable.
It is essential to take a holistic policy approach to application security and endpoint protection, Sundar said, so that even if an employee’s device is compromised, attackers cannot use it to gain access to the business’s critical IT infrastructure.
2. Remote Access From Public Wi-Fi Networks
A particular challenge as work has moved outside the office is employees connecting to public Wi-Fi networks.
“Working from home” often means employees go to public spaces like cafes, restaurants, hotels, or libraries. A survey by Forbes Advisor found that 21% of people who connect to public Wi-Fi use it to work remotely.
However, public Wi-Fi networks can be completely open without even basic password protection, and even those that do implement passwords have limited security that leaves them vulnerable to attack.
Particularly concerning for businesses, 66% of the Forbes survey respondents felt that public Wi-Fi is somewhat or completely safe, but 43% of respondents said they had their online security compromised while using a public Wi-Fi network.
So businesses must require their remote workers to use a virtual private network (VPN) when logging into public Wi-Fi networks. VPNs encrypt data traffic between the device and company applications, helping to thwart man-in-the-middle attacks.
Employees should also be required to keep their devices updated with the latest malware and firewall protection to detect and block incoming threats. IT teams can also remotely access and update company-issued devices to ensure this is done.
Adequate cybersecurity education is also key here, for instance to train employees not to access financial accounts and other sensitive information from unsecured networks.
1. The Rising Threat of Artificial Intelligence
The advancement of large language models (LLMs) and generative AI will increase AI-driven cyberattacks on businesses, such as through more sophisticated phishing scams, automated hacking, and even exploiting vulnerabilities in machine learning (ML) algorithms.
Attackers’ use of ransomware is likely to evolve, and social engineering techniques will use personal information more effectively to manipulate employees into compromising company security.
Tal from Guardio Labs said: “We anticipate a growing reliance on LLMs and Generative AI in general to enhance the effectiveness of both generic and personalized scams.
“AI will enable the automation of personalized messaging on a massive scale, combining the reach of generic scams with the effectiveness of tailored attacks.”
Cybercriminals are increasingly leveraging deepfake technology to impersonate company executives or employees or create fake identities from compromised data, which they can use to bypass company authentication systems or commit identity and financial theft.
Tal added:
“Deepfake technology will likely advance, allowing scammers to create more realistic and contextually relevant content that mimics trusted sources.
“This evolution will blur the line between legitimate communication and fraud, necessitating ongoing improvements in security tools and awareness.”
While deepfake detectors exist, the top tips against AI fraud generally lie in the steps above — employee awareness training, locked-down and protected accounts, and showing diligence on public networks. Phishing attempts will get more sophisticated, and having the strongest barriers in place is a necessity.
The Bottom Line
Businesses of all sizes are facing increasingly complex cybersecurity challenges, which are expected to intensify, especially as AI is adopted for malicious purposes.
It is essential to be proactive with cybersecurity measures, including regular vulnerability assessments, employee training, strong document protection procedures, and deactivating former employees’ access.
Businesses also need to regularly review and update their cybersecurity policies. This will help them stay on top of emerging threats and avoid becoming victims of new forms of attack.
FAQs
How can businesses protect against blackmail scams and phishing?
Why is it important to revoke access for former employees?
What steps can businesses take to secure remote workers?
What is deepfake technology, and how does it threaten businesses?
References
- Check Point Research Reports Highest Increase of Global Cyber Attacks seen in last two years – a 30% Increase in Q2 2024 Global Cyber Attacks – Check Point Blog (Blog.checkpoint)
- Access Denied (Weforum)
- American Time Use Survey Summary
– 2023 A01 Results (Bls) - The Risks Of Public Wi-Fi – Forbes Advisor (Forbes)