Top 5 Cybersecurity Threats

Top 5 Cybersecurity Threats | Russ Ward, subject-matter expert, provides tips to combat security risks.

UAH College of Professional Studies

With the increase in digital operations, it is no surprise that cybersecurity is a hot topic in 2021. It has become increasingly vital to evaluate your security risks. A recent Cisco Report indicated that 70% of organizations were served malicious ads, 50% of organizations encountered ransomware, and 48% of organizations found malware activity. To understand the risks we talked to our subject-matter expert, Russ Ward. These are the top five risks he indicated and some tips to combat them.

Russ Ward has been engaged in the security community for over 20 years, including academic, government, corporate and legal domains.

Michael Mercier | UAH

1. Lack of user awareness
   

   A lack of cybersecurity awareness within your organization can open the door for cyber attacks. Providing your team with frequent access to cybersecurity training is crucial to prevent these security breaches. According to the Proofpoint State of the Phish 2021 report, only 52% of U.S. workers could correctly define phishing and only 64% of organizations conduct formal training sessions despite having a training program. If you can identify where your team is most vulnerable, you can focus training efforts to prepare them.

2. The desire to be helpful
   

   As humans, we have an innate desire to be helpful to others, however, hackers often take advantage of this quality. Hackers strategically strive to appeal to a user’s emotions, causing them to ignore tell-tale signs. Hacker campaigns targeting emotions are some of the most successful. Although security vulnerabilities in technology still lead to a significant number of cyber threats, today’s attacks are targeting individuals at an alarming rate. According to the Cisco 2021 Cyber Security Threat Trends report, 86% of organizations had at least one user try to connect to a phishing site.

3. The desire for technology to move faster and to a more open environment without security considerations
   

   The world today moves at a lightspeed pace, propelled by technology. In their never-ending quest for growth, many companies have reached a growth-at-all-costs mindset, sacrificing their security and the privacy of their customers. The insatiable desire for fast-paced development has created significant security vulnerabilities. Often these environments are configured to be more user-friendly, not balancing ease of use with security.

4. Lack of deep knowledge in cybersecurity professionals
   

   The cybersecurity landscape is constantly changing, so cybersecurity professionals must be able to quickly adapt to emerging threats. They must also have the ability to think outside the box because solutions are often not black and white. To become a top-performing cybersecurity professional, significant dedication and investment are required. Professionals need support from their organizations in the form of training dollars and time. Without proper support from their organizations, cybersecurity professionals cannot gain the deep knowledge required to perform their job duties effectively.

5. Lack of business case for cybersecurity
   

   Despite the growing need for highly-skilled cybersecurity professionals, many companies are not investing in their employees in proportion to the growing number of cyber threats. According to The Life and Times of Cybersecurity Professionals 2021 report by ISSA, many cybersecurity professionals believe at least 40 hours of annual training is required to remain proficient. However, nearly 21% of professionals surveyed did not meet that goal because employers would not pay for 40 hours of training. In addition, the study found that companies are not prioritizing cybersecurity training over everyday tasks, making them more vulnerable to cyber attacks.

So what can we do to protect ourselves and our organizations? Here are five tips:

1. Stop and think about security. If you get an email that solicits an emotional response, stop and think. If you are still not 100% certain, ask someone else.
2. Stay up to date with patches for all devices/software. Patches are there for a reason.
3. Do not connect to untrusted networks. You could be monitored or attacked.
4. Physically protect your devices. If an attacker can gain physical access to your device, they have a much higher chance of compromise.
5. Report things when they seem odd. If something seems off, it probably is.

Upcoming Courses:

Russ Ward teaches Certified Ethical Hacker (CEH) Exam Prep for UAH Professional Development Solutions. Read his professional bio, learn more about the course and view upcoming dates at PDsolutions.uah.edu/EthicalHacker.