Cyber threats are the reality for any business in this digital age. With technological advancement and people choosing an online data management, such as storing data on cloud-based platforms and sharing of important files and documents via servers, hackers get a chance to sneak into the systems, if appropriate security measures are not in place.
The purpose of this research paper is to understand the major cyber threats concerning small, medium and large organizations and the ways to mitigate them. This paper intends to answer questions such as: the most significant cyber threats impacting businesses, past cases of cyber threats, the financial industry scenario and the outlook towards such issues and steps to counter them.
Courtesy of Big Security in a Small Business World (Cisco.com)
The financial services industry has many players like the government, businesses and consumers. Financial services include banking, insurance, mutual fund, wealth management, stock markets, treasury/ debt instruments etc. The extent and nature of cyber threats vary depending on the size and type of services provided by the companies. In February 2016, a noted bank hack was executed, where $81 million were transferred from Bank of Bangladesh to accounts in the Philippines and Sri Lanka via Federal Reserve Bank through some payment messaging system (New York Times Magazine, 2018). In another cybersecurity breach in 2017, multiple computers were frozen worldwide by a ransomware attack, which exploited a vulnerability in a Microsoft portal to spread this self-propagating ransomware through public internet channels (NPR, 2017).
The average cost of data breaches, according to the Ponemon Institute, was around $3.86 million. According to Risk Based, about 4.1 billion worth records were breached in 2019 making 2019 the worst year so far. Every organization is creating a global network presence. Whenever such organizations adopt new technologies without sufficiently guarding against risks such as malware, data breaches, unsecured networks, they make their systems susceptible (Tawileh, Hilton and McIntosh, n.d.). According to BitGlass, 61.7% of records were leaked only in the financial sector in 2019. This was mainly because of Capital One mega-breach. A detailed breakdown of the types of breaches shows that around 75% of the breaches happened due to malware and hacking and around 18% of the breaches were due to accidental disclosures. Figure 1 depicts the top 5 cybersecurity threats that small, medium and large businesses (based on the number of employees) are currently facing. Large enterprises in India (https://msme.gov.in/know-about-msme) for example, are those enterprises which have more than INR 50 (USD 7 million) crore investment and annual turnover of more than 250 crore (USD 35 million); medium enterprises are those enterprises whose investment is more than INR 10 crore (USD 1.4 million) but less than INR 50 crore (USD 7 million)and annual Turnover is more than INR 50 crore (USD 7 million) but less than INR 250 crore (USD 35 million) and small enterprises are those enterprises whose investment is less than INR 10 crore (USD 1.4 million) and annual Turnover is less than INR 50 crore (USD 7 million).
If we closely analyze Figure 1, we see that ransomware is in the top category. Ransomware is a type of malware that encrypts the user’s files. The attacker then demands a ransom payment from the user to restore access to its files and data. Research shows that such attacks can cause more than 24 hours of downtime (Scaife, Carter, Traynor and Butler, 2016). Moreover, stolen credentials are used to access critical data assets of an organization. Attackers commonly use phishing attacks (which is about making emails and websites similar to the original one) for stealing credentials (Thomas et al., 2017). It is a cheap and effective tactic that involves deceiving employees. Data Breach is common in medium and large businesses whereas DDoS (Distributed denial-of-service) is unique to large businesses and not commonly seen with SMEs. DDoS is a situation when the attackers make a website or computer unavailable to the user by creating a flood of internet traffic causing a crash (Douligeris and Mitrokotsa, 2004).