1. Web and mobile apps
Whether hosted by the company or externally, web and mobile applications are certainly not immune to the growing obligations of cybersecurity since they are more visible and therefore more exposed. They can be hacked at the source and provide attackers with direct access to the workstation.
There are two types of weaknesses. Either unwanted behaviour happens unexpectedly because of unneeded background actions in the application, or a security feature is missing—jailbreak detection, inadequate protection, insufficient cybersecurity.
Probably the best known, because it’s the most common threat. For us all.
Phishing e-mails seek to collect users’ confidential information (banking information, login details, company passwords, wallets, etc.) by posing as a trusted third party.
Hackers send fake SMS messages or e-mails asking for personal data, supposedly sent from a trusted organisation or partner.
Spear phishing e-mails can be very difficult to distinguish from genuine ones. You receive an e-mail to a site (sometimes even a domain name) or link that is a carbon copy of the website. This identity theft or counterfeiting plays on victims’ trust.
For a company, cybersquatting at best creates confusion in the mind of the customer—and at worst does huge damage to your reputation.
Everything is done to deceive you.
Ransomware is a much-discussed scare tactic that many large companies around the world face. Along with phishing, this is probably the most dangerous type of attack, but also the most clever.
Ransomware is used by hackers to encrypt and block access to a company’s computer system. The hackers take control of the system remotely and demand a ransom to unlock it all.
In 2017, the Notpetya virus affected hundreds of thousands of computers in Russia, Ukraine, and several other European countries. It infected hard drives and files. Unless a ransom of 300 euros was paid to obtain a decryption key, users could not access their data.
Faced with waves of ransomware, it is recommended to apply security patches and make data backups, but also to limit exposure to the internet file sharing services.
4. Internal negligence
Hell is other people, right? Threats can sometimes come from former or active employees, subcontractors or even customers who maliciously or, more often than not, negligently disclose passwords to company systems.
Companies can ramp up their security software and employ malware and anti-spam, but the biggest threat remains their own users.
It is therefore important to be trained, to know the risks and consequences of an action affecting the security of an information system; to explain and justify the constraints imposed by security policies and thus to understand the main countermeasures put in place in companies.