Types of attacks that businesses should expect are:
- Phishing attacks-Phishing attacks use sociology tactics to manipulate victims and get them to give up passwords, financial information, or other sensitive data. Typical attacks can include criminals claiming to be computer support, an organization well known, or even the victim’s CEO. The number of phishing attacks doubled during the year 2020 and there is no sign of a slowdown in this trend. Our cybersecurity investigation found that 54.3% of respondents had yet to be trained in information security. Companies should also consider investing in anti-phishing software and performing penetration tests.
- Malware- Malware covers a wide variety of attacks ranging from viruses to spyware. The best way to protect against malware is to ensure that antivirus updates and other key software are up to date. Our survey found ‌many businesses are doing well in this regard, with 84% saying that their businesses install updates when they are available.
- Ransomware-Ransomware is the case in which a cybercriminal holds an organization’s data by encrypting it or rendering it inaccessible until a ransom is paid. The majority of these incidents that occurred in Q4 2020 (70%) involved threats of the release of stolen data. As a result, 60 percent of businesses eventually paid the ransom.
- Vulnerable Supply Chain-Safety of information is not only important in an organization. Weaknesses and vulnerabilities may also arise from external third parties and suppliers. Software vendors are ‌vulnerable, as evidenced by the recent hacking of Microsoft Exchange, which has resulted in the compromise of approximately 7,000 UK servers, according to the National Cyber Security Centre. Organizations should always carefully review their providers, establish clear agreements on security and expected levels of service delivery, and ensure that all updates are implemented in a timely manner.
- Physical Attacks- Security of information does not only mean protecting digital assets. Consideration must also be given to the physical security of devices, equipment, servers, and documentation. Therefore, in 2021, businesses should continue to think about saving data, mandating the use of strong passwords, and ensuring that equipment is securely locked when not in use. As a result, in 2021, businesses should continue to consider saving data, applying strong passwords, and ensuring that equipment is securely locked when not in use.
Ref: https://www.qmsuk.com/news/what-cyber-attacks-are-businesses-facing-in-2021