According to research by cybersecurity software firm Check Point, corporate networks worldwide experienced a 30% increase in weekly cyberattacks in the second quarter of 2024 compared to the same period in 2023 and a 25% rise from the first quarter of 2024.
Inadequate cybersecurity measures can have serious implications for businesses. The consequences of poor digital hygiene include data loss, data breaches, financial damage, and reputational damage — which is difficult to quantify but could have the biggest long-term impact.
As part of Cybersecurity Awareness Month in October, several industry leaders shared their views with Techopedia on the most pressing cybersecurity challenges that businesses face and how to address them effectively.
From managing employee access to encrypting sensitive data and network traffic, read on to learn the methods that companies can use to address common cybersecurity challenges and ensure more robust security all year round.
Key Takeaways
- Corporate cyberattacks rose 30% YoY in Q2 2024, stressing the need for improved security practices by all companies.
- Deepfakes and personalized phishing scams increase both the complexity and scale of modern cyber threats.
- Former employees with lingering access to business systems pose a significant insider risk.
- Remote work environments expose businesses to additional risks, including public Wi-Fi vulnerabilities.
- Our experts share their top six security challenges — is your company leaving exploitable gaps?
Top 6 Cybersecurity Challenges (& Their Solutions)
1. The Rising Threat of Artificial Intelligence
The advancement of large language models (LLMs) and generative AI will increase AI-driven cyberattacks on businesses, such as through more sophisticated phishing scams, automated hacking, and even exploiting vulnerabilities in machine learning (ML) algorithms.
Attackers’ use of ransomware is likely to evolve, and social engineering techniques will use personal information more effectively to manipulate employees into compromising company security.
Tal from Guardio Labs said: “We anticipate a growing reliance on LLMs and Generative AI in general to enhance the effectiveness of both generic and personalized scams.
Cybercriminals are increasingly leveraging deepfake technology to impersonate company executives or employees or create fake identities from compromised data, which they can use to bypass company authentication systems or commit identity and financial theft.
While deepfake detectors exist, the top tips against AI fraud generally lie in the steps above — employee awareness training, locked-down and protected accounts, and showing diligence on public networks. Phishing attempts will get more sophisticated, and having the strongest barriers in place is a necessity.
2. Remote Access From Public Wi-Fi Networks
A particular challenge as work has moved outside the office is employees connecting to public Wi-Fi networks.
“Working from home” often means employees go to public spaces like cafes, restaurants, hotels, or libraries. A survey by Forbes Advisor found that 21% of people who connect to public Wi-Fi use it to work remotely.
However, public Wi-Fi networks can be completely open without even basic password protection, and even those that do implement passwords have limited security that leaves them vulnerable to attack.
Particularly concerning for businesses, 66% of the Forbes survey respondents felt that public Wi-Fi is somewhat or completely safe, but 43% of respondents said they had their online security compromised while using a public Wi-Fi network.
So businesses must require their remote workers to use a virtual private network (VPN) when logging into public Wi-Fi networks. VPNs encrypt data traffic between the device and company applications, helping to thwart man-in-the-middle attacks.
Employees should also be required to keep their devices updated with the latest malware and firewall protection to detect and block incoming threats. IT teams can also remotely access and update company-issued devices to ensure this is done.
Adequate cybersecurity education is also key here, for instance to train employees not to access financial accounts and other sensitive information from unsecured networks.
3. Outdated In-Office Device Policies
According to data compiled by the U.S. Bureau of Labor Statistics, 35% of employees did some or all of their work at home in 2023, up from 24% in 2019 before the COVID-19 pandemic.
While remote working offers employers advantages in terms of job satisfaction and access to a wider talent pool, it also opens up a host of cybersecurity risks, as employees are likely to work in less secure environments at home or elsewhere.
Company devices are more vulnerable to exploits, data breaches and theft when they are outside the office. Employees are more likely to use the same devices for professional and personal tasks.
They may even access company data from devices that they share with other members of their household, noted Venky Sundar, Founder and President – Americas, at Indusface.
So businesses with remote employees need to ensure their cybersecurity policies are updated to incorporate instruction to maintain security outside the office as well as in-office. Policies should be designed on the basis that a hack is inevitable.
It is essential to take a holistic policy approach to application security and endpoint protection, Sundar said, so that even if an employee’s device is compromised, attackers cannot use it to gain access to the business’s critical IT infrastructure.
4. Safeguarding Vulnerable Company Documents
Businesses commonly use Office suite documents and PDF files to share information internally, often including sensitive company or customer data. However, users may not be aware of these documents’ vulnerability to cyberattacks.
Users may assume that PDF files are safer than Excel or Word documents because they are not as easy to modify and are not used to spread macro viruses.
However, PDF files can contain embedded links and scripts that, like macro viruses, can execute when users open the file and download malware, redirect browsers to spoof websites, or exploit system vulnerabilities.
According to DeeDee Kato, Vice President of Corporate Marketing, Foxit, businesses should use software that provides protection features — including encryption, digital signatures and redaction tools, so that only authorized users can access sensitive information.
They also need to use advanced permission settings to control access to editing, printing, and other functionalities, as well as audit trails, tracking capabilities, and watermarking to limit unauthorized distribution.
This is also important for compliance with data protection laws.
5. Former Employee Access to Business Systems
Properly managing employee offboarding and fully revoking their access to company systems and data is crucial.
It is common for employees who have left an organization to still have access to accounts for weeks or even months — creating a significant insider threat, noted Larry O’Connor, CEO and Founder, Other World Computing (OWC).
This gives malicious actors the opportunity to steal sensitive data or sabotage critical systems. And the risk has grown as remote work, and the use of cloud computing services has increased, making it more difficult to keep track of who has access to various applications and devices.
When employees leave, all their internal application and service account access must be removed in a timely manner — even instantly. Their permissions could either be disabled completely or reassigned to another employee.
Robust identity and access management controls — such as multi-factor authentication — can also help to prevent unauthorized access to company systems, even if login credentials become compromised, O’Connor said.
In addition, maintaining backups of critical data is key, so that IT teams have a secure fallback in the event that malicious insiders do succeed in deleting or corrupting data.
6. Blackmail Scams through Personalization and Deepfakes
Blackmail scams are becoming increasingly common as advanced personalization techniques and technologies like deepfakes make it easier for malicious actors to create convincing threats.
Phishing and social engineering tactics are becoming more sophisticated and incorporate blackmail techniques that use victims’ personal details to heighten a sense of fear and urgency, noted Nati Tal, Head of Guardio Labs.
Tal told Techopedia:
“To guard against these sophisticated scams, users should adopt a multi-layered security approach that includes multi-factor authentication (MFA) and security tools that can block phishing emails and suspicious websites before they reach you.
You have to use privacy settings to make it harder for scammers to gather details for personalizing attacks.”
Businesses should provide employees with regular cybersecurity training so they understand the potential threats they may be exposed to, and are aware of the techniques and psychological tricks that attackers use.
There also needs to be best practices so that if employees suspect a scam, they know who to consult with internally before responding.
This is key, as research suggests that as much as 95% of cybersecurity issues can be linked to human error.
