The main cybersecurity challenges faced by organizations today are malware, user-initiated attacks, artificial intelligence, and budget restrictions. These challenges affect a huge number of companies around the world and are ones that are not easy to combat. A deep dive of each challenge can be found below.
Malware is the largest, most prevalent threat to cybersecurity out there today. It is the most commonly used form of attack by hackers and other cyber criminals. It remains the cyber criminal's popular choice because of the sheer number of different ways to use it. Malware is the programs and processes that criminals use to hack into computer systems. Criminals can use the malware to lock a system and demand a ransom for the return of the data (a form of malware called ransomware), or they can simply steal confidential information from computer systems for their own personal gain. One example of this is the huge security breach that happened to Target stores and their customers in 2013. Over 70 million customers had their credit card and personal information stolen from Target’s systems. It was determined that the hackers carried out this breach by using a form of malware called a Trojan to attack a third party vendor that Target had not properly secured. This single security breach led to Target paying a settlement of $18.5 million in 2017. This is a great example of the huge impact a piece of malware can have on a business of any size.
One of the largest threats to cybersecurity continues to be humans. Employees often cause various kinds of security breaches both intentionally and unintentionally. One of the biggest issues when it comes to human error that causes breaches is passwords. Many users create passwords that are too simple and are too easy to crack, even when they are provided with training regarding secure password practices. Another password issue is reusing a password that has been used before or using the same password for multiple things, one or more of which contain secure information. Another common human error problem is viruses that are hidden in links inside of emails that appear to be safe to click on. This issue, while still common, can be confronted with employee training on email and computer security.
Insider threats, another form of user-created breaches, is when a malicious employee purposely creates a security breach to steal information or to damage the company by destroying data or causing other chaos. This is much less common than human error, but it is still a large threat for companies. There will always be a number of employees in any company that must have access to secure information and the ability to control system processes. Any of those employees could decide to commit a cybercrime for any number of reasons, including personal gain or disdain towards the company.
Artificial Intelligence, where computers mimic human intelligence, is expected to become the next big thing in cyber attacks. AI has the real potential to enhance existing methods of cybercrime by making the attacks automated so they can be carried out faster. One example of this is using AI processes to gather personal information necessary for spearfishing attacks instead of having humans gathering the information by hand. Using AI technology for an attack of this nature would allow the attack to effect more people and be carried out much more quickly than usual. It is also speculated that attacks using AI technology may be harder to defend against. Some AI technology is able to resist, or slow down, the effects of the typical security programs that companies have today. Because of this, it may be necessary to have a defense system that uses AI technology as well. This would allow companies to defend themselves with somewhat equal forces when it comes to an AI integrated attack.
As the intensity and intelligence of cyber attacks increases, so does the need for equally intelligent and effective defense systems. The problem is that many businesses simply cannot afford the security systems that they realistically need to defend their data. This leaves the companies ill-protected and open to cyberattacks that could deplete their finances or even force them to shut down. Companies that cannot afford high quality security systems, or are on the edge of purchasing them, often don’t actually upgrade their systems until after an attack has already happened to them. Having a realistic defense system seems to be a reactive measure for many companies, when it should be a proactive measure. As with the above mentioned AI attacks, companies should be preparing to look into defense systems that integrate AI technology to match the attacks. Unfortunately this will likely not be a possibility for many companies due to their budget restrictions .
In conclusion, organizations around the world face the main cybersecurity challenges of malware, user error and insider threats, artificial intelligence, and lack of budget.