woman writing on glass board in meeting

Cyber Security Awareness month is over, but cyber threats are here to stay

How to stay vigilant and protect your organisation

Katherine Hunnisett, Senior Associate, Forensic Services
30/10/2024
woman writing on glass board in meeting

As Cyber Security Awareness Month comes to an end, it’s crucial to remember that while the campaigns and initiatives may wind down, cyber threats remain a constant reality. Nearly every aspect of our lives, from banking to healthcare, now has an online component, so it is vital we stay alert of evolving cyber threats.

In October alone - a month dedicated to raising cyber security awareness - there have been multiple headlines relating to cyber security. The Internet Archive, a nonprofit digital library, confirmed its third security breach of the month, while the genomics company ‘23andMe’ settled a $30 million lawsuit relating to the data breach they suffered last year. Furthermore, Microsoft published their alarming 'Digital Defense Report 2024' report this month. It details that the world faces more than 600 million cyber-attacks every day, with generative AI helping to increase the sophistication and ultimately the success rate of these attacks and highlights the persistent role of cyber operations in broader geopolitical conflicts.

Understanding the biggest cyber threats

Although it is impossible to fully protect yourself or your organisation from cyber-attacks, there are various steps you can take to significantly reduce the risk of falling victim to an attack, or to reduce the damage an attack can cause. One way that individuals and businesses can do this is by staying up to date with the latest cyber threats.

Ransomware attacks

Ransomware continues to be one of the most damaging and widespread cyber threats. In a ransomware attack, hackers gain access to an organisation’s network, encrypt crucial data, and demand a ransom in exchange for the decryption key. Attackers often threaten that if the ransom is not paid within their timeframe, they will leak the data or permanently destroy it. It is estimated that 1.7 million ransomware attacks occur every day.

Phishing and social engineering attacks

Phishing, which refers to misleading emails or messages that trick you into revealing personal information, remains one of the most common and effective methods that cybercriminals use to gain unauthorised access to sensitive information. The damage that phishing attacks can cause cannot be understated. For example, US healthcare provider Elara Caring was subjected to a phishing attack that targeted two employees in 2020. With only these two compromised targets, attackers were able to compromise personal information of more than 100,000 patients.

Supply chain attacks
As many organisations continue to outsource large parts of their operations to third parties, supply chain attacks are an increasing cybersecurity threat. In these attacks, cybercriminals infiltrate an organisation by compromising a third-party vendor or service provider that has access to the organisations systems. Once inside, they can perform various damaging actions, including stealing data or planting malware. One of the most infamous supply chain attacks is the 2020 SolarWinds hack, where attackers injected malicious code into the company’s software updates. This allowed them to compromise thousands of organisations, including the US government.

How to protect your organisation

Along with understanding the latest cybersecurity threats, there are multiple steps an organisation can take to help protect itself from cyber threats and attacks.

Perform mock phishing exercises
Organisations should perform mock phishing exercises on its employees, as doing so has been found to reduce the risk of employees falling victim to actual attack. Mock phishing is one of the best low cost and effective methods of building cybercrime awareness within an organisation.
Monitor the dark web
Dark web monitoring can help identify sensitive information of clients, employees, and executives that are posted on the dark web by cyber criminals. Using this knowledge, companies can stop criminals from exploiting stolen information. For example, the significant Uber data breach in 2022 was believed to have begun with a hacker purchasing stolen credentials belonging to an Uber employee from a dark web marketplace.  
Perform vulnerability and penetration testing
Vulnerability and penetration testing helps organisations discover vulnerabilities before malicious hackers do. It allows them to proactively address security flaws and strengthen their defences. Unlike other protective measures, this type of testing gives organisations a real-world insight into the effectiveness of their security controls.

Cybercrime is here to stay and although Cyber Security Awareness month is over, it’s more important than ever to keep the momentum of the cyber security movement going. Crowe can assist your organisation with all the above services, along with a wide range of further cybersecurity measures. 

Did you know…

It is estimated that most companies take nearly six months to detect a data breach, even major ones!

For more information contact Tim Robinson or your usual Crowe contact.

Contact us

Tim Robinson
Tim Robinson
Partner, Forensic Services
London

Insights

Discover how accountancy has transformed within the Premier League, focusing on financial strategies and the impact of recent changes on clubs.
Explore our top five scams below to avoid falling victim this festive season.
Why organisations should review their IT provider contracts, business interruption and cyber insurance policies.
Discover how accountancy has transformed within the Premier League, focusing on financial strategies and the impact of recent changes on clubs.
Explore our top five scams below to avoid falling victim this festive season.
Why organisations should review their IT provider contracts, business interruption and cyber insurance policies.