7 Major Cybersecurity Risks For Midsize Organizations: Gartner
From ransomware and data mining to the supply chain and OT technology, here are the top seven cybersecurity risks midsize enterprises will be dealing with over the course of 2022.
6. Insider Threats
Insider risk refers to every account that has access into an organization’s environment such as service accounts, custom integrations, and API accounts, according to Furtado. Insider threats, meanwhile, are the very, very small percentage of insiders that are actually doing something that’s going to cause a security incident, Furtado said.
Seventeen percent of all sensitive files are available to every employee in an organization, 30 percent of data breaches are the result of some sort of insider events, and 63 percent of all insider events stem from either a deliberate error or carelessness. It historically took about 77 days to identity an insider who was misusing their power, but remote work has made spotting malicious insiders much harder.
Insider events result in potential damages of around $1 million since it allows hackers to easily exfiltrate data out of the victim’s environment. Hackers are propositioning discontented insiders with offers to split some of their earnings if the insider deploys malware in their company’s own environment or clicks on a malicious email that makes it through the company’s gateway, according to Furtado.
Furtado urged organizations to add ‘quishing’ to their cybersecurity awareness training since bad actors are taking advantage of the ubiquity of QR codes at places like restaurants to introduce malicious QR codes of their own. Adversaries are combining quishing with keyloggers and screen grabbers on mobile devices to get a multi-factor authentication token without the user’s consent and explode their account.