Top 8 Risks in Cyber Security

Over the past couple of years, there’s been a sharp rise in the number of cyberattacks. It’s the change in business operations, which places a more significant emphasis on remote work that has led to an increasing number of attacks. 

Therefore, to put you in the right frame of mind to better tackle these cyber-attacks, I have decided to compile a list of 10 of the biggest cyber threats, both businesses and end users face today. 


  1. Spear Phishing

Phishing attacks are all about deceiving the end user. A cybercriminals primary objective is to fool its target into giving up sensitive information, which is then used to bypass any security measures put in security place. Once they’ve done that, they can now upload their infected files or place malicious links. In the past year, there was over 200 million phishing attacks reported, which was an increase of 60% on the previous year. In the years to come, we can only assume that they will get worse. 

While your typical phishing attack is targeted at your lone unassuming end user, spear phishing focuses on business organisations, with the objective of compromising them by targeting its employees. Spear phishing attacks come in a variety of approaches. Due to this, it can be rather difficult to spot. This makes them stand out even amongst phishing attacks in general. 

  1. Ransomware

Ransomware attacks work by encrypting the data of a system or network, preventing the end user(s) from accessing it, until they pay out a ransom. Once the user(s) pay that ransom, they are given an unlock code, which they can use to retrieve their data. Ransomware attacks may also involve the theft of company data, with the request of payment so that they don’t leak it to the public. 

Ransomware Risk Management Profile (NIST) has a profile for attack vendors, for the explicit purpose of bringing attention to the number of attacks. These virus types have been around since the very beginning, but have slowly evolved, from encrypted files held hostage till ransoms were paid through postal services, to digital unlock codes now. The very first reported ransomware attack was in 1989 and was through a floppy disk. 

  1. Social Engineering

Social engineering attacks, as the name states are socially engineered. Essentially the cybercriminal is obtaining sensitive information by deploying manipulative tactics to get the victim to do, whatever it is, they want them to do. This could be anything, from revealing sensitive company data to giving out bank details. As already mentioned above, phishing attacks can also be put into the category of a social engineering attack, along with scareware, baiting and the like – all of which are designed to scare the user into doing whatever it is the criminal expects of them. 

  1. Cloud Vulnerabilities

As more and more companies shift over to cloud delivery models, we can only but expect the number of cloud-related attacks to increase. These cloud services are, unfortunately, vulnerable to a number of attack types. This may include denial of Service (DoS) attacks, account hijacking and more. All of which are designed to prevent companies from accessing their own data. 

Close to 30% of all organisations in 2022 reported experiencing at least one cyber security threat with their cloud infrastructure. Of these attack types, the most common were improper data sharing, security misconfiguration, vulnerability exploitation and compromised accounts. Issues that we can only expect will continue in the years to come. 

  1. Artificial Intelligence

With AI or Artificial Intelligence, there are both drawbacks and benefits brought to the cybersecurity arena. On one hand, it has improved the various security solutions available, but on the other, cybercriminals have and can use it to overcome these new security measures. This issue has grown in complexity, as AI has become more commonplace and accessible. Back in the day, AI was something that was only accessible to the largest companies with the biggest budgets. Now, individual devices are powerful enough to access and utilise it. This has increased its appeal for hackers, who are able to use AI to create bots that can pass as actual people, to alter their malware. 

  1. DDoS

DDoS or Distributed Denial of Service attacks are designed to overwhelm a company’s services by bombarding it with incoming traffic from many different locations and sources. This has an adverse effect on the response time of the site, causing the website to either slow down or shut down entirely. 

In the vast majority of cases, a DDoS attack is not the main attack, instead, it is used mainly as a distraction so that other fraud activities can be carried out. After a cybercriminal plants one of these malicious files, they will immediately begin to create their botnet, which are essentially networks of infected systems. Hackers will then use all of these compromised systems to launch an attack on their main target system. 

The first record of a DDoS attack was in 1996, with a SYN flood, which caused the entire network of a service provider (Panix) to shut down. 

  1. Password Attack

Password attacks are pretty straightforward, as they involve cybercriminals using software to guess the password of an account. This software may be given certain information, such as a family name, individual name, job title, and various other details, to use to guess the users password. 

One of the most effective ways of countering password attacks is by using multi-factor authentication (MFA), password managers and also, by not writing your password down, anywhere.

  1. Third parties 

Virtually every business around today, uses some kind of third party service, whether it’s for payment processing, accounting support etc. This is due to the reality of running your own business. 

However, when a company relies on third parties for various services, it makes that company vulnerable to potential cybersecurity attacks. This is due, primarily to the knock on effect that could occur, in the event that the third party service is breached. Once a cybercriminal is able to exploit the data from this third party, this makes it significantly easier for them to steal additional data using the data they obtained on the various companies. 


Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website

Leave a Reply

Your email address will not be published. Required fields are marked *