To avoid breaches, service failures, downtime and financial risk, it's critical that your team be on the lookout for some major cybersecurity threats. There are two ways to categorize the severity or significance of threats: by level of threat to the business (i.e. how much money/time/reputational security you stand to lose due to this threat) and by popularity (i.e. how likely is this threat to occur within your business). Our list uses both.

Keep Your Eyes Open to These Major Cyber Threats

One thing we know: regardless of how we might categorize severity, ransomware is the number one cybersecurity threat to your business today.

Ransomware is the number one cybersecurity threat to your business today. Click to tweet

1. Ransomware

According to Kaspersky researchers, ransomware is the top threat of 2016. As Danny Palmer writes for ZDNet, "Not only is malware increasingly altering itself — thus making ransomware attacks more difficult to defend against — but also the number of attacks are rising, with the number of attacked users up by 30 percent compared with the previous quarter."

Typically when people think of ransomware they think of their Grandpa clicking on a bad link and the attacker holding family photos captive for $200, explains Devi Momot, Twinstate's CEO. But times have changed, and the very real consequences of ransomware are becoming clear to businesses the world over. Think of ransomware on a larger scale — 50 locked machines and no access to any files or data, with all backups overwritten until the ransom is paid — and you can see that the threat is your biggest enemy.

"Ransomware can leave you completely dead in the water," says Momot.

So what can your team do? It would be appropriate to consider code that can detect changes in user behavior, but to do so, you'd need access to user behavioral analytics. If you don't have that already, talk with your infosec team about how they plan to protect your company from ransomware.

2. In-person Social Engineering

No matter how they're manipulated or what their motivation, your people will always be the greatest cybersecurity threat, even if that sounds counterintuitive. You can never entirely account for emotions, so it's incredibly important to remain alert to the propensity of attackers to use zero technological tools for their initial attack, instead opting for face-to-face manipulation, often through impersonation.

How can you block against this type of infiltration? Security awareness training. Work hard to instill a healthy level of paranoia in your employees and they'll have a better shot at avoiding social engineering attacks.

3. Phishing

Phishing itself is a type of social engineering attack, though it usually happens online, or, in the case of "vishing," over the phone. Impersonation can be important here too. The takeaway: people aren't always who you think they are, whether they're in front of you at your desk or sending you an email.

Says Momot, "Phishing is pretty common. It could be something like, 'Here’s an invoice from company XYZ and you’re past due, click here to avoid being overdue.'"

"Phishing entices you to do an activity that will give the attacker access to infiltrate," she says.

A phishing scam/attack can lead to an advanced persistent threat — or APT — on your network, which can allow attackers to extract or alter data undetected over a longer time period, so the risk is incalculable. In the past, APTs frequently came from nationstate actors and focused largely on higher-level organizations of our government. Today, these threat actors are increasingly targeting business infrastructure.

To protect against phishing scams, you'll need an excellent firewall and a real-time web filter, along with strict security awareness training for your employees, so they're less likely to click on a link and initiate the infiltration.

We all know about phishing and online attacks – but what about over the phone, vishing attacks? Click to tweet

4. CEO Fraud

There's a new(ish) threat circulating that poses a massive risk to your company's health, and attacks have become highly refined so that they're nearly unrecognizable. CEO fraud is something all of your employees need to know about and be on the lookout for.

Here's how it works: the attacker sends an email to someone the CEO has regular contact with, and that email looks like it's coming from the correct email address. Either the attacker has already phished the CEO and is emailing from his or her account, or they're using a domain that looks similar to your company's.

The email requests a wire transfer. In this scam, the recipient has been asked to complete an action for the attacker. So how do you avoid it? Again, employee education is your best bet.

5. IoT Attacks

The Internet of Things is hyper vulnerable for a whole host of reasons, not least of which is because it's relatively uncharted territory. Any device with connectivity is vulnerable, and when your coffeemaker, refrigerator and garage door are connected to your network, each one represents a new point for infiltration. Be on the lookout for new, connected devices within your organization, and be sure to vet the security standards of every one.

Bonus: Car and Biohacking

If anyone in your company has an internet-connected vehicle, it can act as a conduit for entry into your network. Wireless communication is inherently insecure, and with more access points comes more risk. Biohacking is an upcoming threat landscape that your security team should keep their eyes on. Check out this article from securityaffairs.co for more on how biohacking — the practice of using "science and technology to improve human output and performance" can present threats.

And there you have it: the shortlist of cybersecurity threats you really need to know about in order to keep your business healthy.

Want more?