Source: Statistica. Based on a survey of managed service providers in August 2020. Respondents were asked to pick three answers.
For an organization relying on information systems for its management and operation, cyberattacks represent a significant threat. The most common causes of a cyberattack include:
- Weak or stolen credentials. Network access and privileges rely on login identity and related passwords. Simple and common passwords represent a risk that could allow an authorized user, through brute force attacks (automatically inputting thousands of weak passwords), to access accounts and critical information.
- Application vulnerabilities. Software, network protocols, and operating systems that are complex can be subject to vulnerabilities that can be exploited, such as installing malware. Organizations can be reluctant (or forget) to update software across hundreds, if not thousands, of individual computers.
- Malware. Software that is purposely designed to extract information, take control of the operating system, or remove access to data (encryption). The goal is to gather commercial information (e.g., bank accounts), shut down equipment, or extract a ransom in exchange for redeeming access to the data. Malware can be remotely installed through weak credentials, installed through malicious websites or attached to an email.
- Malicious insiders. Employees having access to the network can represent a risk if they are disgruntled (fired, disciplined, demoted) or wish to gain a monetary advantage.
- Insider error. An employee can unwillingly allow malware to be installed by opening an email, sending a file to the wrong email address, or losing a device (laptop, phone, USB storage) containing key information.