Security · June 24, 2021

The Top 3 Types of Cybersecurity Threats in 2021—and How to Combat Them

The pandemic hasn't just been a public health crisis—it's also created a cybersecurity crisis for businesses.

Over the past year, businesses and organizations have experienced a significant uptick in cybersecurity attacks from emboldened hackers, largely due to an increase in remote work, gaps in cyber awareness among employees and companies using third-party cloud solutions with unforeseen security vulnerabilities. From February to May 2020 alone, more than 500,000 people had their personal information exposed as a result of data breaches on videoconferencing platforms.

The types of cybersecurity threats businesses must address in 2021 aren't that different from the threats they've previously faced. However, hackers are now using more sophisticated means, including artificial intelligence, to automate how they attack devices and systems.

As a small business owner, here's what you need to know about the top cybersecurity threats in 2021 and how to protect your business.

Types of cybersecurity threats

The most pressing cybersecurity threats businesses of all sizes face fall into several key categories. These include:

1 Phishing

This type of cyberattack involves malicious links sent by email that appear legitimate. Clicking on these links or opening these emails unintentionally can give hackers access to sensitive data, whether it's personal information or operational and customer data your business collects. Hackers have even gotten more sophisticated with their social engineering schemes and have turned to new methods such as smishing—or sending fraudulent texts—to gain unauthorized access to data. According to the 2021 Verizon Data Breach Investigations Report, nearly 40% of security breaches involved social engineering schemes like phishing.

2 Ransomware

Now the leading threat for companies, ransomware attacks increased 485% year over year from 2019 to 2020. These attacks involve hackers gaining access to sensitive data, encrypting it and then demanding a ransom to restore access. Ransomware attacks can cause massive disruption, as witnessed in the gas shortages on the East Coast in May 2021 due to a ransomware attack on a major pipeline. In this situation, Colonial Pipeline paid nearly $5 million to restore access to its data—a hefty sum that many small businesses can't afford.

3 Weak cloud and endpoint security

Increased usage of cloud solutions opens businesses to more types of cybersecurity threats, especially if they don't have strong endpoint security. Cloud solutions store and transmit data on virtual servers, which may give hackers an easier entry point compared to a physical server, particularly if the providers don't practice strong enterprise security. Businesses also increase risk if they don't update their software with the latest security patches. As more employees work from home and connect their devices to remote networks, your business also may encounter increased security risks.

How to protect your business

Even with all these security threats, you can take steps to minimize the likelihood of a data breach.

Educate yourself—and your employees

Take steps now to raise your and your employees' cyber awareness. If you don't have the resources to invest in robust cybersecurity training, the National Institute of Standards and Technology maintains a list of free and low-cost cybersecurity training resources. You can reinforce this material in company newsletters, communications and in-person conversations to build employees' cyber awareness.

Monitor your cloud applications

If you have even a small budget for cybersecurity, it's worthwhile to invest in cloud monitoring tools. These solutions can monitor activity on your network and send alerts when there's suspicious activity. Some types can even isolate these threats from your network so hackers can't access sensitive information. If you're able to invest in any technology, security may generate the most value for your company.

Keep your systems and devices updated

One of the simplest things you can do is keep your computer systems, software applications and devices up to date. Many technology providers update their software automatically, but they might also send notifications to remind you to do this on your own. However, in some cases, your technology may be so outdated that it's better to replace it with modern security capabilities that reduce your risk.

Create a cybersecurity policy

Though you may think a cybersecurity policy is only for large enterprises, small businesses also can benefit from establishing these policies. Your policy doesn't have to be complex or long, and you can use online templates as a model. Taking the time to map out your policy is important because it gives employees something physical they can consult to boost their cybersecurity knowledge.

Getting ahead of the threats

As more organizations digitize their operations, cybersecurity threats will continue to increase for the foreseeable future. Businesses of all sizes must be proactive in this evolving threat landscape, so consider implementing the best practices we've outlined to reduce your risk and protect your business.


Financial insights for your business

No results found

This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation.

Links to third-party websites may have a privacy policy different from First Citizens Bank and may provide less security than this website. First Citizens Bank and its affiliates are not responsible for the products, services and content on any third-party website.