What are the Most Common Cybersecurity Threats for Businesses?

Are we becoming desensitized to never-ending, massive data leaks? As we head into 2025, data breaches are becoming the norm – not the exception. According to IBM’s 2024 Cost of a Data Breach report, compromised credentials are among the top attack vectors and costliest incident types. 

If thoughts of an expensive breach are keeping you up at night, you aren’t alone. Below, we discuss the most common cybersecurity threats for businesses and our best tips for protecting your organization. 

Why Cybersecurity is Crucial for Businesses 

The importance of protecting sensitive data or information 

There's no question the topic of cybersecurity is top of mind for many small business owners.  

In our interactions with customers, we’re often asked, “What do all cybersecurity threats have in common?” 

Our answer: They all exploit vulnerabilities in humans, computer systems, software, supply chains, and business processes to gain unauthorized access to YOUR data.  

The average cost of a breach involving compromised credentials is an eye-watering UDS $4.81 million, with employee and customer PII the top two types of data stolen. Attackers especially target tax ID numbers, emails, and home addresses, all of which can be used to commit identity theft and credit card fraud.   

Meanwhile, corporate intellectual property (another sensitive data type) is the third most targeted by hackers or cybercriminals.  

Ultimately, securing PII and corporate data is critical to business resilience. With the rise of stricter data privacy laws worldwide, compliance is the only way to protect your business from extensive financial losses, reputational damage, and legal liabilities 

The financial impact of cyberattacks 

Data breaches are financially devastating for SMBs. According to IBM’s report: 

• The average cost of an insider attack is USD $4.99 million.
• From 2023 to 2024, organizations in the industrial sector suffered the largest increase in costs, rising by an average of $830,000 per breach.
• Businesses with high-level cybersecurity skills shortages paid USD $1.76 million more per breach than organizations with low-level skills shortages (USD $5.74 million versus USD $3.98 million).
• Regulatory fines are rising, with organizations paying USD $50,000+ rising by 22.7% over the last year, and those paying USD $100,000+ rising by 19.5%. Shockingly expensive settlements aren't unusual, either, with Equifax paying USD $425 million for a 2017 breach and Meta topping that with a fine of USD $1.3 billion for unlawfully transferring PII from the EU to the US.

The reputational damage caused by security breaches 

Data breaches can lead to significant reputational damage in the form of: 

• Decreased consumer trust: After a breach, 56% are less likely to trust that their personal data will be safe in the future. Businesses know this, with 94% maintaining that customers won’t buy from them if PII data isn’t properly protected.
• Negative reviews: Consumers often take their grievances to social media; if their posts go viral, they can damage your brand reputation in short order. 
• Low Google star ratings: Star ratings between 4.1 and 4.9 are preferred by more than 50% of consumers. Not surprisingly, 87% of consumers won’t do business with an organization with 3 stars or fewer. While Google doesn’t factor star ratings into web search rankings, the tech giant confirms they do influence local search results.
• Lost market share and business: 60% of small businesses close their doors within six months of an attack. This is why 87% of SMB owners worry a data breach could drive them out of business permanently. 
• Sustained media coverage highlighting the breach: Studies show unfavorable coverage can negatively impact stock prices, which further destroys consumer confidence in your brand.

Common Types of Cyber Threats Businesses Should Be Aware Of  

Malware: Definition, types, and security measures for prevention 

Information-stealing malware (malicious software) is the top biggest cyber threat SMBs are facing in 2024. The three most insidious types of malware are keyloggers, infostealers, and spyware. 

Here are four new types you should watch out for: 

• Mobile malware GoldPickaxe steals facial recognition data to create deepfake videos for authenticating fraudulent banking transactions.
• Infostealer malware like MeduzaStealer, Lumma Stealer, Vidar Stealer, and WhiteSnake can bypass system-level access and steal session cookies from Chrome.
• Agent Tesla is a RAT (remote access trojan) with keylogger, screenshot grabber, and infostealer capabilities. It can evade traditional antivirus defenses. 
• Infostealer malware are masquerading as popular AI-powered tools like Midjourney, Sora, DALL-E, and Gemini. Attackers offer fake “unreleased” versions of these tools to trick people into downloading infostealer malware that harvests their banking info, login credentials, and PII.

Wondering what your options are? Check out our best tips on getting rid of malware and the best malware removal tools in 2024. 

Ransomware: How it works and steps for risk mitigation 

Ransomware attacks are increasing in intensity and frequency: 

• Ransomware is the third most prevalent threat category (after infostealers and trojans)
• LockBit is currently the most active (and pervasive) ransomware variant and RaaS (ransomware-as-a-service) group.
• Despite a takedown effort by the FBI, LockBit remains defiant and continues to recruit ALPHV (BlackCat) and NoEscape ransomware affiliates for their RaaS exploits.
• Only 14% say their organizations are fully prepared to respond effectively to multi-vector ransomware attacks.
• SMBs are 2-5 times more likely to fall victim to a ransomware scheme than larger businesses.
• In 2024, 68 ransomware groups made 2,611 leak site posts in Q1 and Q2, representing a 23% increase from the first half of 2023.

Here’s how a ransomware attack works: 

• The attackers use social engineering to get you or your staff to click on a link.
• When an employee (or two) complies, ransomware is covertly installed on their devices. From there, the ransomware makes a lateral move across your organization’s network, taking advantage of weak passwords or misconfigured settings to gain more privileged access.
• The ransomware spreads, encrypts files as it goes, and makes the files inaccessible to your employees.
• Messages pop up on screens, demanding a “ransom” payment in exchange for access to company data.
• Today, the attackers don’t just make your data inaccessible to you; they also make copies of it. So, even if your business pays up, they can still publish the data on Dark Web sites and sell them to the highest bidder.

Here are our best tips for mitigating your risk, based on CISA’s Stop Ransomware Guide: 

• Maintain offline, encrypted backups of your organization’s data.
• Create, maintain, and regularly update an incident response plan with proper notification procedures.
• Implement Zero Trust to prevent unauthorized access.
• Implement strong password policies and phishing-resistant MFA.
• Regularly patch and update software and operating systems.
• Regularly conduct vulnerability scanning to identify and address vulnerabilities.
• Ensure all devices (on-prem and in the cloud) are properly configured, with security features enabled.

Phishing: Recognizing and avoiding phishing attacks 

Email phishing accounts for over 65% of phishing attacks in 2024. Mobile phishing isn’t far behind, at 40%. In today’s digital workplace, 71% of employees are using smartphones for work tasks. Thus, 82% of phishing sites now target mobile devices, with healthcare the most vulnerable industry. 

Meanwhile, spear phishing attacks (those targeting high value individuals within an organization) have risen by 30%.  

With credential theft (70%) the top goal of attackers who carry out these attacks, the importance of robust authentication controls for SMBs can’t be overstated.  

End point attacks 

With the continued popularity of remote work, endpoint security is more critical than ever. According to the Sophos 2024 State of Ransomware report, endpoints are the primary focus of ransomware attackers. 

Here’s why: Endpoints are the primary vectors for shadow IT (the use of unauthorized apps and programs in your organization’s network).  

The average company has 975 unknown cloud services, with employees citing slow IT service response times as their main reason for using unapproved tools and apps. 

However, shadow IT devices fall outside your organization’s security controls and make your business more vulnerable to end-point attacks. Ultimately, each shadow IT device expands your organization’s attack surface, providing more entry points attackers can exploit. 

Insider Threats 

With the advent of quantum computing and the metaverse, insider attacks are multiplying, and research shows they’re inspired by five motivations: 

• Financial gain (50%): This often involves insider trading or the selling of sensitive information.
• Personal benefit (47%): Here, employees act in unethical ways to gain promotions or influence over others. 
• Revenge (45%): Disgruntled employees often target organizations due to perceived wrongs or mistreatment.
• Sabotage (40%): Unhappy employees are more likely to carry out acts of sabotage against your business.
• Reputation damage (37%): Employees sometimes choose to spread misinformation because they are unhappy about corporate policies.

The five most feared insider attack methods are: 

1. Information disclosure (56%)
2. Unauthorized data operations like data exfiltration, data tampering, and data destruction (48%)
3. Credential abuse such as credential sharing, unauthorized data access, privilege escalation, and account manipulation (47%)
4. Security evasions such as policy violations, workarounds, and resource hijacking (45%)
5. Unauthorized software installation and code manipulation (44%)

These three tips are your best bet to mitigate your risks: 

• Enable adaptive MFA
• Implement Zero Trust and least privilege access
• Establish regular audits and user login monitoring

Man in the Middle (MitM) Attacks 

Man-in-the-middle (MitM) and adversary-in-the-middle (AitM) attacks are two types of digital eavesdropping.  

But there’s an important difference.  

MitM attacks occur when malicious actors intercept or alter communications between a user and platform. Meanwhile, attackers not only manipulate communications during AitM attacks but also redirect traffic through an adversary controlled system. 

Below is a brief description of how MitM attacks generally work: 

• In session hijacking, the attacker may intercept network traffic or use Cross-Site Scripting to steal session cookies from browsers.
• When a user logs in, the attacker captures the cookie and logs in with the stolen credentials on their own browser.
• Attackers may also trick victims into using a malicious Wi-Fi network disguised as a “free public service.” Once the user logs in, their personal data or credit card details are harvested.

To prevent MitM attacks, you’ll want to visit HTTPS-only websites, use a secure VPN, avoid public Wi-Fi networks, and implement adaptive MFA.  

Advanced Persistent Threats (APTs) 

APT attacks are sustained cybercrime campaigns conducted by highly skilled and well-financed nation state actors. In times past, attackers mainly focused on larger enterprises and government agencies. 

Today, SMBs are increasingly in the crosshairs, as they’re less likely to have the needed protections or in-house cybersecurity expertise to repel attacks. 

The most dangerous APT groups are from Russia, China, and Iran: 

Remix Kitten (APT35)
Origin: Iran 
Targets: Academic institutions, political organizations, and media outlets 

Gothic Panda (APT3)
Origin: China 
Targets: aerospace, defense, construction, engineering, and telecommunications 

Fancy Bear (APT28)
Origin: Russia 
Targets: Government agencies, critical infrastructure, and military organizations 

APT threats to national security have approached critical mass and are now the #1 focus of CISA’s Joint Cyber Defense Collaborative (JCDC).  

One of CISA’s main goals is to defend against ransomware attacks on critical infrastructure and progress towards a world where technology is Secure by Design. As phishing is one of the primary means of perpetrating APT attacks, security features like phishing-resistant MFA and Single Sign-On are a critical first line of defense for SMBs.  

Supply Chain Attacks 

Supply chain compromises have become a key vector for advanced persistent attacks (APTs), which have severe implications for our national security. 

Cybercriminals often exploit vulnerabilities in trusted software or insert malicious code into open-source repositories to carry out attacks. 

Malicious nation-state actors targeting software used in critical infrastructure (energy, transportation, healthcare, and water systems) can generate nationwide disruptions and economic chaos – with just one attack. SMBs are particularly vulnerable because many rely on open-source solutions.   

A supply chain compromise can affect thousands or millions of users across multiple organizations. According to the Reversing Labs State of Software Supply Chain Security 2024 report, major open-source software platforms like npm, PyPI, and RubyGems saw a 28% increase of malware infestation in 2023. 

These types of malware, including open source infostealers like TurkoRat and Luna Grabber, often remain undetected for months. Below, we highlight the two most active groups leveraging supply chain compromises to carry out APT attacks. 

Group and Origin	Targets	Attack Vector
Mustang Panda (China)	Cargo shipping companies in Europe	Exploit of public-facing applications (Confluence, Microsoft Exchange Server) Supply chain compromises
Lazarus (North Korea)	Defense, engineering, manufacturing, education, and cultural industries in the US, South Korea, Taiwan, and many others	Uploading trojanized JavaScript and Python packages to open-source package repositories like NPM and PyPl

Source: ESET APT Activity Report (2023-2024) 

Credential Stuffing

In a credential stuffing attack, attackers use stolen username and password combinations to gain access to user accounts. This type of cyberattack is successful because many people reuse their credentials across various platforms. 

Credential stuffing is like another type of brute force attack: password spraying. However, there’s one major difference: In a password spraying attack, the hackers already have usernames or email addresses but not the corresponding passwords.  

Since many people use weak or easily guessable passwords, the hackers hedge their bets by matching usernames to a list of common passwords.  

Ultimately, credential stuffing relies on password reuse, while password spraying leverages a list of common passwords to gain access to accounts. 

Zero Day Exploits 

Zero Day attacks are notoriously difficult to prevent. This is because highly skilled nation-state actors exploit previously unknown hardware or software vulnerabilities to gain access to your organization’s most sensitive data.  

Ultimately, there are no defenses against these types of attacks because no one knows the flaws exist.  

For example, Lazarus (the North Korean APT group) exploited CVE-2024-38193 to gain Windows system privileges in cryptocurrency engineering and aerospace organizations.  

And in 2023, hackers exploited two Zero Day vulnerabilities to infect IoT (Internet of Things) devices with JenX Mirai malware and use them as bots to launch DDoS (distributed denial-of-service) attacks. 

Social Engineering Attacks 

Social engineering is a manipulation technique that exploits human vulnerabilities to trick people into revealing sensitive info or performing actions that negatively impact their financial and personal wellbeing.  

In February 2024, attackers used deepfake technology to trick an unsuspecting employee in the Hong Kong headquarters of a multinational company into making a fund transfer. 

This elaborate social engineering scam appears to be the first to use digital recreations of multiple executive staff to pull off a heist. Accordingly, the scam began with a phishing email to a finance employee. The employee was invited to a conference where every participant was a digital recreation of a real staff member.  

Convinced by the realistic nature of the call, the employee proceeded to transfer HK$200 million ($25.6 million) to five different Hong Kong bank accounts.  

Today, threat actors from Iran, China, Russia, and North Korea routinely use machine learning LLM (Large Language Models) to generate communications used in social engineering attacks. 

Business Email Compromise (BEC) 

Business Email Compromise attacks are email-based defrauding scams, designed to trick you into performing unauthorized financial transactions or sharing confidential information. 

According to the FBI’s Internet Crime Complaint Center, attackers use banks in the UK, Hong Kong, China, Mexico, and the UAE as intermediary stops for fraudulent transfers. BEC attacks are expensive, costing businesses USD $2.7 billion in adjusted losses annually. 

The Vipre Security Group warns that threat actors are now using sophisticated AI algorithms to mimic the style and nuance of valid interactions to perpetrate 40% of BEC attacks worldwide. 

How LastPass Helps Businesses Stay Secure 

Securely sharing passwords and credentials 

With LastPass, your employees can securely share credentials and sensitive business data without fear of exposure.  

Our Zero Knowledge security model ensures that your data is encrypted at rest and in transit, which means only you can access your master password and any credentials stored in your vault.  

Enforcing password hygiene across teams 

Worried that team members are using easily guessable passwords that make your business vulnerable to attacks? Password reuse has real-world consequences. 

In 2021, DarkSide (a Russian ransomware group) exploited a vulnerability in Colonial Pipeline’s legacy VPN (virtual private network) to obtain login credentials. It’s believed an employee reused the VPN password in another location. Unknown to Colonial, that password had already been compromised – and found in a batch of leaked credentials on the Dark Web. 

As a result, DarkSide was able to use that password to steal 100 gigabytes of data, plant ransomware in Colonial’s systems, and disrupt fuel supplies across the Eastern US.   

In the end, Colonial was forced to pay a ransom of USD $4.4 million to decrypt its data. And although the Department of Justice was able to recover about USD $2.3 million from DarkSide, news images of long, chaotic lines at gas stations and panicked Americans hoarding gas in buckets will forever stay with us. 

With LastPass, you’re protected from this nightmare scenario, giving you ironclad access controls and credential management, making password reuse a thing of the past. 

Monitoring password security with LastPass features 

With Dark Web Monitoring, you can rest easy knowing your business credentials and data will be monitored 24/7. 

You get immediate alerts if any of your personal data is found on Dark Web sites and subsequent prompts to update old, reused, or compromised passwords. 

Dedicated TIME team 

In 2022, we rebuilt our infrastructure, making it more resilient and powerful. One result of our efforts is the creation of our TIME team, staffed by seasoned threat intelligence analysts Alex Cox, Mike Kosak, and Stephanie Schneider.  

Together, they bring 50 years of combined experience in security and cyber threat intelligence, spanning both public and private sectors, to safeguard your data from a range of security risks, from malware attacks to insider threats via Wi-Fi network exploits. 

If you’re ready to protect your business, sign up for a free LastPass Business trial today.