The Current Cyber Security Landscape
Cyber security threats are hostile activities aimed at stealing data, disrupting systems, damaging digital infrastructure or affecting digital services. They may include computer viruses, data breaches, denial-of-service attacks, phishing, ransomware and other attack methods.
Small and medium-sized businesses can be especially vulnerable because they often lack the resources, processes or in-house expertise needed to protect themselves effectively.
According to the Ponemon Institute’s State of Cyber Security Report, small and medium-sized businesses have experienced several common cyber security challenges:
- Inadequate security measures. 45% of respondents said their processes were ineffective at mitigating threats.
- Frequency of cyber attacks. 66% had experienced a cyber attack in the previous 12 months.
- More targeted attacks. 69% believed that cyber attacks were becoming more targeted.
The most common types of attacks against small businesses were:
- Phishing and social engineering: 57%
- Compromised or stolen devices: 33%
- Identity theft: 30%
Why Cyber Attacks are Increasing
Understanding the objectives of cyber attacks and their possible consequences helps business leaders reduce risk, build stronger cyber security practices and limit future damage.
According to Accenture, 43% of cyber attacks target small businesses, yet only 14% are prepared to defend themselves effectively.
The consequences of a cyber security incident may continue to affect a company for weeks or even months. A business may suffer from:
- Financial losses
- Reduced productivity
- Reputational damage
- Legal responsibility
- Business continuity issues
Due to the Baltic region’s digital connectivity, international business exposure and geopolitical environment, organisations may face elevated risks related to cyber espionage, phishing and supply-chain compromise.
We are already seeing tactics such as social engineering, QR code and NFC-related fraud, credential theft and data leaks between organisations. In the Baltic countries, the risk is also influenced by the growing number of international companies operating across multiple markets. This makes local organisations part of a wider global threat landscape.
16 Cyber Security Threats Organisations Should Watch
Social engineering
Social engineering remains one of the most dangerous tactics used by cyber criminals because it relies on human error rather than technical weaknesses.
Attackers may use phishing emails, fake login pages, impersonation, urgent payment requests or misleading messages to trick people into sharing sensitive information or taking harmful actions.
Third-party involvement
Cyber criminals can bypass stronger security systems by attacking less secure third-party providers that have access to their main target.
As organisations depend more on vendors, partners, cloud platforms and external service providers, third-party risk management becomes increasingly important.
Configuration errors and human error
Even professional security systems can be affected by software installation, setup or configuration mistakes.
For example, during Baltic Amadeus cyber security assessments, including penetration testing, incorrect or exploitable configurations are often identified as one of the most common issues. These may include exposed services, weak access rules, default settings or unnecessary permissions.
Weak cyber hygiene
Cyber hygiene refers to everyday digital habits and practices, such as avoiding insecure Wi-Fi networks, using VPNs where needed, enabling multi-factor authentication and regularly updating software.
Unfortunately, many organisations still rely on weak or inconsistent cyber hygiene practices. Poor password management, reused passwords and limited use of multi-factor authentication remain common risks.
Cloud security risks and misconfiguration
One may expect the cloud to become safer over time. Still, IBM estimates that cloud vulnerabilities have surged 150% in the previous five years. According to Verizon's DBIR, web app vulnerabilities caused more than 90% of the 29,000 breaches examined in the study.
Mobile device vulnerabilities
The increased use of mobile devices has created more opportunities for attackers. Employees often use phones for email, authentication, business communication and access to company systems.
If personal or work devices are not protected, they may become an entry point for phishing, credential theft, unsafe applications or data leakage.
Internet of Things (IoT) risks
Because of the pandemic-caused shift away from the office, more than a quarter of the American workforce has brought their job into the home, where 70% of homes have at least one smart device. As a result, assaults on smart or "Internet of Things (IoT)" devices skyrocketed, with over 1.5 billion breaches. Researchers from Demand Sage expect that the number of smart gadgets bought will more than quadruple between 2021 and 2025, resulting in an even larger network of access points to attack personal and business networks. The number of cellular IoT connections is estimated to reach 3.5 billion by 2023, and experts predict that IoT-based assaults against organisations will account for more than a quarter of all cyber attacks by 2025.
Ransomware
Ransomware attacks remain a serious threat. Criminal groups use ransomware to encrypt systems, steal data and pressure organisations into paying.
This threat continues to evolve through Ransomware-as-a-Service models, where attackers can use ready-made ransomware tools in exchange for a share of the ransom payment.
Inadequate data management
Many organisations collect and store large amounts of data, but not all of it is necessary or well managed. Poor data management increases cyber risk because sensitive or outdated information may be exposed during an incident.
Organisations should understand what data they hold, where it is stored, who can access it and how long it should be kept.
Poor post-attack procedures
A cyber incident can cause more damage when an organisation does not have clear response procedures.
Companies should prepare incident response plans, define responsibilities, test recovery processes and ensure that both technical and business teams know what to do during an attack.
Patch management is also important. Automated patching and structured vulnerability management can help reduce risks caused by delayed updates or human error.
Cyber warfare
Cyber assaults have been used by governments and state-sponsored entities to obtain access to sensitive information or impair key infrastructure. In 2024, this sort of cyber warfare is projected to become increasingly common.
Insider threats
Insider threats can come from employees, contractors or partners who have access to sensitive data or systems. These threats may be intentional or accidental.
An insider threat can be highly damaging because trusted users often already have access to important information. Clear access control, monitoring and employee awareness can help reduce this risk.
Theft of intellectual property
Intellectual property theft is another important cyber security risk. Attackers may target source code, product plans, business documents, client data, research, designs or other sensitive information.
Companies should protect this information through access management, confidentiality processes, secure collaboration tools and monitoring.
Automotive hacking
The risk of automobile hacking grows as cars become more linked. Hackers can use software flaws to gain control of a vehicle's systems, potentially causing accidents or stealing valuable data.
New AI scams
Cyber criminals are already using AI to make scams more convincing. AI can help create realistic phishing emails, fake voices, deepfakes, fraudulent documents and targeted social engineering messages.
As AI tools become more accessible, organisations will need stronger awareness training, internal rules and verification processes.
QR code and NFC threats
QR codes and NFC technology are convenient, but they can also be abused.
QRishing, which combines QR codes and phishing, tricks users into scanning fake codes that lead to malicious websites. NFC-related threats may involve unauthorised contactless actions or attempts to abuse poorly protected devices.
These attacks rely on social engineering and the fact that users often act quickly without checking where a link or action leads.
What businesses should prepare for next
Cyber security experts will continue to face more complex challenges as threats become more targeted, automated and socially engineered.
This is not only a technical issue. It also involves communication, employee awareness, supplier management, internal governance and business continuity planning. Skills such as clear communication, collaboration and creative problem-solving are becoming increasingly important in cyber security work.
If you want to discuss your company’s cyber security risks, Baltic Amadeus can assist with consulting, assessments and practical guidance. Contact us.
