Jane Frankland on the Biggest Cybersecurity Threats You're Probably Overlooking

When you hear “cyberattacks,” you might picture spam emails or pop-up advertisements loaded with viruses. While these old-school tactics still exist, modern cyberattacks have become more sophisticated and prevalent.

Artificial intelligence (AI) has become one of the biggest cybersecurity threats. Cybercriminals can use this innovative technology to deepfake — or convincingly fabricate — images, videos, voicemails, and other digital content. The National Security Agency warns that malicious actors could use deepfakes to “impersonate leaders and financial officers, and use fraudulent communications to enable access to an organization’s networks, communications, and sensitive information.”

But deepfaking is only one of many modern cybersecurity risks. Thousands of organizations also fall victim to ransomware, phishing, and other cyberattacks. Between November 2023 and April 2024 alone, over 6.8 billion records were breached in more than 2,700 incidents in the United States. IT services and healthcare were the most breached sectors, but cybercriminals target organizations in every industry.

As cyberattacks evolve at a dizzying pace, many businesses are struggling to keep up with emerging threats and defend their systems. Understanding the latest threat actors and prioritizing trust and identity establishment will help protect your data and customers.

Jane Frankland, CEO of KnewStart, gives her opinion on the biggest cybersecurity threats facing businesses today. 

What Is a Threat Actor?

A threat actor is a person or group that seeks to harm an organization by exploiting weaknesses in its databases, networks, or systems.

These malicious actors have many motivations, ranging from financial gain to political activism to personal revenge. For example, in 2022, a General Electric employee stole confidential documents and trade secrets to give to a competitor. In 2024, UnitedHealth paid a $22 million ransom after hackers breached one of its subsidiaries and compromised patient data.

“Trust and identity establishment, for both humans and machine identities, is crucial,” said Frankland. “We're seeing more threat actors logging in with valid accounts rather than hacking.”

You can reduce the risk of cyberattacks by familiarizing yourself with the most common threat actors, including:

• Cybercriminals: This term refers broadly to threat actors who use the internet for illegal activities, such as hacking and identity theft.
• Hactivists: These threat actors infiltrate computers or systems to promote political or social causes. For instance, Ukrainian activists hacked Alfabank — a private bank catering to Russia’s elite — to protest Russia’s invasion and disrupt the country’s operations.
• Nation-state threat actors: These government-sponsored hackers target foreign systems to steal confidential data and interfere with other countries’ activities. The Cybersecurity & Infrastructure Security Agency lists China, Iran, North Korea, and Russia as nation-state adversaries that pose significant national security threats to the United States.
• Insider threats: As the name implies, insider threats are individuals who cause harm — intentionally or unintentionally — from within your organization. For instance, an employee may steal financial data or simply cause a data breach by sharing information with the wrong person.

Threat actors use a variety of tactics to harm businesses. Some cybercriminals develop ransomware — or malicious software — to hold an organization’s data or devices hostage until they receive payment. Another common tactic is phishing, where attackers trick victims into disclosing sensitive information. For instance, a cybercriminal might create emails impersonating a bank, asking recipients to verify their passwords.

Of course, not all hackers use their knowledge and skills for nefarious purposes. Vulnerability hunters are cybersecurity experts who proactively search for security flaws in networks or systems. Businesses often hire these specialists to identify weaknesses before malicious actors can exploit them.

Trust and Identity Establishment Is Key

Cybersecurity threats may seem intimidating, but you’re not powerless. You can protect your organization from cyberattacks and data breaches with trust and identity establishment.

These protocols are used to confirm and validate the identity of users before granting access to your devices and systems. They make sure that only authorized individuals can handle sensitive data or perform specific tasks.

For instance, you could set up your company Instagram account to require multi-factor authentication. This cybersecurity measure, which requires users to log in with not only a password but also a temporary code, reduces the risk that a hacker will access your social media account to steal information — or damage your brand reputation with inflammatory posts. Likewise, you could require users to scan their fingerprints to access sensitive financial data.

“It's increasingly difficult to distinguish real from fake, especially with voice and video manipulations,” notes Frankland. “Cybercriminals and state-sponsored attackers can target vendors and suppliers with weaker security. Insider threats, both intentional and unintentional, pose significant risks.”

With identity-based cyberattacks on the rise, trust and identity establishment are more important than ever. These protocols are difficult to bypass, even with advanced techniques like deepfaking. As a result, they can prevent unauthorized access or — in the worst-case scenario — minimize the damage caused by a breach.

Here are three practical solutions to improve identity and trust establishment:

• Identity and Access Management
• Penetration Testing
• Patch Management

Identity and Access Management

Businesses use identity and access management (IAM) protocols to control who can interact with their data and systems. These systems help deter internal and external threats by only granting access to authorized and authenticated individuals.

There are many types of IAM solutions, such as:

• Passwords
• Multi-factor authentication: Requires users to prove their identity in two or more ways by sending a code to a known device or e-mail address with every login attempt
• Biometrics: Uses physical characteristics like fingerprints or voice patterns to verify identity

Penetration Testing

Penetration testing is a simulated attack where cybersecurity experts imitate threat actors to test an organization’s defenses. For example, an ethical hacker may attempt to infiltrate a hospital’s cloud databases or payment system.

This assessment lets you detect security gaps in your IAM systems and cybersecurity protocols. Once you’ve identified your flaws, you can fix them before malicious actors discover them and wreak havoc on your organization.

Patch Management

Patch management involves installing and testing upgrades for hardware and software to keep your systems secure. Developers frequently create these patches to close vulnerabilities and improve overall security. Without prompt patching, your networks could become vulnerable to emerging cybersecurity threats.

Proactivity Is Everything

Cybersecurity Ventures predicts global cybercrime will cost a record-breaking $10.5 trillion annually by 2025. Protecting your business from these threats requires a multi-pronged approach. Patch management, penetration testing, and multi-factor authentication are just a few measures that reduce the risk of costly cyberattacks.

A reliable cybersecurity company can help you combat threat actors. Top experts understand the latest threats and use cutting-edge technologies for trust and identity establishment. 

About Jane Frankland, CEO of KnewStart

Jane Frankland is a globally recognized cybersecurity expert, entrepreneur, and author, known for her extensive work in building effective cybersecurity strategies and fostering diversity in the tech industry. With over two decades of experience, she has advised top companies on risk management, threat intelligence, and incident response, helping them stay ahead of emerging threats.

About the Author

Anna Peck Content Marketing Manager at Clutch

Anna Peck is a content marketing manager at Clutch, where she crafts content on digital marketing, SEO, and public relations. In addition to editing and producing engaging B2B content, she plays a key role in Clutch’s awards program and contributed content efforts. Originally joining Clutch as part of the reviews team, she now focuses on developing SEO-driven content strategies that offer valuable insights to B2B buyers seeking the best service providers.

See full profile