Page 60 - CMA Journal (May-June 2025)
P. 60
Focus Section
Cybersecurity Risks: A Growing
Threat to Business Stability
A chain is only as strong as its weakest link – and in today’s unavailable to
era, where most of our lives have been transformed into a legitimate users.
digital landscape, one weak password, unpatched system, This attack
or lack of cybersecurity awareness can be the breaking exhausts network
point, resulting in a cascading effect that impacts multiple resources due to
systems and causes significant data, reputational, and the high volume of
financial loss. Cybercriminals don’t need to defeat the requests received,
entire defense system; they can find and exploit that one resulting in the
weakest link in the chain to gain access to critical systems system becoming
and information. In this article, we’ll explore how cyber unresponsive. DoS
threats expose these vulnerabilities, their impact, and attacks can take
what measures we can take to strengthen our systems various forms— Muhammad Shahab Iqbal
and safeguard our digital identity. such as ICMP flood, Assistant Vice President /
SYN flood, and
Imagine your digital world as a Jenga tower, where each Head of Business Applications
UDP flood—but all
block represents a digital element such as cloud services, Al Meezan Investments
share a common
IaaS (Infrastructure as a Service), PaaS (Platform as a
goal: to drain network resources. Distributed Denial
Service), SaaS (Software as a Service), IoT devices, digital
of Service (DDoS) is a more severe version, as the
wallets, third-party services, and many more. The higher attack originates from multiple sources, making it
the tower goes, the more unbalanced and vulnerable it
more complex and difficult to mitigate.
becomes, where the black hat only needs to pull out one
block to dismantle the entire ecosystem. d) Man-in-the-Middle (MitM) Attack – This type of
attack works by intercepting communication
Each technological innovation or layer comes with its
own risk, adding more complexity to the systems and between two points, allowing attackers to
making it harder to monitor and secure each endpoint, eavesdrop, modify the data, mimic legitimate
gap, and doorway for ransomware, data breaches, and requests, and compromise data integrity.
thefts to occur. With this, it's becoming increasingly
e) Cross-Site Scripting (XSS) Attack – Attackers
important for businesses to balance the innovation and embed malicious scripts on websites that get
usage of technology with the required security strategies
executed on users’ web browsers. This can result in
like continuous monitoring, threat intelligence, user stealing personal information, credentials, and credit
awareness, and a Zero Trust policy. With increasing digital
card details, modifying website content and
adoption, attackers now have an enormous attack appearance, or exploiting browser vulnerabilities to
surface available to exploit vulnerabilities. These threats
install malware and gain system access.
may occur individually or in various combinations of the
following, out of the wide range already available and f) Zero-Day Exploits – Like human systems, digital
new ones constantly being developed: systems also possess weaknesses. Many reaches
production unnoticed, and these can be exploited
a) Malware – Software designed to penetrate systems
by attackers.
to steal data, disrupt operations, and gain
unauthorized system access. These include viruses, At times, these exploits can have severe impacts
worms, trojans, ransomware, and spyware. because they are previously unknown in the system
b) Phishing – Deceptive communication, such as before being used by attackers—and remain
emails, messages, and chats, used to trick people vulnerable until a patch is deployed.
into revealing sensitive information like personal g) Brute Force Attack – A trial-and-error method to
details, account credentials, PINs, and access codes,
guess passwords, login credentials, PINs, and
or installing malware that either steals or encrypts encryption keys until one attempt succeeds. Once
the data—against which a huge ransom is then
cracked, not only is the individual system
demanded for decryption.
compromised, but other connected systems can also
c) Denial-of- Service (DoS) Attack – Overloading a be exposed and exploited.
system with bot-generated traffic to make it
58 ICMA’s Chartered Management Accountant, May-June 2025
