Organizations are being warned with increasing urgency about the threat of cyber attacks. There are regular news stories of companies leaking sensitive information, receiving multi-million dollar fines, and halting production after being infected with malware.
But what exactly is a cyber attack, and how can you prevent your organization from falling victim?
What is a cyber attack?
‘Cyber attack’ is a broad term that refers to someone using a computer to either compromise sensitive information or disrupt the victim’s computing activities.
The perpetrator can target an individual or an organization, but in either case, their goal is to compromise one or more of the three pillars of information security: confidentiality, integrity, and availability.
Confidentiality in this context means that sensitive information is available only to authorized parties. If confidentiality is breached, it means someone who wasn’t supposed to view the information now has it.
Integrity refers to the accuracy of information. If integrity is compromised, the data has been tampered with in some way – either by replacing or removing details.
Availability indicates that authorized individuals can access the information when necessary. If availability is compromised, it means systems have been rendered unavailable or that the data is corrupted.
With most cyber attacks, the perpetrator’s goal is to steal sensitive information (i.e. to compromise data confidentiality). This is because it’s the easiest way to monetize their attacks, with sensitive information being sold on the dark web.
However, as we explain below, many cyber attacks are intended to compromise data integrity and availability.
How do cyber attacks happen?
Cyber attacks occur when a criminal hacker identifies and exploits a vulnerability. A vulnerability is a weakness within an organization’s systems or operations that enable the attacker to gain unauthorized access or to disrupt its systems.
In most cases, the vulnerability is a technical weakness. Examples of those include:
- Network vulnerabilities
These result from insecure operating systems and network architecture, and include flaws in servers and hosts, misconfigured wireless network access points and firewalls, and insecure network protocols.
- Hardware vulnerabilities
These are exploitable weaknesses in computer hardware. Examples include the Spectre and Meltdown vulnerabilities found in processors designed by Intel, ARM and AMD. They affect almost every system, including desktops, laptops, servers, and smartphones.
- Software and application vulnerabilities
These include coding errors or software responding to certain requests in unintended ways, such as CSRF (cross-site request forgery) and XSS (cross-site scripting) vulnerabilities.
- Zero-day vulnerabilities
These are security flaws that have been discovered by criminals but are unknown to the software vendors, and are therefore unpatched. The term refers to the number of days the vendor has to address the vulnerability.
Want to know more about cybersecurity? Download Cybersecurity 101: A guide for SMBs to find out how attackers break into organization’s systems.
This free guide also provides tips on how to develop a robust cybersecurity programme and outlines some key considerations before you start your project.
It also busts some cybersecurity myths that might otherwise lead to you making poor decisions when protecting your organization.
For most technical weaknesses, crooks don’t need hacking expertise to launch an attack. There are off-the-shelf tools they can use to do most of the work. The only thing that the criminal hacker needs to do is find an organization to target.
Generally, they won’t search for specific organizations. They instead look for vulnerabilities and then find organizations where those vulnerabilities are present.
This isn’t as hard as it might sound. You can find lists of known vulnerabilities online, because software providers release updates that fix errors that they have discovered. Organizations that fail to apply those updates will be left with vulnerabilities on their systems, and all cyber criminals have to do is seek them out.
A vulnerability doesn’t have to be a technical flaw, though. It can be any weakness in an organization’s systems that a criminal hacker can exploit. Human error, for example, is a vulnerability that’s present in all organizations.
This is because people are never infallible. They might misconfigure a database that allows malicious actors to view sensitive information; they might create a weak password or leave it displayed publicly, enabling someone to gain unauthorized access to their accounts; or they might fall for a phishing scam, inadvertently downloading malware onto the company’s systems.
Types of cyber attacks
This is a type of malicious software that’s designed to harm a computer, server, or network.
Malware can be used to steal information, delete files, or damage equipment. One type of malware is a botnet, which allows attackers to control a network of infected computers (or ‘bots’). Botnets can be used to launch sophisticated cyber attacks, steal data, or send spam.
Another type is spyware, which is designed to collect information about the user, such as their web browsing habits.
This is another type of malware, and perhaps the most infamous. Once planted on a machine, it encrypts data and sends the victim a message demanding a payment (usually in bitcoin) for the safe return of the information.
Ransomware has become one of the most common forms of cyber attack in recent years, and has led to countless cybersecurity experts and government agencies urging victims not to pay the cyber criminals’ ransoms.
This is because the money helps to fuel the cybercrime industry and could make the victim a target for future attacks. Moreover, there is no guarantee that the criminals will keep to their word once they’ve received payment.
Phishing is a type of social engineering that’s designed to trick people into divulging sensitive information or downloading malware.
Scammers do so by masquerading as a legitimate organization and contacting the individual with an urgent request.
Phishing usually takes the form of an email, but it can also occur by text message (known as ‘smishing’), social media, and over the phone.
An MitM (man-in-the-middle) attack occurs when a criminal hacker inserts themselves between a device and a server to intercept communications.
MitM attacks often happen when a user logs on to an insecure public Wi-Fi network. Attackers can compromise the connection, gathering information from the user’s device as it’s sent to the Internet router.
An SQL (Structured Query Language) injection occurs when a user inputs SQL code into a web form to gain unauthorized access to data. This can be used to view data that is normally not viewable, delete data, or even modify data.
A DDoS (distributed denial-of-service) attack is a type of cyber attack in which a malicious actor seeks to disrupt the normal functioning of a network by overwhelming it with Internet traffic.
This can be done by flooding the target with illegitimate requests, such as requests to access non-existent websites, or by sending large amounts of data to the target in an attempt to overload its systems.
Cryptojacking is a type of cyber attack in which a criminal hacker hijacks a victim’s computer to mine cryptocurrency.
The hacker typically does this by embedding malicious code in a website or email, which causes the victim’s computer to mine cryptocurrency without their knowledge or consent.
This can slow down the victim’s computer and consume unusually large amounts of electricity, which can lead to higher bills. In some cases, cryptojacking can also cause physical damage to the victim’s computer.
How to prevent cyber attacks
It’s impossible to prevent cyber attacks altogether, because it would be prohibitively expensive or impractical to eradicate every risk. However, there are ways for organizations to drastically reduce the risk. Here are some of the most effective defences you can use:
1. Multi-factor authentication
Multi-factor authentication, also known as two-factor authentication, is a system that’s designed to mitigate the risk of passwords being breached.
Password compromise is a major threat, with individuals often using easily guessable credentials or reusing them on multiple sites. Plus, cyber criminals attempt to trick people into handing over their passwords with phishing scams.
Multi-factor authentication ensures that, even if a cyber criminal steals someone’s password, it’s not enough to compromise the account. That’s because individuals are required to provide their username alongside another piece of information when logging in.
Those details are a combination of something you know (a password or PIN code), something you have (such as a one-time password sent to your phone) and something you are (such as a fingerprint or retinal scan).
2. Antivirus software
Antivirus software scans your computers looking for files that match its built-in database of known viruses and malware.
These tools are essential for all businesses that use online systems. Malicious programs are hidden in all kinds of files, and it’s only a matter of time before an employee downloads something harmful or a criminal sneaks something onto your systems.
3. Patch management
Software providers release regular updates to fix issues in their products and services, and these often include solutions to vulnerabilities that could otherwise be exploited.
It’s essential that organizations apply these updates promptly, because once the patch is made public, cyber criminals are alerted to weaknesses and will start looking for victims.
To ensure that you stay on top of your updates, organizations should create a patch management program. This is a system of monitoring updates and placing someone in charge of the patch process.
4. Data backup
Organizations should back up their sensitive data often to mitigate the risk of data loss.
Data loss can occur in several ways, but the biggest threat is ransomware. The malware encrypts organizations’ data and demands a payment be made to regain access. However, organizations that have offline backups can restore their data without having to negotiate with attackers.
Backups are also helpful in the event that systems are corrupted or if employees lose information.
5. Staff awareness training
An organization’s employees are its last line of defence. Although technology and policies can help mitigate the risk of cyber attacks, organizations rely on its staff to follow the rules and prevent mistakes that could create vulnerabilities.
Organizations that educate their employees on the risks that come with handling sensitive data will bolster their defences and mitigate the risk of cyber attacks.
There are cyber security training courses that cover all manner of threats. With IT Governance’s Complete Staff Awareness E-learning Suite, you’ll receive everything you need in one package.
The suite contains more than a dozen training courses, including topics such as email misuse, social media, phishing and ransomware.
When combined with your continual awareness campaign, these courses will boost your employees’ understanding of a range of topics.
And as an annual package, you can roll courses out throughout the year to keep staff awareness as a central part of your business while avoiding the risk of overloading employees with too much training in one go.