The most common cyber-attacks

Regularly, we hear about organizations exposed to serious cyber-attacks. The common denominator is that the attacks come surprisingly and unexpectedly on all of them. By being aware of their existence, you can help prevent them happening to you and your business. We gathered a list of the most common cyber-attacks:

1. Malware

Malware is the collective name for a variety of malicious software variants, such as viruses, worms, ransomware, trojans and spyware. It is a type of software designed to gain unauthorized access or to cause damage to a computer. Malware is usually delivered as a link or file via email and requires the user to click on the link or open the file to activate the software.

Malware is the collective name for malicious software variants.

The different types of malware each have their own unique way of causing harm, but all depend on a form of user action. Some are delivered via email via link or file, and others via instant messaging or social media. It is important that organizations are aware of all vulnerabilities to establish an effective line of defense.

2. Ransomware

Ransomware is a malicious software that enables extortion for financial gain. Previously, it was common for ransomware to hit individuals, but increasingly this attack is now affecting organizations and businesses as well.

Ransomware is a malicious software enabling extortion for financial gain.

Links to or files with ransomware are often hidden in emails or web pages that appear to be normal and from a credible sender, usually inside your company. When ransomware is activated (by a user clicking on the link / file), access to files or computer systems is blocked until ransom is paid, most often through anonymous currency such as bitcoin.

Once infected, there is little to do. If the ransom is not paid, you risk not being able to access your files or computer system, that information gets leaked, and downtime for your business. Paying the ransom does not guarantee that the files or access will be restored and hence doing so is seen as a last resort of desperation.

3. Social Engineering

You can have the best security against cyber-attacks, but still be attacked. Social engineering is the art of accessing buildings, systems or data using people (psychological manipulation) over technology. Instead of trying to find a software vulnerability, or using some form of malware, for example, a social engineer may call an employee and pose as one from IT support and try to trick the employee into revealing their password.

Social engineering uses employees to gain access to sensitive information and data.

Once an employee’s password has ended up with a criminal person, that person can look for sensitive information and data. In addition, if the criminal person has obtained an access card or code, they can also enter an office or warehouse for your company, and physically damage or steal assets.

The absolute best way to defend yourself in this area is security awareness training. Employees should be aware that social engineering exists and be familiar with the most used tactics. They can also benefit from having a support network of tech-savvy individuals of which they may inquire in case of any doubt.

4. Phishing

Phishing is a term for digital snooping or “fishing” for sensitive information (such as a password or credit card number). This is done by sending fraudulent communications that appear to come from a reputable source, traditionally via email. Social media has begun to take over email. In such cases, the backers often pretend to be someone you know. Other types of attacks may be via phone or fake software update alerts on web pages, such as a prompt to update your version of Java.

Phishing is a term for digital snooping for sensitive information.

The goal here is also to steal sensitive data or install malicious software on the victim’s machine. Sometimes the attackers are satisfied with obtaining credit card information or other personal information for financial gain. Other times, the goal is to obtain employee login information or other details that can be used to attack a specific company.

Phishing is a common type of cyber-attack that everyone should learn about to protect themselves. Here, too, it is important that employees know that phishing exists and are familiar with the most used tactics.

Knowledge and awareness

In terms of safety, the key is knowledge and awareness among employees. To avoid cyber-attacks, it is extremely important that employees are aware of how they can be tricked, such as through social engineering or phishing, but also that management is aware of the measures that need to be taken to secure the company.

Want to learn more about how our security experts can help you reduce business risk in your business?

Contact us