What is a Cyber attack & are you Prepared?
Posted By: Helen Monday 7th October 2019 Tags: cryptojacking, cyber secure, Cyber Security, denial of service, malware, man in the middle, phishing, sql injection, trojan, wannacry, worm, zero day exploitsOctober is Cyber Security month and naturally at LaneSystems we are discussing this both internally and with our clients external audiences. Today we are looking at what a cyber attack is and how you can be prepared for this.
What exactly is a Cyber attack?
This is an attempt by hackers to damage or even destroy a computer system or network.
How would this affect my business?
If your system is damaged it has to be fixed. Depending on the level of damage this could take time meaning you will not have access to the systems and data you need to function. The costs attached to any damage could be quite high. Not only will you be taking time out of the business to solve the issue, you’ll potentially receive a hefty invoice also. Should systems be completely damaged, the effects could see closure of a company. Scary but true.
Are there different types of Cyber attacks?
It’s likely you’ve heard of some, but not all of these terms. To learn more about Phishing, please visit one of our previous blogs 6 Phishing Attack Examples. This post is ideal for sharing with your team and educating them on what to look for.
To date we know of seven attacks:
- Malware
- Phishing
- Denial of Service
- Man in the Middle
- Cryptojacking
- SQL Injection
- Zero-Day Exploit
Let’s give a brief overview of each one;
Malware: Otherwise known as ‘Malicious Software’, this type of attack is designed to damage a single computer, computer network or server. Common terms include ‘Worms, Viruses & Trojans’. By reproducing and spreading fast a computer or network can be brought down almost instantly. From here, the hacker has full control of the system.
Phishing: Used in the form of emails, attackers have the ability to create emails with the desired results of gaining confidential information. Hackers target company employees, higher management and even individuals outside of a business. See our phishing blog for further details.
Denial of Service: As it states, this cyber security attack is created to halt the use of online services. Hackers achieve this by sending too much traffic to a website, thus causing the system to choke under such pressure.
Man in the Middle: Now this one is particularly sneaky. By posing as a particular network of authority, such as a hotel, bank, paypal or Amazon, attackers create a login screen that looks the mimics the original. Some of these look extremely convincing, but once you’ve logged in, a hacker has access to all of your personal information, potentially including bank details.
Cryprojacking: Through the installation of malware an attacker has the ability to take over your computer whilst generating cryptocurrency.
SQL Injection: Taking control of a victims database gives someone access to everything. By writing specific code to request particular information from a database (name and address or bank details), if not programmed correctly, these commands could be met.
Zero day Exploits: These are vulnerabilities in software that have yet to be fixed. Unfortunately, attackers gain access to techniques on how to hack vulnerabilities via the dark web.
So what exactly does a Cyber Security attack look like? Think back to 2017. Do you remember hearing about the NHS and how they had been hacked? Let’s investigate further.
This was basically a ransom attack. Hackers took over infected computers and encrypted everything in their hard drives. From here, bitcoin payments were demanded in order to decrypt them once again. The particularly frightening aspect of WannaCry was the fact that a vulnerability had been detected in Microsoft Windows. Because the NHS was not running the most up to date version, attackers were able to get in.
10 Tips on Preventing a Cyber Attack
- Identify Threats
- Be Aware of Cyber Crimes
- Monitor Employees
- Use Two-Factor Authentication
- Conduct Audits Regularly
- Adopt a Strong Sign-Off Policy
- Protect Important Data
- Carry out Risk Assessments
- Obtain the Right Insurance
- Be Knowledgeable About Risk Factors
Whilst this is a lot of information to actively be aware of, it’s most certainly a necessity. Should you not currently have the resources in-house to handle the ten points we have discussed, consider outsourcing Cyber Security. This cost effective method of IT support could save your company in the long run.