Cyber attacks can take many forms: from malware injection and phishing, to hacking and ransomware. Some types of attacks are more effective than others, but all present a significant - and increasingly unavoidable - business risk.
In order to counteract that risk, it helps to understand the different cyber threats you may face and the various ways criminals might try to cause harm to your business.
What is a cyber attack?
A cyber attack is a malicious attempt by a third party to damage, destroy or alter:
- computer networks
- computer information systems
- computer or network infrastructure
- personal computer devices
Criminals launch cyber attacks for many reasons: to steal money, access financial and sensitive data, weaken integrity or disrupt the operations of a company or an individual. Attacks often result in crimes such as financial fraud, information or identity theft.
Read more about the reasons behind cyber attacks.
Examples of cyber attacks
Cyber attackers use many different methods to try to compromise IT systems. Most common practices are:
- remote attacks on IT systems or website
- unauthorised access to information held on a corporate network or systems
- unauthorised access to data held in third-party systems (eg hosted services)
- system infiltration or damage through malware
- disruption or denial of service that limits access to your network or systems
Attacks can be:
- targeted - where you are singled out because of a specific interest in your business or the attacker has been paid to target you
- un-targeted - where attackers indiscriminately target as many devices, services or users as possible
Find out how cyber attacks work.
Common cyber security threats
Most likely cyber security threats your business may be exposed to include:
- cyber fraud - including phishing, spear phishing, vishing and whaling
- malware attacks - including viruses, worms, trojans, spyware, rootkits, etc
- ransomware attacks
- drive-by downloads
- hacking - including distributed denial-of-service attacks (DDoS), keylogging, etc
- password decryption
- out-of-date, unpatched software
Attackers can use multiple routes, including web, email and malicious files, to exploit different vulnerabilities in your business' systems, networks or processes.
Recently, there has been an increase in malicious cyber activity relating to COVID-19. You should take steps to protect yourself and your business against these threats.
Check NCSC weekly threat reports and the advisory on cyber exploitation of the coronavirus pandemic.
Not all security breaches are the result of hacks or malicious action. Many are due to human error. For example, a member of staff may inadvertently send information to the wrong recipient, lose paperwork or fail to redact personal data.
What is cyber security?
Cyber security is the practice of protecting your computer systems and networks from attacks. It relies on different technologies, processes and controls to reduce the risks of attacks, and protect organisations and individuals from unauthorised exploitation of their computer systems.
You can increase your resilience against online attacks by following best practices for cyber security management, setting up proper controls and implementing common cyber security measures in your business.
Can you avoid cyber attack?
Many attacks can be prevented by following the steps recommended in the UK government's Cyber Essentials scheme. However, not all attacks can be avoided. If you do experience an attack, see how to report a cyber crime.