Cyber attacks can take many forms: from malware injection and phishing, to hacking and ransomware. Some types of attacks are more effective than others, but all present a significant - and increasingly unavoidable - business risk.
In order to counteract that risk, it helps to understand the different cyber threats you may face and the various ways criminals might try to cause harm to your business.
What is a cyber attack?
A cyber attack is a malicious attempt by a third party to damage, destroy or alter:
- computer networks
- computer information systems
- computer or network infrastructure
- personal computer devices
Criminals launch cyber attacks for numerous reasons: to steal money, gain access to financial and sensitive data, weaken integrity or disrupt the operations of a certain company or individual. Attacks often result in crimes such as financial fraud, information or identity theft.
Examples of cyber attacks
Cyber attackers use many different methods to try to compromise IT systems. Most common practices are:
- remote attacks on IT systems or website
- unauthorised access to information held on a corporate network or systems
- unauthorised access to data held in third-party systems (eg hosted services)
- system infiltration or damage through malware
- disruption or denial of service that limits access to your network or systems
Most likely cyber security threats your business may be exposed to include:
- cyber fraud - including phishing, spear phishing, vishing and whaling
- malware attacks - including viruses, worms, trojans, spyware, rootkits, etc
- ransomware attacks
- drive-by downloads
- hacking - including distributed denial-of-service attacks (DDoS), key logging, etc
- password decryption
- out-of-date, unpatched software
Attackers can use multiple routes, including web, email and malicious files, to exploit different vulnerabilities in your business' systems, networks or processes.
Not all security breaches are the result of hacks or malicious action. Many are due to human error. For example, a member of staff may inadvertently send information to the wrong recipient, lose paperwork or fail to redact personal data.
What is cyber security?
Cyber security is the practice of protecting your computer systems and networks from attacks. It relies on different technologies, processes and controls to reduce the risks of attacks, and protect organisations and individuals from unauthorised exploitation of their computer systems.
You can increase your resilience against online attacks by setting up proper controls and implementing common cyber security measures in your business. Many attacks can be prevented by following the steps recommended in the UK government’s Cyber Essentials scheme.
See also cyber security management.