5 Common Types of Cyber-attacks and How Businesses Can Protect Themselves
In Australia and New Zealand, 52% of organisations have experienced one to four security breaches in the last 12 months and 18% have experienced five or more breaches in that time. This information is according to the 2022 cyber skills gap report published by security firm Fortinet.
“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked”—Richard Clarke, a former counterterrorism expert for the U.S. government
Today, the cyber security landscape is evolving at a rapid pace, and businesses that fail to implement sufficient countermeasures are sailing in cyber-criminal infested waters. With ever-evolving threats and massive data breaches, adopting preventative best practices is a requirement for every business.
According to a forecast by Juniper Research, cyber-attacks will cost global businesses a cumulative total of $8 trillion between 2017 and 2022. During that same time period, the cost of cyber-attacks is estimated to rise 30 percent, while cybersecurity spending will only increase by 8 percent. Are businesses spending more on coffee meetings than on IT security?
Here are five common types of cyber-attacks and how businesses can protect themselves:
1. Password-Based Attacks:
In a password-based attack, hackers use various techniques and tools to get access to usernames and passwords, such as password guessing and password-cracking software.
In late 2015, cyber criminals took advantage of poor password security practices at VTech, a popular online toy company, exposing the personal data of millions of users, including 6.4 million children. These three tips can help you ward off password-based attacks:
- Long Passwords. Cracking a longer password is much tougher than cracking a shorter password.
- Unique Passwords. When creating passwords, use a unique combination of lower-case letters, upper-case letters, numbers, and special characters. Instead of just using letters and numbers, use special characters like @, #, ? or *.
- Secure Passwords. Be vigilant in handling your passwords. The password for your business email account should not be the same as the password for your personal email. Make sure your passwords are kept securely and changed frequently.
2. Denial-of-Service Attacks:
In a denial-of-service attack, scammers send overwhelming quantities of data to a website, rendering it unusable for customers. Instead of buying your products or getting the information they need, users are told the website is unavailable. And when your website is unavailable, you’re losing valuable customers.
Here are some strategies you can use to limit the effects of DoS attacks:
- Constantly monitor traffic, use a traffic-monitoring tool to keep an eye on website or network traffic and detect abnormal occurrences, such as an impromptu spike in traffic. With early detection, you can reduce the effect of a DoS attack.
- Keep your systems up to date. Keep your systems secure by frequently installing the latest updates and security patches on anti-virus, firewall and other intrusion-detection software.
- Be aware, since criminals can also conduct a DoS attack through vandalising a network cable or disconnecting your Internet connection, it’s crucial to frequently monitor your physical connections for any abnormal activity as well.
3. Social Engineering Attacks:
Phishing is the most widely practiced type of social engineering; a victim receives an email alleging to be from a trustworthy entity, but the message is designed to trick the victim to release sensitive information such as passwords and banking details. If you’ve ever received an email from a Nigerian prince, you’ve experienced an attempt at a social engineering attack.
Phishing attacks are on the rise – up 65 percent in 2016, according to the Anti-Phishing Working Group. And it’s working. About 95 percent of all successful cyber-attacks on businesses are due to spear phishing – phishing emails that are tailored to a specific business or person.
- Educate your employees. Creating a security-conscious culture within the workplace can prevent attackers from taking advantage of users’ naiveté and tricking them into divulging sensitive information.
- Implement two-factor authentication. Two-factor authentication means requiring more than just a username and password to access information, adding an additional level such as a physical object, like a card, phone or fob, or a biometric like a fingerprint or voiceprint. This additional level of security means that even if thieves learn your password, they can’t access your data.
- Be cautious. Don’t click on links embedded on emails, unless you are completely sure of their legitimacy. Moreover, check website URLs to make sure there are no slight changes to a domain name that could send you to a scammer’s site.
- Securely dispose of office trash. Do not carelessly discard documents containing confidential business information because they can end up in the wrong hands.
- Use phishing detection tools. Use up-to-date anti-virus software, email filters, firewalls, and other anti-phishing tools from third-party providers to help you detect any suspicious activity.
- Use common sense. If you’ve received an email message promising hefty returns by acting fast, think twice before responding. If you’ve never applied for that job or entered that sweepstakes, why should you respond to that congratulatory message?
4. Man-in-the-middle Attacks
Just like name implies, a man-in-the-middle attack takes place when a hacker inserts himself or herself in a communication session between two parties and eavesdrops or impersonates either party with the intention of stealing sensitive information.
Here are some ways of avoiding man-in-the-middle attacks:
- Pay attention to security certificate warnings: If your browser tells you, “This site’s security certificate is not trusted!” it means the site is insecure and could be prone to a man-in-the-middle attack.
- Prefer HTTPs enabled websites. The ‘S’ at the end stands for “secure,” guaranteeing that communication isn’t seen by third-parties.
- Use secured networks. When using public Wi-Fi networks, use virtual private network (VPN) services to prevent third parties from compromising your communications. Furthermore, install and regularly update anti-virus software to keep your online activities secure and private.
5. Malware Attacks
Malware is short for malicious software, or software designed to destroy or disrupt a computer. Some of the common types of malware include viruses, worms, ransomware, Trojan horses, spyware, and backdoor.
In 2013, ransomware called CryptoLocker, encrypted victims’ files and demanded a ransom to be paid to decrypt them. And, within 100 days, the malware had made millions for its creators.
Here are some ways to prevent malware attacks:
- Browse cautiously. Don’t download suspicious files or open untrusted email attachments. Don’t click on unknown links and avoid visiting unscrupulous websites that can infect your system with malware.
- Use good software. Ensure your system has robust and up-to-date anti-virus software and firewall software installed. Keeping your system updated seals the loopholes hackers can use to inject malware into your system.
- Act quickly. If you detect any signs of malware activity, act fast before the destruction intensifies.
Preventing the Next Attack:
Today’s rapidly evolving cyber-security landscape requires adopting a multi-layered approach that integrates several techniques to mitigate the risk of online fraud.
Cybersecurity is affecting every industry - whether it’s defence, medical, engineering or professional services. Cyber skills are critical for the future of Australia.
It is everyone's responsibility and there's a shortage of 7000 Cyber professionals in Australia. One option is to get our work force ready by getting them quickly up-skilled and re-skilled here at home with cybersecurity courses.
Lesley Seebeck, an honorary professor at the Australian National University tells AFR that “..It’s not about doing one course and being qualified - it’s about continuous cybersecurity training - the risk of cyberattacks will continue to increase and change and organisations are going to have to give people time to learn.”
Cybersecurity is not just an IT domain malware protection and isolation or hardware, access controls and isolation. But we must understand that we are all constantly being monitored and tracked on our phones, computers and social media.
New education programs are critical for filling the skills gap in the long-term. Over the past year, NextTech Learning has accelerated efforts to launch new cyber security courses and certifications.
Learn more about a few specific cybersecurity courses:
In the end, I would like to sum up by saying that in current global dynamics, we all require new cyber-awareness skills and behaviours in this the digital age to better understand what appropriate and safe behaviours look like.
Get your team up-skilled on cybersecurity best practice by providing cybersecurity awareness and resilience training for all of your employees.