Over the past decade, the shift to a digital first world has become of increased importance. Organisations who have not got on board with the digital revolution have found themselves rapidly left behind and less-equipped to meet client needs compared to competitors.
In fact, statistics show that 93% of organisations now use cloud technology in everyday business operations. However, as organisations have moved to an almost completely digital environment, cyber criminals have found many opportunities to take advantage of the shifting landscape, with a ransomware attack happening once every 10 seconds across the world.
These attacks are becoming increasingly sophisticated and are indiscriminate, leaving even the smallest of organisations at risk. Below, we will take a look at the most common types of cyber security threats and how risk against each one can be mitigated.
Phishing
Differentially to the leisure activity fishing, a phishing attack is a sophisticated type of cyber threat where cyber criminals draw out personal information from unsuspecting people who give over their information freely.
Phishing attacks are usually disguised as emails that look like they have come from the internal network or from someone the receiver knows, such as a friend or colleague. The cyber criminal will do their research across social media to find out any personal information they can to make the request for information seem realistic.
Once the cyber criminal gains access to the data they need, they will use it to enter the internal network, which then comprises the entire internal infrastructure of the organisation, depending on the level of access the hacker gains.
How to mitigate the risk of phishing attacks
Some of the ways a phishing attack can be prevented includes:
- Organisation wide training to educate employees on the types of phishing emails that can be received and how to recognise them.
- Limiting access for applications to strictly only the people who need access.
- Deploying multi-factor authentication for all employees to be able to gain access to the internal network.
- Monitoring internal usage
- Use a VPN to keep internet usage private. Choose a reputable provider like Perimeter 81 Business VPN for this.
DDoS Attack
A DDoS attack stands for distributed denial-of-service and happens when an attacker attempts to disrupt normal web traffic by flooding a system, server, or network with more requests than it can handle, leading for it to crash.
This essentially takes the organisation offline for as long as it takes for the provider to remedy the situation, potentially costing millions for companies who rely on online transactions or operations. Some of the most famous DDoS attacks include:
- The Google attack in 2020
- The Mirai DYN DDoS attack in 2016
- The six banks DDoS attack in 2012
- The GitHub attack in 2018
How to mitigate the risk of DDoS attacks
DDoS attacks can happen indiscriminately on any organisation. However, the likelihood of them being successful can be reduced by implementing the following:
- Deploy a firewall and intrusion system software.
- Use anti-virus and anti-malware software on all company devices
- Limit or turn of broadcast forwarding within your network
- Disable IoT devices where possible
Cryptojacking
The world of crypto currencies is still very much the tip of the iceberg when it comes to how much organisations know about using cryptocurrencies and how they can be utilised. This makes organisations dipping their toe in the water a prime victim for cryptojacking.
Cryptojacking is a type of cyber attack where malicious users mine cryptocurrency using the processing power of someone else’s device. The effects of cryptojacking include slowing down the cyber victim’s device, rendering the device unusable, overheating the battery, increased energy consumption and loss of activity.
All of the above could have monumental consequences if enough devices were affected within an organisation.
How to mitigate the risk of cryptojacking
- Install anti-virus and malware protection software on all devices within the organisation
- Avoid websites that are notorious for running cryptojacking scripts
- Disable JavaScript in your browser
- Use effective ad blockers in your browser
Malware attack
A malware attack is one of the most common types of cyber attack, in which a malicious software such as spyware, ransomware, viruses or worms are sent to a device. Malware can become activated when a user clicks on a malicious link, opens an email attachment or downloads something malicious from online.
The consequences of a malware attack on an organisation can be catastrophic and can include:
- Blocked access to key network components
- The installation of additional harmful software
- Covertly obtaining sensitive information by transmitting data from the hard drive
- Disrupts individual parts, making the system inoperable
How to mitigate the risk of a malware attack
Malware attacks can easily be prevented by deploying the following activities:
- Install antivirus or anti-malware software
- Deploy device level protection
- Network level protection
- Server level protection
Overall, there are many types of cyber-attacks that can take place indiscriminately on any organisation, no matter the size. Often, smaller organisations can be left as the low hanging fruit, without the right protection, making them an ideal target for cyber criminals.
The first step in overcoming cyber security threats is educating employees on the types of cyber attacks out there and how they can easily be avoided, as well as deploying the right cyber security software to protect your organisation.
