Understanding The Different Types Of Cyber-Attack
Written by Chris Thornton, 15 January 2016
To protect your small business from cyber-attacks, understanding the types of threat you face should be an important part of your strategy.
Most small businesses don't have the resources to employ an IT team to navigate the ever-changing cyber-security landscape. Without a dedicated set of eyes, small business owners often overlook the threat posed by malicious online entities.
From phishing scams to DDOS attacks, as new technologies emerge, so does the ability of hackers to exploit their weaknesses. Security measures which once were effective, could now be a liability - if you think your network is safe and secure, it might be time to take a closer look...
The Threat Landscape
As a small business, the best way to start your cyber-security plan, is by examining and understanding how cyber-attacks manifest in the workplace.
Malware has become a catch-all for a range of cyber-threats, including, viruses, spyware, trojans and worms. While the effects of these vary, essentially, malware is any software with malicious intent for your device or computer.
Warning signs: The majority of malware attacks manifests as attachments, or links to downloads which, once installed, wreak havoc. Since malware works to conceal itself, it's easy to be tricked into downloading it.
- Help employees identify risky links and attachments.
- Ensure your firewall and antivirus defences are strong enough to repel threats.
A phishing attack is a request for data or information from what looks like a trusted source, but is actually an attempt to trick users into handing over entering sensitive information, or clicking a malicious link. The famous Sony 'hack' last year, was the result of phishing.
Warning signs: Everyone believes they can recognise clumsy 'phishing' emails - but sophisticated attacks rely on complacent users failing to closely examine their origins. While some display linguistic or visual irregularities, other phishing attacks are harder to identify.
- Always verify the sender address of suspicious emails.
- Remember, almost all companies will never ask for sensitive account information.
- Type company web addresses in, rather than clicking links contained in emails.
Perhaps the most preventable type of cyber-attack, password hacking is simply the act of guessing a password. Lots of software platforms use readily available emails as usernames, meaning a password is the only line of defence for your data or network.
Warning signs: Guessing a password isn't really an 'attack' in the conventional sense, but relies on the behaviour of employees.
- Ensure employees use secure, suitably complex passwords.
- Emphasise the importance of protecting personal devices from theft.
- Change passwords at regular intervals.
By inundating it with traffic and data, hackers can overload a network and take it offline in a 'distributed-denial-of-service-attack'. In a DOS attack, many businesses simply grind to a halt - with the system unresponsive, hackers can then cause further damage to the system.
Warning signs: SMEs are rarely targeted with this kind of attack, but are no less vulnerable and have fallen victim in the past. Warning signs include large volumes of spam email, slower network speeds and crashed websites.
- Incorporate cloud services into your infrastructure to help mitigate a DOS by scaling up your network's defence when necessary.
- Install dedicated software and hardware to analyse and filter out malicious traffic.
The Biggest Threat: Complacency
The biggest cyber-threat SMEs face, is simply complacency: failing to create a security policy or assuming cyber-attacks are something only enterprise organisations need worry about, are sure-fire ways to not only expose your organisation to threats, but possibly even invite them.
It may seem daunting, but it's important to remember there are efficient, affordable ways to protect your organisation. Educating employees, putting software protection in place, and encouraging sensible cyber-security practice are solid foundations on which to build your company's defences.
To understand more about the different types of cyber-attack that threaten your business, get in touch with Shackleton below!
What Does Your Business Need To Be Secure?
Every business needs a cyber-security policy but understanding the role and function your defences is key to a successful strategy...
Is Your Company Open To Cyber-Attack?
Cyber-security isn't just a concern for large enterprise. With thousands of small businesses at risk, should your organisation be worried about online threats?