WHAT ARE THE MOST COMMON TYPES OF CYBER ATTACKS?

Kirjoittanut Henning Gaalaas | 8. lokakuuta 2020

On a daily basis, we read the news about large and small organizations that are exposed to serious cyber attacks. The common denominator is that the attacks come just as surprisingly and unexpectedly on all of them. Below you can read more about the most common types of cyber attacks that can hit your business. 
 
1. Malware 
Malware is the collective name for a variety of malicious software variants, such as viruses, worms, ransomware, trojans and spyware. It is a type of software designed to gain unauthorized access or to cause damage to a computer. Malware is usually delivered as a link or file via email and requires the user to click on the link or open the file to activate the software. 
 
The different types of malware each have their own unique way of causing havoc, but all depend on a form of user action. Some are delivered via email through a link or file and others via instant messaging or social media. It is important that organizations are aware of all vulnerabilities in order to establish an effective line of defense. 
 
2. Ransomware 
Ransomware is a type of malware, which is a malicious software that enables extortion for financial gain. Previously, it was common for ransomware to hit individuals, but increasingly this attack is now affecting organizations and businesses as well. 
 
Links to or files with ransomware are often hidden in emails or web pages that appear to be normal and from a credible sender, usually inside your company. When ransomware is activated (by a user clicking on the link / file), access to files or computer systems is blocked until ransom is paid, most often through anonymous currency such as bitcoin. 
 
Once infected, there is little to do. If ransom is not paid, you risk not being able to access your files or computer system, that information is going astray and downtime for your business. Paying ransom does not guarantee that the files or access will be restored. 
 
If you have to choose whether or not to pay the ransom, it is usually already too late. 
 
3. Social Engineering 
You can have the best security against cyber-attacks, but still be attacked. Social engineering is the art of accessing buildings, systems or data using people (psychological manipulation) over technology. Instead of trying to find a software vulnerability, or using some form of malware, for example, a social engineer can call an employee and pose as one from IT support and try to trick the employee into revealing their password. 
 
Once an employee's password has ended up with a criminal person, that person can look for sensitive information and data. In addition, if the criminal person has obtained an access card or code, he or she can also enter an office or warehouse for your company and physically damage or steal assets. 
 
The absolute best way to defend yourself in this area is security awareness training. Employees should be aware that social engineering exists and be familiar with the most commonly used tactics. 
 
4. Phishing 
Phishing is a term for digital snooping or "fishing" for sensitive information (such as a password or credit card number). This is done by sending fraudulent communications that appear to come from a reputable source, traditionally via email. Social media has begun to take over email. In such cases, the backers often pretend to be someone you know. Other types of attacks may be via phone or fake software update alerts on web pages (eg. java, flash, etc.). 
 
The goal here is also to steal sensitive data or install malicious software on the victim's machine. Sometimes the attackers are satisfied with obtaining credit card information or other personal information for financial gain. Other times, the goal is to obtain employee login information or other details that can be used to attack a specific company. 
 
Phishing is a common type of cyber-attack that everyone should learn about to protect themselves. Here, too, it is important that employees are aware of the fact that phishing exists and are familiar with the most commonly used tactics. 
 
Knowledge and awareness 
In terms of safety, the key is knowledge and awareness among employees. In order to avoid cyber-attacks, it is extremely important that employees are aware of how they can be tricked, such as through social engineering or phishing, but also that management is aware of the measures that need to be taken to secure the company. 
 
Want to learn more about how our security experts can help you reduce business risk in your business? You are welcome to contact our local team of experts.