Share this Blog post
The digital world has opened up vast opportunities for businesses, allowing companies to scale-up at speed without high costs and tap into markets at home and right around the world. It lets staff work from wherever they want, and even entire enterprises can be remote and work from different countries. But the ease and advantages often come at a cost because the threats of cyber attacks and other nefarious activities online are all too real, crippling companies large and small and causing them untold misery as well as putting them at risk of sizeable fines.
Cyber attacks are so common and widespread that the former head of Cisco, John Chambers, has said: “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” It is happening all the time with hackers trying to gain entry to all kinds of systems and steal their data, aiming to sell it on or hold the company to ransom for enormous sums.
And it’s such a pervasive and unrelenting problem that it's been estimated that cybercrime will cost companies $6 trillion by 2021 globally, a doubling of losses and damages at the hands of online criminals in 2015 — and UK firms are among those that are the worst-affected financially.
According to IBM's Cost of a Data Breach Report 2020, the global average total cost of a cybersecurity incident in 2020 is $3.86 million — it typically takes 280 days for firms to realise they're being attacked and to try contain it (that's around nine months).
Then there's the reputational damage that cyber-attacked firms suffer, as customers wonder if their data will ever be safe with them again, not to mention fines that can be astronomical for failing to protect personal information stored and used digitally. In the UK and across Europe, penalties fall under the General Data Protection Regulation, which sets out a maximum fine of €20 million (£18 million) or 4% of annual turnover — whichever is larger — for data breaches.
Common Cyber Attacks
The need for vigilance and robust cyber security services has never been greater, and the different ways that criminals aim to get hold of companies' data, as well as trying to disrupt their operations, are growing. Here are some of the most common.
One malicious way that people or groups try to extract information — and cash — from companies is to deploy malware, which is a broad term covering everything from viruses to worms, spyware and more. These pieces of destructive software are typically unleashed when someone clicks on a link or attachment in an email sent to them, and then they bore into the system and spread all around it. They can be hard to locate and kill off, especially if they're new and antivirus or antimalware scanning software hasn't yet been updated to detect and destroy them. Malware can do various things in a system, including sending information from a hard drive, blocking accesses to parts of a network and making the system inoperable — at which point you might receive a hefty ransom demand to unlock it.
When hackers want to bring a network to a halt, they frequently opt for a denial-of-service (DoS) attack. They're not aiming to steal any data, but to disrupt operations so that most people are unable to gain access to their online offerings. It's carried out with an army of computers — some of which may have been unwittingly commandeered or hijacked (“zombie computers”) — so that too much traffic is sent to servers at once and they typically crash. Reasons for carrying out such attacks are often political and also due to hacktivism, and many companies that are hit believe it's their competitors behind them.
Another common cyberthreat is phishing, which can seem similar to malware. It usually involves a criminal sending an email that resembles official mails from an institution like a bank, complete with its logo, font, style of writing and other elements designed to hoodwink the recipient into thinking it's real. Most often, with phishing, criminals are looking for credit-card details and passwords, and they may get them if you click on a link contained in the fake email. They can be hard to recognise as attacks because they're trying to dupe you into thinking it's something urgent you have to do — for example, to protect your bank account when the opposite is happening.
A man-in-the-middle attack happens when a cybercriminal breaches communications between a user and a server and steals information. They most frequently occur when using unsecured wifi connections, such as those that are available for free at cafés, airports and other public places, and the user will be unaware that the attacker is accessing their data. Such attacks also involve criminals installing software on the victim's computer that's used to find and steal personal information. One way to avoid man-in-the-middle attacks is to never use public wifi.
Also known as a drive-by download, a drive-by attack is where criminals can access a vulnerability in a website and install malicious code. It's so named because there's nothing to click on to activate the code so that it installs on your hard drive — just visiting and looking at a webpage is sufficient to cause infection, and you have no idea it's happening as you scroll down. Ways to prevent drive-by attacks from happening include updating your browser and any plug-ins you use and never using out-of-date operating systems.
This type of cyber-attack happens when someone inserts or "injects" malicious code into an SQL database storing large amounts of information. The criminal can then read the data and do a number of other things, possibly even taking control of some elements of the operating system by using various kinds of commands. Hackers may alter the data, by changing transactions and balances, and they can also encrypt the database information so that a company can't use it or threaten to destroy it — in both instances, they most likely will issue a ransom demand.
These are just some of the cyber-attacks playing out every day. Others include password, eavesdropping, birthday and cross-site scripting attacks. It’s a lot for one company or organisation to keep up with so they don’t fall victim and suffer reputational and financial harm — twice, once at the hands of cybercriminals and again due to official fines.
It's a sure bet that hackers are dreaming up ever more elaborate attacks and scams, meaning no company can afford to go without the best cyber security services they can get.
How We Can Help
Stay on top of the latest cybersecurity threats to your network by getting a free consultation with the experts at ITRM today and ensuring you’re as secure as possible.