Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Common types of cyber-attacks and how to avoid them

Written by  Guest Contributor: Colin Marks - Cyber Security Specialist Jun 09, 2020

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real.

Compared to large businesses, small and medium-sized businesses are at a greater risk of being attacked, owing to the fact that they lack extensive security measures and policies to prevent these attacks from happening.

This article covers the four most common cyber-attacks and offers expert tips on how to avoid them.

Phishing
Email phishing

Despite being one of the oldest forms of cyber-attacks, email phishing is still alarmingly successful. Research shows that it accounts for 80% of all cyber-attacks.

What is email phishing? Typically, this is an attack that occurs when someone poses as a trusted source, for instance, a colleague. This person sends a malicious email that tricks you into downloading malware or giving away vital data.

There are two kinds of email phishing, namely spear phasing, and whaling. Spear phishing is more targeted compared to whaling, in that it is designed to target a specific user. Hackers usually do tons of research about an individual on their social media profile or company website before sending out an email.

Advertisement
Cybersecurity Essentialsamazon uk

One of the most popular examples of spear-phishing is the attacks on Hillary Clinton’s presidential campaign in 2016 (BBC Report), where staffers received emails with links to a document dubbed ‘Hilary Clinton’s favourable ratings.’ Anyone who opened it was redirected to a site that stole their personal data.

Whaling is much like spear phishing, but instead of the email coming from a colleague, it comes from a senior. More about phishing...

Businesses can avoid email phishing by:

  • Training their employees on how to spot emails from dubious sources. Teach your employees how to scrutinise email addresses and their contents. Mostly, scammers use poor English, and their emails are likely to have plenty of grammatic mistakes. Also, they are not likely to address you by your name and might refer to you as ‘friend’ or ‘colleague’.
  • Using the latest software to deal with any malicious links and prevent phishing emails from reaching users.
  • Backing up data to avoid losing everything in case a hacker erases or interferes with it.
  • Avoid giving out sensitive business or personal information.

malware 450
Malware

Malware is short for malicious software. It refers to software that can easily access, destroy, or disrupt your computer without your knowledge.

Malware can be used to spy on you, delete files, or install more malware on your computer. Spyware, viruses, and trojan horses are all types of malware that could potentially infect your computer when you:

  • Open email attachments that contain malware.
  • Download software that contains malware.
  • Opening links or clicking pop-up windows that might cause malware to start downloading.
  • Visit an infected website or blog.

To avoid malware:

  • Invest in anti-malware software and keep it up-to-date
  • Always scan physical media such as flash drives before using them to ensure that they are not infected.
  • Avoid clicking suspicious links and adverts.
  • Encourage employees to use up to date browsers that block pop-up windows

Ransomware
Ransomware

Although ransomware is a type of malware, we’ve put it under a different category, primarily due to its slightly different approach. This type of malware, instead of just infecting your computer, also encrypts your files. This, in turn, allows an attacker to hold your data hostage and demand a ransom to restore access to the data.

Ransomware might access your computer using the following methods:

  • Email phishing whereby you open an attachment in an email. Once you download and open the file, it ends up taking over your computer as most ransomware files have built-in tools that trick you into allowing administrative access.
  • Manipulating security gaps in your network and infecting your computer without needing to trick you into allowing administrative access.

Advertisement
Preventing Ransomware: Understand, prevent, and remediate ransomware attacksamazon uk

Individuals and businesses alike can prevent ransomware by:

  • Installing antivirus software that detects malicious programs and software.
  • Keeping their operating systems up-to-date and patched to seal off any security loopholes that hackers might exploit
  • Avoiding giving software any administrative permissions unless it is from a trusted source
  • Backing up files and all data to minimise the effect of ransomware attacks

Ses our article on ransomware for further information.

Watering hole attack

A watering hole attack is also a malware attack. In this attack, the attacker’s aim is to compromise an end-user or a group of end-users by infecting a website that they visit regularly. The most common targets of watering hole attacks are employees of large enterprises and government entities.

Usually, an attacker identifies and profiles their target to determine the sites that they visit regularly. The hacker then looks for vulnerabilities in these sites and injects malicious code into them. The chief goal is to infect the site then gain access to a company’s data and network once the target visits the site on a work computer.

remote workerAlso see: Beware of security threats before deploying remote working

Though watering hole attacks are not that common these days, they are dangerous because they are harder to detect. Thus, they can expose your business to considerable data theft and damage.

Businesses can prevent watering hole attacks by:

  • Educating their employees about the existence of such attacks.
  • Blocking traffic to all websites that they discover to have been infected.
  • Configuring browsers to make it easy to notify users about “bad’” websites.
  • Regularly inspecting the popular websites that employees visit for malware.

In addition to these measures, bigger businesses should consider bringing in cyber-security specialist recruiters to help with the process of employing cyber-security experts to your business, which will in turn help to keep systems secure and safe. Having an expert makes it easy to monitor the most visited sites, as well as the company’s network for any vulnerabilities that hackers might exploit.

It can be quite challenging to eliminate all cyberattacks. However, by investing in cybersecurity software and employing security experts, your company can avoid almost all dangerous attacks.

Educate your employees about the cyber-attacks discussed above, as well as how to avoid them. Also, always set aside a budget for cyber-attack prevention, which you can use to buy antivirus software, and take other security measures. 

We hope you find this advice useful and if you wish to comment please do so below...


Advertisement

Popular Cyber News

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

Jul 23, 2020 Cyber Security

Many cyber attacks on UK sports industry says report

At large percentage of sporting institutions, organisations and teams in the UK have suffered a security incident in the...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Apr 16, 2020 Cyber Security

Cybersecurity lessons to be learnt from the Pandemic

It may not be obvious, but the spread of information on computer networks is like disease processes. ...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Jun 06, 2020 Cyber Security

Phishing attacks on companies using PBX systems increases dramatically

While video conferencing solutions have become the prime targets for hackers recently following the shift to remote work...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Apr 13, 2020 Cyber Security

Under half of UK businesses provide cybersecurity training: Kapersky

If businesses want to seriously wan to reduce he risk of data breaches and remains secure, they must commit to employee ...

Apr 17, 2020 Cyber Security

SonicWall launches boundless cyber security platform

SonicWall has released a new boundless cyber security platform to protect companies and government agencies remote workf...

Jun 11, 2020 Cyber Security

UK government to fund nine cyber security projects

The government is to invest £10m through March 2024 from various sources to fund nine academic cyber security projects ...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Advertisement
Symantec Home 120x60

Advertisement