The Most Common Cyber Attacks

Uploaded on 2020-03-13 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In the last three years, reports of UK data breaches reported to the Information Commissioner’s Office have increased by 75%, according to research by risk solutions expertd at Kroll, but just 12% were the result of malicious attacks. 

Cyber attacks are certainly on the rise and over 32% of businesses identified attacks within the last twelve months and 22% of charities report having cyber security breaches or attacks in the last 12 months. 

Protecting Your Organisation

Cyber-attacks can cause significant disruption and damage to even the most resilient organisation. For those that fall victim, the reputational and financial repercussions can be devastating. 

Employees are your weakest link: In fact, human error is to blame for 88% of data breaches in the UK according to research by Kroll. Companies living in fear of a data breach need to look closer to home after new research shows that 88% of UK data loss incidents are caused by human error, not cyber-attacks. The research showed that while data breaches are generally associated with the actions of malicious criminals, this is very rarely the case.

The most common error was to send sensitive data to the wrong recipient: This was the cause of 37% of reported data breaches, with the majority being sent my email. Other common errors included the loss or theft of paperwork, forgetting to redact data or storing data in an insecure location, such as a public cloud server.

The Cyber Essentials Scheme

From 1 April 2020, the five current Cyber Essentials accreditation bodies will be replaced with one Cyber Essentials partner, the IASME Consortium, in order to standardise the certification process. IASME will take over running the Cyber Essentials scheme on behalf of the NCSC (National Cyber Security Centre) and will be responsible for the delivery of the scheme, as well as revising and improving it.

The NCSC is encouraging organisations to continue with their plans to certify or re-certify with their existing certification bodies until 31 March 2020. Organisations that renew within this time frame will have until 30 June 2020 to complete their certification.

 Phishing

There are many types of phishing, including:

  • Vishing: Voice phishing or ‘vishing’ is a type of phishing conducted by phone. Most vishing attempts try to get the victim to reveal information like PINs, payment card details and passwords. Criminals then use those details to access online accounts to steal information or money.
  • Smishing: SMS phishing or ‘smishing’ is becoming a more popular form of phishing, partly because we increasingly rely on smartphones in both our work and personal lives.
  • Spear phishing: Spear phishing is a targeted form of phishing attack, usually conducted to seek financial gain or obtain insider information, where cyber criminals adapt their methods to reach a specific victim. Spear phishing attacks are rarely random, instead, they are most often conducted by perpetrators seeking financial gain or insider information.

DDoS Attacks

What is a DDoS Attack?: A DDoS (distributed denial-of-service) attack attempts to disrupt normal web traffic and take a site offline by overwhelming a system, server or network with more access requests than it can handle. DDoS attacks typically serve one of two purposes:

  • An act of revenge against an organisation.
  • A distraction that allows cyber criminals to break into the organisation while it focuses on restoring its website.

How to Prevent DDoS Attacks: The reputational and financial damage as the result of the service unavailability inflicted by a successful DDoS attack can be severe. Therefore, preventing or at least quickly countering DDoS attacks can be critical for your organisation’s survival.

Regularly testing your IT infrastructure is paramount to keeping your systems secure, and is something any organisation should consider as part of its cyber security strategy.

Computer Viruses

A computer virus is a type of malicious code or program written to alter the way a computer operates. Much like a flu virus, it is designed to spread from one computer to another (but without the user’s knowledge) by:

  • Opening an infected email attachment;
  • Clicking an infected executable file;
  • Visiting an infected website;
  • Viewing an infected website advertisement; or
  • Plugging in infected removable storage devices (e.g. USBs).

GDPR 

GDPR has played a large part in these changes. Three in ten businesses (30%) and over a third of charities (36%) say they have made changes to their cyber security policies or processes as a result of GDPR. Recent findings suggest that GDPR has encouraged and compelled some organisations to engage formally with cyber security for the first time, and others to strengthen their existing policies and processes. 

However, the qualitative findings also highlight that GDPR has had some unintended consequences. It has led some organisations to frame cyber security largely in terms of avoiding personal data breaches. These organisations were less focused on other kinds of breaches or attacks, and typically had a narrower set of technical controls in place.

GDPR appears to have had a positive impact on cyber security to date, but to make progress organisations may need to think more holistically about the issue.

There is still more that organisations can do to protect themselves from cyber risks. This includes taking important actions that are still relatively uncommon, around board-level involvement in cyber security, monitoring suppliers and planning incident response.

ITGovernance:          Decison Marketing:         ITGovernance:     Gov.UK:

You Might Also Read: 

A Guide To Preventing Charity Cybercrime:

 

 

 

« Cyber Security Strategy In The Digital Age
UK Government: Mobile Devices Lost & Stolen »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Sapphire

Sapphire

Sapphire deliver flexible and scalable cybersecurity solutions, helping organisations to detect, protect, respond and remediate against cyber threats.

National Cyber Security Centre (NKSC) - Lithuania

National Cyber Security Centre (NKSC) - Lithuania

NKSC is the main Lithuanian cyber security institution, responsible for unified management of cyber incidents, monitoring and control of the implementation of cyber security requirements.

Cyber Indemnity Solutions (CIS)

Cyber Indemnity Solutions (CIS)

CIS is an InsurTech company focused on licensing innovative cyber risk insurance solutions to the global insurance industry.

UL

UL

UL is a safety, security and compliance consulting and certification company. Areas covered include cyber security.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

Applied Security (APSEC)

Applied Security (APSEC)

APSEC provides products and services in the areas of encryption, digital signature, authentication and data loss prevention.

PSW Group

PSW Group

PSW Group is a full-service Internet solutions provider with a special focus on Internet security.

Secure Soft

Secure Soft

Secure Soft are experts in Computer and Information Security with a presence in Peru, Colombia and Ecuador.

10dot Cloud Security

10dot Cloud Security

10dot Cloud Security is a security service management company. Our solutions give you contextualised visibility into your network security.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Pires Investments

Pires Investments

Pires is building an investment portfolio of high-tech businesses across areas such as Artificial Intelligence, Internet of Things, Cyber Security and Augmented/Virtual Reality.

CrowdSec

CrowdSec

CrowdSec is an open-source & participative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

Guardian Angel Cyber

Guardian Angel Cyber

Guardian Angel Cyber, is your trusted ally in safeguarding your digital assets and online presence.

CESAR

CESAR

CESAR is one of the premier R+D and innovation centers in Brazil and a designated Cybersecurity Competence Center.

Black Duck Software

Black Duck Software

Black Duck (formerly the Synopsys Software Integrity Group) is the market leader in application security testing (AST).