The Most Common Cyber Attacks

In the last three years, reports of UK data breaches reported to the Information Commissioner’s Office have increased by 75%, according to research by risk solutions expertd at Kroll, but just 12% were the result of malicious attacks. 

Cyber attacks are certainly on the rise and over 32% of businesses identified attacks within the last twelve months and 22% of charities report having cyber security breaches or attacks in the last 12 months. 

Protecting Your Organisation

Cyber-attacks can cause significant disruption and damage to even the most resilient organisation. For those that fall victim, the reputational and financial repercussions can be devastating. 

Employees are your weakest link: In fact, human error is to blame for 88% of data breaches in the UK according to research by Kroll. Companies living in fear of a data breach need to look closer to home after new research shows that 88% of UK data loss incidents are caused by human error, not cyber-attacks. The research showed that while data breaches are generally associated with the actions of malicious criminals, this is very rarely the case.

The most common error was to send sensitive data to the wrong recipient: This was the cause of 37% of reported data breaches, with the majority being sent my email. Other common errors included the loss or theft of paperwork, forgetting to redact data or storing data in an insecure location, such as a public cloud server.

The Cyber Essentials Scheme

From 1 April 2020, the five current Cyber Essentials accreditation bodies will be replaced with one Cyber Essentials partner, the IASME Consortium, in order to standardise the certification process. IASME will take over running the Cyber Essentials scheme on behalf of the NCSC (National Cyber Security Centre) and will be responsible for the delivery of the scheme, as well as revising and improving it.

The NCSC is encouraging organisations to continue with their plans to certify or re-certify with their existing certification bodies until 31 March 2020. Organisations that renew within this time frame will have until 30 June 2020 to complete their certification.

 Phishing

There are many types of phishing, including:

  • Vishing: Voice phishing or ‘vishing’ is a type of phishing conducted by phone. Most vishing attempts try to get the victim to reveal information like PINs, payment card details and passwords. Criminals then use those details to access online accounts to steal information or money.
  • Smishing: SMS phishing or ‘smishing’ is becoming a more popular form of phishing, partly because we increasingly rely on smartphones in both our work and personal lives.
  • Spear phishing: Spear phishing is a targeted form of phishing attack, usually conducted to seek financial gain or obtain insider information, where cyber criminals adapt their methods to reach a specific victim. Spear phishing attacks are rarely random, instead, they are most often conducted by perpetrators seeking financial gain or insider information.

DDoS Attacks

What is a DDoS Attack?: A DDoS (distributed denial-of-service) attack attempts to disrupt normal web traffic and take a site offline by overwhelming a system, server or network with more access requests than it can handle. DDoS attacks typically serve one of two purposes:

  • An act of revenge against an organisation.
  • A distraction that allows cyber criminals to break into the organisation while it focuses on restoring its website.

How to Prevent DDoS Attacks: The reputational and financial damage as the result of the service unavailability inflicted by a successful DDoS attack can be severe. Therefore, preventing or at least quickly countering DDoS attacks can be critical for your organisation’s survival.

Regularly testing your IT infrastructure is paramount to keeping your systems secure, and is something any organisation should consider as part of its cyber security strategy.

Computer Viruses

A computer virus is a type of malicious code or program written to alter the way a computer operates. Much like a flu virus, it is designed to spread from one computer to another (but without the user’s knowledge) by:

  • Opening an infected email attachment;
  • Clicking an infected executable file;
  • Visiting an infected website;
  • Viewing an infected website advertisement; or
  • Plugging in infected removable storage devices (e.g. USBs).

GDPR 

GDPR has played a large part in these changes. Three in ten businesses (30%) and over a third of charities (36%) say they have made changes to their cyber security policies or processes as a result of GDPR. Recent findings suggest that GDPR has encouraged and compelled some organisations to engage formally with cyber security for the first time, and others to strengthen their existing policies and processes. 

However, the qualitative findings also highlight that GDPR has had some unintended consequences. It has led some organisations to frame cyber security largely in terms of avoiding personal data breaches. These organisations were less focused on other kinds of breaches or attacks, and typically had a narrower set of technical controls in place.

GDPR appears to have had a positive impact on cyber security to date, but to make progress organisations may need to think more holistically about the issue.

There is still more that organisations can do to protect themselves from cyber risks. This includes taking important actions that are still relatively uncommon, around board-level involvement in cyber security, monitoring suppliers and planning incident response.

ITGovernance:          Decison Marketing:         ITGovernance:     Gov.UK:

You Might Also Read: 

A Guide To Preventing Charity Cybercrime:

 

 

 

« Cyber Security Strategy In The Digital Age
UK Government: Mobile Devices Lost & Stolen »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Libraesva

Libraesva

Libraesva specialize in Email Security. From Email Security, Phishing Awareness and Email Archiver. We can assist you with any email issues you may have.

8MAN

8MAN

8MAN is a leading Access Rights Management (ARM) solution in Microsoft and virtual server environments.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

Tarian Underwriting

Tarian Underwriting

Tarian Underwriting is a specialist provider of tailored insurance solutions for cyber and technology risks.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

Conatix

Conatix

Conatix was formed to apply recent advances in AI and other fields of technology to insider fraud, one of the most intractable problems in cybersecurity.

Protected Media

Protected Media

Protected Media’s advanced cybersecurity ad fraud solution guards you against current and emerging threats across Connected TV, Display and Video advertising.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

4Securitas

4Securitas

4Securitas is an innovative cyber security firm focused on protecting critical data at the core of every organisation.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

Trenton Systems

Trenton Systems

Trenton Systems are committed to providing high-performance computing solutions to customers running mission-critical applications in harsh settings worldwide and across various industries.

NetGain Technologies

NetGain Technologies

NetGain Technologies helps small to medium-sized businesses gain access to expert IT talent. We provide strategies that use technology as a driving force behind business growth.