The Most Common Cyber Attacks

In the last three years, reports of UK data breaches reported to the Information Commissioner’s Office have increased by 75%, according to research by risk solutions expertd at Kroll, but just 12% were the result of malicious attacks. 

Cyber attacks are certainly on the rise and over 32% of businesses identified attacks within the last twelve months and 22% of charities report having cyber security breaches or attacks in the last 12 months. 

Protecting Your Organisation

Cyber-attacks can cause significant disruption and damage to even the most resilient organisation. For those that fall victim, the reputational and financial repercussions can be devastating. 

Employees are your weakest link: In fact, human error is to blame for 88% of data breaches in the UK according to research by Kroll. Companies living in fear of a data breach need to look closer to home after new research shows that 88% of UK data loss incidents are caused by human error, not cyber-attacks. The research showed that while data breaches are generally associated with the actions of malicious criminals, this is very rarely the case.

The most common error was to send sensitive data to the wrong recipient: This was the cause of 37% of reported data breaches, with the majority being sent my email. Other common errors included the loss or theft of paperwork, forgetting to redact data or storing data in an insecure location, such as a public cloud server.

The Cyber Essentials Scheme

From 1 April 2020, the five current Cyber Essentials accreditation bodies will be replaced with one Cyber Essentials partner, the IASME Consortium, in order to standardise the certification process. IASME will take over running the Cyber Essentials scheme on behalf of the NCSC (National Cyber Security Centre) and will be responsible for the delivery of the scheme, as well as revising and improving it.

The NCSC is encouraging organisations to continue with their plans to certify or re-certify with their existing certification bodies until 31 March 2020. Organisations that renew within this time frame will have until 30 June 2020 to complete their certification.

 Phishing

There are many types of phishing, including:

  • Vishing: Voice phishing or ‘vishing’ is a type of phishing conducted by phone. Most vishing attempts try to get the victim to reveal information like PINs, payment card details and passwords. Criminals then use those details to access online accounts to steal information or money.
  • Smishing: SMS phishing or ‘smishing’ is becoming a more popular form of phishing, partly because we increasingly rely on smartphones in both our work and personal lives.
  • Spear phishing: Spear phishing is a targeted form of phishing attack, usually conducted to seek financial gain or obtain insider information, where cyber criminals adapt their methods to reach a specific victim. Spear phishing attacks are rarely random, instead, they are most often conducted by perpetrators seeking financial gain or insider information.

DDoS Attacks

What is a DDoS Attack?: A DDoS (distributed denial-of-service) attack attempts to disrupt normal web traffic and take a site offline by overwhelming a system, server or network with more access requests than it can handle. DDoS attacks typically serve one of two purposes:

  • An act of revenge against an organisation.
  • A distraction that allows cyber criminals to break into the organisation while it focuses on restoring its website.

How to Prevent DDoS Attacks: The reputational and financial damage as the result of the service unavailability inflicted by a successful DDoS attack can be severe. Therefore, preventing or at least quickly countering DDoS attacks can be critical for your organisation’s survival.

Regularly testing your IT infrastructure is paramount to keeping your systems secure, and is something any organisation should consider as part of its cyber security strategy.

Computer Viruses

A computer virus is a type of malicious code or program written to alter the way a computer operates. Much like a flu virus, it is designed to spread from one computer to another (but without the user’s knowledge) by:

  • Opening an infected email attachment;
  • Clicking an infected executable file;
  • Visiting an infected website;
  • Viewing an infected website advertisement; or
  • Plugging in infected removable storage devices (e.g. USBs).

GDPR 

GDPR has played a large part in these changes. Three in ten businesses (30%) and over a third of charities (36%) say they have made changes to their cyber security policies or processes as a result of GDPR. Recent findings suggest that GDPR has encouraged and compelled some organisations to engage formally with cyber security for the first time, and others to strengthen their existing policies and processes. 

However, the qualitative findings also highlight that GDPR has had some unintended consequences. It has led some organisations to frame cyber security largely in terms of avoiding personal data breaches. These organisations were less focused on other kinds of breaches or attacks, and typically had a narrower set of technical controls in place.

GDPR appears to have had a positive impact on cyber security to date, but to make progress organisations may need to think more holistically about the issue.

There is still more that organisations can do to protect themselves from cyber risks. This includes taking important actions that are still relatively uncommon, around board-level involvement in cyber security, monitoring suppliers and planning incident response.

ITGovernance:          Decison Marketing:         ITGovernance:     Gov.UK:

You Might Also Read: 

A Guide To Preventing Charity Cybercrime:

 

 

 

« Cyber Security Strategy In The Digital Age
UK Government: Mobile Devices Lost & Stolen »

Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

WEBINAR: How to build an effective Cloud Threat Intelligence program in the AWS Cloud

WEBINAR: How to build an effective Cloud Threat Intelligence program in the AWS Cloud

Thursday, Jan 28, 2021 - Join this webinar to learn how to improve your Cloud Threat Intelligence (CTI) program by gathering critical cloud-specific event data in the AWS Cloud.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

6cure

6cure

The 6cure Threat Protection solution eliminates malicious traffic to critical services in real time and protects against DDoS attacks.

Telia Cygate

Telia Cygate

Cygate are specialists in information security, data networks, and data centre and cloud technologies.

FaceFirst

FaceFirst

FaceFirst provide face recognition technology solutions to detect and deter real time threats,

North American Electric Reliability Corporation (NERC)

North American Electric Reliability Corporation (NERC)

NERC is a not-for-profit international regulatory authority whose mission is to assure the reliability and security of the bulk power system in North America.

CyberGhost

CyberGhost

CyberGhost is a Virtual Private Network services provider offering secure encrypted access to the internet.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

iHLS Startups Accelerator

iHLS Startups Accelerator

iHLS Accelerator is the first startup accelerator in the world in the security and homeland security field.

CyberWhite

CyberWhite

CyberWhite is a disruptive provider of cyber security and risk mitigation solutions.