The Most Common Cyber Attacks

Uploaded on 2020-03-13 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In the last three years, reports of UK data breaches reported to the Information Commissioner’s Office have increased by 75%, according to research by risk solutions expertd at Kroll, but just 12% were the result of malicious attacks. 

Cyber attacks are certainly on the rise and over 32% of businesses identified attacks within the last twelve months and 22% of charities report having cyber security breaches or attacks in the last 12 months. 

Protecting Your Organisation

Cyber-attacks can cause significant disruption and damage to even the most resilient organisation. For those that fall victim, the reputational and financial repercussions can be devastating. 

Employees are your weakest link: In fact, human error is to blame for 88% of data breaches in the UK according to research by Kroll. Companies living in fear of a data breach need to look closer to home after new research shows that 88% of UK data loss incidents are caused by human error, not cyber-attacks. The research showed that while data breaches are generally associated with the actions of malicious criminals, this is very rarely the case.

The most common error was to send sensitive data to the wrong recipient: This was the cause of 37% of reported data breaches, with the majority being sent my email. Other common errors included the loss or theft of paperwork, forgetting to redact data or storing data in an insecure location, such as a public cloud server.

The Cyber Essentials Scheme

From 1 April 2020, the five current Cyber Essentials accreditation bodies will be replaced with one Cyber Essentials partner, the IASME Consortium, in order to standardise the certification process. IASME will take over running the Cyber Essentials scheme on behalf of the NCSC (National Cyber Security Centre) and will be responsible for the delivery of the scheme, as well as revising and improving it.

The NCSC is encouraging organisations to continue with their plans to certify or re-certify with their existing certification bodies until 31 March 2020. Organisations that renew within this time frame will have until 30 June 2020 to complete their certification.

 Phishing

There are many types of phishing, including:

  • Vishing: Voice phishing or ‘vishing’ is a type of phishing conducted by phone. Most vishing attempts try to get the victim to reveal information like PINs, payment card details and passwords. Criminals then use those details to access online accounts to steal information or money.
  • Smishing: SMS phishing or ‘smishing’ is becoming a more popular form of phishing, partly because we increasingly rely on smartphones in both our work and personal lives.
  • Spear phishing: Spear phishing is a targeted form of phishing attack, usually conducted to seek financial gain or obtain insider information, where cyber criminals adapt their methods to reach a specific victim. Spear phishing attacks are rarely random, instead, they are most often conducted by perpetrators seeking financial gain or insider information.

DDoS Attacks

What is a DDoS Attack?: A DDoS (distributed denial-of-service) attack attempts to disrupt normal web traffic and take a site offline by overwhelming a system, server or network with more access requests than it can handle. DDoS attacks typically serve one of two purposes:

  • An act of revenge against an organisation.
  • A distraction that allows cyber criminals to break into the organisation while it focuses on restoring its website.

How to Prevent DDoS Attacks: The reputational and financial damage as the result of the service unavailability inflicted by a successful DDoS attack can be severe. Therefore, preventing or at least quickly countering DDoS attacks can be critical for your organisation’s survival.

Regularly testing your IT infrastructure is paramount to keeping your systems secure, and is something any organisation should consider as part of its cyber security strategy.

Computer Viruses

A computer virus is a type of malicious code or program written to alter the way a computer operates. Much like a flu virus, it is designed to spread from one computer to another (but without the user’s knowledge) by:

  • Opening an infected email attachment;
  • Clicking an infected executable file;
  • Visiting an infected website;
  • Viewing an infected website advertisement; or
  • Plugging in infected removable storage devices (e.g. USBs).

GDPR 

GDPR has played a large part in these changes. Three in ten businesses (30%) and over a third of charities (36%) say they have made changes to their cyber security policies or processes as a result of GDPR. Recent findings suggest that GDPR has encouraged and compelled some organisations to engage formally with cyber security for the first time, and others to strengthen their existing policies and processes. 

However, the qualitative findings also highlight that GDPR has had some unintended consequences. It has led some organisations to frame cyber security largely in terms of avoiding personal data breaches. These organisations were less focused on other kinds of breaches or attacks, and typically had a narrower set of technical controls in place.

GDPR appears to have had a positive impact on cyber security to date, but to make progress organisations may need to think more holistically about the issue.

There is still more that organisations can do to protect themselves from cyber risks. This includes taking important actions that are still relatively uncommon, around board-level involvement in cyber security, monitoring suppliers and planning incident response.

ITGovernance:          Decison Marketing:         ITGovernance:     Gov.UK:

You Might Also Read: 

A Guide To Preventing Charity Cybercrime:

 

 

 

« Cyber Security Strategy In The Digital Age
UK Government: Mobile Devices Lost & Stolen »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Get Cyber Safe

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to educate Canadians about Internet security and the simple steps they can take to protect themselves online.

Mimecast

Mimecast

Mimecast delivers cloud-based email management for Microsoft Exchange and Microsoft Office 365 including archiving, continuity and security.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

VNCERT

VNCERT

VNCERT is the national Computer Emergency Response Team for Vietnam.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

Secure-CAV Consortium

Secure-CAV Consortium

Secure-CAV is a technology-led consortium funded by Innovate UK to drive the development of cybersecurity solutions for connected and autonomous vehicles.

Conference on Applied Machine Learning in Information Security (CAMLIS)

Conference on Applied Machine Learning in Information Security (CAMLIS)

CAMLIS is a venue for discussing applied research on machine learning, deep learning and data science in information security.

TatvaSoft

TatvaSoft

TatvaSoft is a custom software development company delivering business IT solutions and related services to customers across the globe.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

Ignite Cyber

Ignite Cyber

IGNITE Cyber is focused on enabling secure technology adoption through intelligent business decisions. We are focused on providing a secure and stable business environment for everyone.

Irys Technologies

Irys Technologies

Irys Technologies specialize in pioneering digital transformation solutions designed to streamline communications and enhance maintenance and operational efficiency for a variety of sectors.