Feb 14, 2019 Posted by John Stagner on Feb 14, 2019 in client | 0 comments

5 Types of Cyber Attacks That Can Cost Your Company More Than Money

It started innocently enough for Simon Bunce. In 1999, he applied for a credit card through a major supermarket. He began making benign purchases online for everyday things, like all of us.

Fast forward five years to 2004, when he was surprised by police on his doorstep in the UK – with a search warrant. He was promptly handcuffed and put into jail.

Although he was innocent of any wrongdoing, he was accused of being a pedophile, his family disowned him, his computers and drives were seized, he lost his job, and his life was ruined.

The real perpetrator was safely tucked away in Indonesia – over 7,000 miles away. He had stolen Bunce’s credit card info during a cyber attack on the supermarket, then used that info to purchase child pornography.

It’s one of the most chilling tales of identity theft imaginable and illustrates how cybercrime can go far beyond financial ruin.

Types of Cyber Attacks

Although there are many types of cyber attacks, the individual stories hit closest to home for most of us. But we should all be concerned about cyber threats on business because the potential of exposing customers multiplies exponentially.

If you are an owner, partner or other principal in a business, it can open you up to staggering liabilities. While this article only touches the surface, knowing where the risks lie is a crucial first step in preventing them.

In no particular order, here are five of the most common cyber attack examples:

#1 – Malware

One of the largest ‘categories’ of cyber attacks is Malware. Malware can be loosely defined as malicious software that is covertly deployed onto a computer, server or network.

It qualifies as its own category because there are so many forms it can take. It can self-deploy, replicate itself, hide, infect, disguise, and destroy. Some of those forms include the following:

1. Software or Macro Viruses. These viruses themselves to software applications, then replicate themselves when the program is opened, attaching to code elsewhere in the system.
2. Trojans. Just like the hollow wooden horse used in Greek history, this malware is disguised to look like something else, like a useful program. Inside, however, a sinister plot awaits to open a gate and allow the invaders to enter.
3. Worms. Have you ever heard of the planarium worm? It’s a flatworm that, when cut into pieces, each piece will completely regenerate into a whole worm. Unlike viruses, worms don’t attach to files but are self-contained, and commonly propagate through email, creating copies of itself and infecting entire systems.
4. Boot-Record Viruses. These viruses are activated when a computer starts up, loads itself into memory, then begins infecting any connected computer or drive.
5. Ransomware. Almost a category all by itself, ransomware is one of the most dangerous types of malware. It essentially ties up data and holds it hostage until you pay up. That’s right – you give us money, and we’ll let you have access to your files so you can continue doing business. There is a distinction between malware and ransomware, based on what the hacker intends to do. Small businesses are a major target because they are the most likely to give in to the demands of the hackers, often with devastating financial consequences.

#2 – Phishing Attacks

Phishing attacks are just what they sound like – a bad guy putting some bait out there on a hook to see if you’ll bite. The bait is designed to look like something you want or something you can trust. One of the most common phishing attacks is an email designed to look like it’s from a  trusted source – like your bank or credit card company. The goal is to get you to click on a link and ‘verify’ (hand over) personal information. It’s often under the guise of some security threat that needs to be addressed.

#3 – DOS/DDOS Attacks

Denial of Service, or Distributed Denial of Service attacks are meant to create so much traffic on a server or website that it can’t function properly. Imagine a congested highway in the city at rush hour. That’s what happens to your system in a DOS/DDOS attack. Sometimes these attacks are carried out simply for malice or revenge, but it’s also a perfect scenario to demand payment from the victim.

#4 – SQL Attacks

Pronounced ‘sequel,’ the SQL attack stands for Structured Query Language. It is an attack on a database of records. Much like a master hypnotist, it asks seemingly innocent questions, or queries, to gain access to more information.

Every time you enter a username and password and hit enter, the system ‘queries’ a database to find a matching record, then lets you in if you gave it the right answers.

By exploiting weaknesses in the computer language used, hackers can get the system to return the whole enchilada – all the records available in the database.

#5 – Passwords

It might surprise you to know that the average business employee has 191 passwords to keep track of. Let that sink in for a moment. Given that the majority of

people use the same or similar passwords on multiple sites, it’s not surprising that 81% of data breaches happen because of passwords.

The emerging use of two-factor authentication has helped to squelch the problem, but it’s still epidemic.

The Hidden Effects

Often, we think about cyber threats as ‘merely’ financial, but the costs are far-reaching. Remember our innocent victim Simon Bunce? His story wasn’t about money at all – at least not in the beginning. But the dominoes eventually fell in just about every way they could.

To get an idea of the multiplying effect of a data breach in business, consider this: Over the next five years, 146 billion records will fall into the wrong hands.

That’s nearly 20 times the world’s current population.

The extended risks of cyber attacks on business include damage to reputation, lost customers, unrecoverable records, employee ID vulnerability, and legal liability. The list goes on.

The Bottom Line

With so many types of cyber attacks on the rise, you can’t bury your head in the sand and expect to survive. You must recognize them and be proactive – before something happens.

Aside from education on all fronts in your organization, using technology to protect technology is a good place to start. XXXXXXX uses some of the most sophisticated IT security protocols available to keep your company safe. Check out our blog for additional helpful IT security articles.