Cyber Security 101: What you need to know

We are entering unprecedented times where cyber security attacks are on the rise, and not taking action is no longer an option. As we surge into a world that revolves entirely around technology and the internet, education is key to preventing threats and vulnerabilities. IT security is a critical part of every functioning business and is now a board level item which must be reviewed and continuously improved, as the threats evolve.

It’s important to know what to look out for to understand how IT security is so important, so here are the basics to get you up to speed.

What is a cyber attack?

A cyberattack is a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization. Usually, the attacker seeks some type of benefit from disrupting the victim’s network.

Why do they occur?

Cyber attacks hit businesses every day, and cyber crime has increased every year as people try to benefit from vulnerable business systems. Most often cyber attacks are deliberate and motivated by financial gain. The hacker can go after your business' financial details; sensitive personal data; customer databases; IT infrastructure; and whatever else they can get access to. 

What are the penalties?

We must be reminded of GDPR here – if a breach occurs and you fail to comply with the data protection laws under GDPR, the ICO can fine 20 million Euros (or equivalent in pounds) or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.

What are the common types of cyber attacks?

There are many different types of cyber attacks - it has become a very complex mastery. We have picked out the 3 you need to be most aware of. 

Malware

Malware is a term used to describe malicious software, including spyware, ransomware, viruses, and worms. This is the most common type that you have probably hear of. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software. Once inside the system, malware can do the following:

• Blocks access to key components of the network (ransomware)
• Installs malware or additional harmful software
• Covertly obtains information by transmitting data from the hard drive (spyware)
• Disrupts certain components and renders the system inoperable

Phishing

Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine. Phishing is an increasingly common cyber threat.

Man-in-the-middle

Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data. Two common points of entry for MitM attacks:

• On un-secure public Wi-Fi, attackers can insert themselves between a visitor’s device and the network. Without knowing, the visitor passes all information through the attacker.
• Once malware has breached a device, an attacker can install software to process all of the victim’s information.

Why is Cyber Security important? 

Cyber security encompasses everything that is included with protecting our sensitive data; whether that be personal information, or your business and client data. With increasingly sophisticated cyber criminals means the risk that your organization suffers from a successful cyber attack or data breach is on the rise.

Gone are the days of simple firewalls and antivirus software being your sole security measures. Cyber threats can come from any level of your organization. You must educate your staff about simple social engineering scams like phishing and more sophisticated cyber security attacks like ransomware (WannaCry) or other malware designed to steal personal data.

GDPR and other laws mean that cyber security is no longer something businesses of any size can ignore. Security incidents regularly affect businesses of all sizes and often make the front page causing irreversible reputational damage to the companies involved.

The impact

If a cyber attack were to occur within your business, the impact and long-term effects can be very damaging. There can be a detrimental effect on:

• Disruption of working time
• Reputation
• Resource
• Financial loss

These are all core elements of any business, which is why it is crucial to be proactive about IT security instead of reactive. Make sure you have measures in place should you suffer a breach; educate your staff on what types of suspicious things to look out for; test your infrastructure and systems to be sure you’re protected; and use simple measures like 2FA and system monitoring, so that you are always aware of the state of your business.