What is a cyberattack? Causes and consequences
You have probably heard about the ransomware attack on Ireland's healthcare system in May 2021.
This kind of attack on public health agencies is growing more frequent. The idea is simple: intruders access data stored on central servers and block your access, then demand a ransom to hand it back to you.
A cyberattack is an attempt by a malicious individual or organisation, to breach the system of another individual or organisation. The purpose of such an attack is to make a profit from intruding on others' information.
A cyberattack is like a virus, it finds its way onto a device by exploiting a security flaw in vulnerable software, or by tricking somebody into installing it.
For instance, a cyberattack can include:
- Introducing malware into data (in order to damage or steal data)
- Disabling computers
- Shooting down systems
- Using a breached computer as a launch point for other attacks
What are the different types of cyberattacks?
The rise of different types of cyberattacks is becoming more problematic as hackers start to combine techniques, making it increasingly difficult to identify and fight against cybercrime.
Some of the common types of cyberattacks are:
- Phishing: sending emails that appear to come from a trusted source to steal sensitive data such as passwords, user information or credit card details.
- Malware: all types of malicious software such as viruses, worms, ransomware.
- Man-in-the-middle, MitM: an eavesdropping attack where hackers insert themselves between two parties and use someone else's device as a source.
- Structured Query Language, SQL injection: insertion of malicious code into a SQL database which can reveal, modify, or delete data.
- Zero-day exploit: hackers exploit an issue that has been announced to the public but has not yet been solved.
- DNS Tunnelling: hackers exploit DNS traffic to carry out malicious activities.
- Denial-of-Service, DOS attack: the hackers seek to disrupt a device or network’s traffic, temporarily or indefinitely.
Objectives of cyberattacks can be:
- Reputational damage
A step-by-step guide of what happens during a cyberattack
To understand how to mitigate a cyberattack, you need to understand the different stages involved. Let's take the example of a company that falls victim to a data theft attempt:
1 / First, the hacker finds a loophole in the computing system. They could, for example, access the email account of a staff member who has not chosen a very secure password. The hacker can also seize a stolen business device, or exploit any other breach in an application, server, or network.
The hacker uses this to infiltrate the IT system and install malicious software. They can remain in this position for months as an observer, without attacking.
2 / Then, the malware will explore the victim's computer network in search of other exploitable computer security flaws. It can connect to a botnet (a network of hacking bots) to expand its malicious code and strengthen its areas of action.
By opening multiple access points, the hacker will then have a higher chance of success if the attack is detected.
3 / Finally, the hacker can infiltrate the computer network and seize confidential data, thereafter encrypting it to demand a ransom.
4 / If, during the data theft process, the cyberattack has not been detected, the hacker can remain in the system for months without revealing themselves. They may even return to the computer network to steal more information. The potential negative consequences for the company are virtually limitless.
Who is targeted by cyber threats?
A famous example of this kind of cyberattack is the Internet Research Agency (IRA). Among other things, this Russian organisation created hundreds of fake accounts on social networks aiming to discredit the candidacy of Hillary Clinton in favour of Donald Trump (Source: What We Know About How Russia’s Internet Research Agency Meddled in the 2016 Election, 2018).
The State of the Phish 2020 report by Proofpoint shows that 75% of companies installed a new working-from-home model in 2020, yet only 39% of those have trained their employees on IT security. It is important to note that company weaknesses in the face of cybercrime are primarily related to human vulnerabilities.
The Verizon 2019 study shows that 43% of companies affected by cyberattacks are SMEs, a statistic that has logically increased since remote work started to boom with the COVID-19 pandemic. Moreover, another survey underlines that 41% of VSEs have already experienced this type of online hacking.
According to an article by cybersecurity company LIFARS, IBM estimates that a company takes an average of 280 days to detect and contain a data breach, and return to normal activity. IBM’s report also claims that by reducing this response time to 200 days, a company could save $1 million in costs.
What could the consequences of a cyberattack be?
Fallouts from cyberattacks depend on the category of cybercrime experienced.
DDoS attacks can mean a website becomes unavailable for long periods of time, therefore resulting in a loss of natural traffic or even reputational damage.
Theft of industrial property and extortion of confidential data impact the company financially and also damage its reputation. It could also potentially result in penalties due to a violation of the General Data Protection Regulation (GDPR).
CEO fraud and other email misuse such as Business Email Compromises (BEC) result in heavy financial losses.
Computer system infiltrations and other access breaches slow down or completely stop ongoing operations.
Cyber crisis management can be costly, especially due to the recovery of extorted or corrupted data.
All these consequences can lead to a financial devaluation of the company.
What’s more, insurance companies sometimes take advantage of the attack to increase their rates.
Transform how you model, measure, and manage cyber risk with one of our CRQ Solutions.
Don't wait for the inevitable cyber incident. Build a resilient, risk-based cybersecurity program with Cyber Risk Quantification.
How to protect yourself from cyberattacks
A multilayered end-to-end cybersecurity architecture is essential for protecting your company from cyberattacks.
Below are some actions you can take to protect yourself from cyberattacks:
- Have your cybersecurity audited.
- Protect yourself with an antivirus, a firewall, a bot manager, or even a Security Event Information Management (SIEM) system adapted to the vulnerabilities identified by the audit.
- Train employees and management staff on human vulnerabilities that are a breeding ground for cybercriminals, using an IT charter or best practices guide.
- Insist on the importance of strong passwords of more than 8 characters that are updated regularly.
- Have a crisis management plan in case of a security breach.
- Leave it to the IT department to secure equipment and backups of sensitive data in a locked room with limited access.
- Make regular backups of your confidential data in order to keep a usable version in the event of a cyberattack.
FAQ : Cyber attacks
What is a cyber attack?
A cyberattack is when harmful action is carried out against a computer system. It can target individuals as well as public or private sector organisations. The hacker can be an individual or an organisation.
What are the different types of cyber attacks?
Some of the most common modern cyberattacks are: Denial-of-Service (DDoS) attacks, phishing, malware attacks, and man-in-the-middle (MitM) attacks.
What is cybersecurity?
Cybersecurity consists of a set of measures to protect computer systems: servers, computers, equipment, networks, files, and messages. It is also called Information Systems Security, InfoSec. The system helps to protect the network, its computers, and also its users.
We build scalable solutions to quantify cyber risk in financial terms so organizations can make informed decisions to improve governance and resilience.