Cyber attacks on organizations are becoming more and more frequent, especially since the Covid-19 pandemic. It is becoming more difficult to control, especially for SMEs due to higher network use and weak cyber security systems.
Published on June 25, 2021, 10:06 a.m. (Updated on 24 September 2021 17:11)
You probably have heard about the ransomware on Ireland's healthcare system of May 2021.
This kind of attack on public health systems is becoming more and more frequent. The idea is simple: intruders access data stored on central servers and then demand a ransom to restore it for you.
A cyber attack is an attempt by a malicious individual or organization, to breach the system of another individual or organization. The purpose of an attack is to make a profit from intruding on others' information.
A cyber attack is like a virus, it finds its way onto a device by exploiting a security loophole in vulnerable software, or by tricking somebody into installing it.
It can be, for instance:
The increase of different types of cyberattacks is becoming more problematic as hackers start to mix them together. Therefore, identifying and fighting against cybercrime is becoming increasingly difficult.
Some of the common types of cyberattacks are:
The objectives of the attacks are:
To understand how to mitigate a cyberattack, you need to know its different stages. Let's take the example of a company victim of a data theft attempt:
A famous example of this kind of cyber attack is the Internet Research Agency (IRA). This Russian company created hundreds of fake accounts on social networks, aiming to discredit the candidacy of Hillary Clinton, in favour of Donald Trump (Source: What We Know About How Russia’s Internet Research Agency Meddled in the 2016 Election, 2018).
The State of the Phish 2020 report by Proofpoint shows that 75% of companies installed a new telecommuting model in 2020, yet only 39% of those have trained their employees on IT security. Yet, company's weaknesses in the face of cybercrime are primarily related to human vulnerabilities.
The Verizon 2019 study shows that 43% of companies affected by cyber attacks are SMEs. A statistic that has logically increased since remote work started to boom with the COVID-19 pandemic. Moreover, another survey underlines that 41% of the VSEs have already undergone this type of online hackings.
According to an article from lifars, a cybersecurity company, IBM estimates that a company takes an average of 280 days to detect, contain a data breach, and get back to normal activity. IBM’s report also claims that by reducing this response time to 200 days, a company could save $1 million in costs.
The results from a cyberattack depend on the category of cybercrime experienced.
DDoS attacks can result in a website being blocked and therefore a loss of natural traffic, or even reputational damage.
Theft of industrial property and extortion of confidential data impact the company financially but also damage its reputation. It might also result in penalties due to a violation of the General Data Protection Regulation (GDPR).
President's attacks and other email abuse such as Business Email Compromise (BEC) result in heavy financial losses.
Computer system infiltrations and other access breaches slow or stop ongoing operations.
Cyber crisis management can be costly, especially due to the recovery of extorted or corrupted data.
All these consequences can lead to a financial devaluation of the company.
Moreover, insurance companies sometimes take advantage of the attack to increase their rates.
To protect your company from cyberattacks, a multilayered end-to-end cyber security architecture is important.
Below are some actions you can take to protect yourself from cyberattacks:
A cyber attack is a harmful action against a computer system. It can target individuals as well as public or private organizations. The hacker could also be an individual or an organization.
Some of the most common cyber attacks these days are: Denial-of-Service (DDoS) attacks, Phishing, Malware attacks, Man-in-the-Middle (MitM) attacks.
Cybersecurity consists in a set of measures to protect computer systems: servers, computers, equipment, networks, files, messages. It is also called Information Systems Security, InfoSec. The system helps to protect the network, computers but also users.