Before developing and implementing security measures to prevent cyberattacks, you must understand basic concepts associated with cybersecurity and what cyberattacks are. The method(s) of cybersecurity that a company uses should be tailored to fit the needs of the organization.
Cyberspace is the environment where computer transactions take place. This specifically refers to computer-to-computer activity. Although there is no “physical” space that makes up cyberspace, with the stroke of a few keys on a keyboard, one can connect with others around the world.
Examples of items included in cyberspace are:
- Information storage
As previously mentioned, cybersecurity is the implementation of methods to prevent attacks on a company’s information systems. This is done to avoid disruption of the company’s productivity. Not only does cybersecurity include controlling physical access to the system’s hardware, it protects from danger that may come via network access or the injection of code.
Cybersecurity is crucial to a business for a myriad of reasons. The two this section will focus on are data security breaches and sabotage. Both can have dire effects on a company and/or its clients.
Data security breaches can compromise secure information such as:
- Names and social security numbers
- Credit card and bank details
- Trade secrets
- Intellectual property
Computer sabotage serves to disable a company’s computers or network to impede the company’s ability to conduct business.
In simple terms, a hacker is an individual or group of individuals who use their knowledge of technology to break into computer systems and networks, using a variety of tools to gain access to and utilize other people’s data for devious reasons.
There are 3 main types of hackers. They are:
Grey hats: These hackers do so “for the fun of it”.
Black hats: These hackers have malevolent reasons for doing so, such as stealing and/or selling data for monetary gain.
White hats: These hackers are employed by companies to hack into systems to find where the company is vulnerable, with the intention of ensuring the safety of the data from hackers with ill intentions.
”Malware” is the shortened form for malicious software, which is intrusive software, used to perform actions such as interrupting computer operations and obtaining sensitive information. Acquiring access to private computer systems and brandishing unsolicited advertising are also characteristic of Malware.
A computer worm is an independent malware program that reproduces itself to infect other computers. It can spread to other computers without having to attach to an existing program, but still causes some form of damage to the network.
Damage done by worms includes:
- Bandwidth consumption
- Stopping active anti-malware service
- Immobilizing Safe Mode
- Hindering Windows auto update
A computer virus is a program that hides within a harmless program that reproduces itself to perform actions such as destroying data. It can infect files and when the file is opened, spread the virus throughout your computer. The virus will further spread if the infected file is shared with others.
Damage done by viruses includes:
- Corrupting files
- Computer slowdown
- Taking over basic functions of the operating system
The main purpose of Spyware is to obtain information about an individual or company without their knowledge or consent. The data gathered from this act of “spying” is sometimes sent to another entity. It can also be used to gain control over one’s computer without the user realizing it. It is commonly used to track the user’s movements and bombard him/her with pop-up ads.
Damage done by spyware includes:
- Collecting personal information
- Installing unsolicited software
- Redirecting web browsers
- Changing computer settings
- Slowing down Internet connection
Trojans gain access into computers by misleading users of what it is truly meant to do. They spread in sneaky ways. For example, a user may receive an email attachment that appears to be legitimate, but when he/she opens it, it in fact gives the attacker the opportunity to obtain the user’s personal information, such as banking details and passwords.
Damage done by Trojans includes:
- Crashing the computer
- Deleting files
- Corrupting data
- Logging keystrokes
Cyber security breaches are the result of secure information being released to a treacherous environment. Whether the data is released intentionally or unintentionally, the consequences can have long-lasting effects, from harassment to identity theft.
Cybercriminals who use phishing scams aim to obtain personal information by appearing to be a legitimate source. Many times, they masquerade as a major company, such as a bank, appealing to your desire to keep your information safe.
For example, they may send an email that says, “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
Clicking the link or responding to the email can take you to a website that looks authentic, but is in fact a spoof site that serves to steal your information and use it for malicious purposes, such as commit crimes using your name or using your bank information for personal gain.
Identity theft can be considered one of the worst case scenarios when it comes to cyber security breaches. Whether hacking into a company’s computer system to assume the identity of the company or doing so to steal the identities of the company’s customers / clients, the end result can be disastrous.
Those who seek to steal another’s identity typically do so and move on quickly, making it difficult to track and prosecute the perpetrator. This is why “an ounce of prevention is worth a pound of cure”.
There are many ways to help prevent identity theft. Some examples are:
- Be mindful of phishing websites
- Utilize an Anti-virus / Anti-malware program
- Don’t respond to unsolicited requests for secure information
Cyberbullying is not just limited to individuals. Cyberbullies can use their vices to ruin the reputation of a company as well. Many companies have social media accounts that allow the general public to post comments, complaints, and suggestions. Some use this opportunity to post cruel and negative comments, or even threats.
What are some ways to handle cyberbullies?
- Do not immediately respond. When one feels attacked, the immediate tendency is to respond out of emotion. Doing so could escalate the issue, so take some time to process the information and compose yourself before dealing with the issue.
- Tell the cyberbully to stop. Granted, this may not always work, but sometimes being told that the behavior is not acceptable is all one needs in order to cease.
- Get the authorities involved. Contact the police. The police many times have the necessary tools to track down the culprit and help put a stop to the behavior.
Cyberstalking a company can include acts such as false accusations and defamation, which can affect the standing of the company in the community. The cyber stalkers’ intention is typically to intimidate or in some way influence the victim. Cyberstalking is a criminal offense that is punishable under the anti-stalking laws.
Being found guilty of cyberstalking could lead to penalties from a restraining order against the assailant to the assailant serving jail time.
- Be sure you always have physical access control over your computer, to prevent the stalker from gaining that control without your knowledge.
- Always log out of programs before stepping away from your desk. Utilize a screensaver and password.
- Protect your passwords. Do not share them. Change them often.
- Keep your security software updated.
Cyber attacks are orchestrated by individuals or groups to destroy the information systems, networks, etc. of others. From installing Spyware on a computer to obliterating a company’s entire infrastructure, cyber-attacks can have devastating effects on many.
Passwords are intended to prevent unauthorized access to your accounts, so it’s important to use passwords that are strong in order to prevent threats against the privacy and security of the data associated with your company and customers.
Why is it important to use a strong password?
There is software available to hackers that will allow them to try various passwords in an attempt crack the code of and infiltrate your system.
How to protect your business:
- Create a password that is easy for you to remember but difficult for someone else to figure out
- Include upper and lower case letters, numbers, and symbols
- Craft a password that is long
- Regularly update your password
Denial of service attacks are just as its name states. Its goal is to make a network unavailable to its intended users. This type of attack can be used against individuals where they consecutively enter the wrong password enough times that they are locked out of their account. It can also manifest as a network being so overloaded that no one can get in.
Damage caused by denial of service attacks:
- Network performs slowly
- A specific website is inaccessible
- No websites are accessible
- Receiving a large amount of spam emails
A passive attack is conducted to simply find the vulnerabilities of system, but not change any data at that time. Think of it in terms of a conversation that two people are having and the passive attacker is eavesdropping in on the conversation. Although it may seem like a harmless act at the time, if the intruder is able to obtain the “right” information, he/she can use that in the future to cause irreparable damage.
A passive attack is different from an active attack, which aims to change data of the system at the time of the attack.
Penetration testing can be a positive tool for an organization. It is done to unearth the vulnerabilities of a computer system, then take advantage of those vulnerabilities to get an idea of the impact an actual attack will have on the system.
There are many reasons why a company would utilize penetration testing. Some of these include:
- Establish the likelihood of a specific attack occurring
- Detect high risk vulnerabilities that can result from a grouping of low risk vulnerabilities that take place in a particular pattern
- Determine the bearing an attack will have on a company
- Assess the company’s network risk management capabilities
Next Post: Ways to counteract cyberattacks.