layer 1 layer 2 layer 3 layer 4 layer 5 abstract shapes

The 11 Cyber Security Threats Every Business Needs to Know About

Posted by Alfie McDonald on November 18th 2022

 

If you’re online, you’re under attack.

That’s the simple truth for every organisation and individual in the world, right now. Cyber security breaches are a very real and rapidly rising danger, causing costly and possibly permanent damage to any business.

Did you know that the Irish Health Service suffered losses amounting to £440 million following a breach in 2021? With so much at stake, it’s vital to understand the cyber security facts of life. The nature and severity of the many threats lurking in the dark recesses of the internet. The more you know, the better equipped you are to minimise the risk of damaging cyber security incidents.

At BCN, we have a strong record of protecting a variety of organisations from online attacks and hazards. Discover our cyber security services. In this article, we’ll use our expertise to provide an authoritative guide to cybersecurity in 2023, focused on answering two key questions:

• What are the threats you face right now?
• How is the threat landscape changing?

Let’s start with a clear definition of the problem.

What is a cyber security threat?

A cyber security attack is any attempt to cause harm by damaging or disrupting computers and IT systems. Some criminals who launch attacks are trying to steal money or data. Others aim to sabotage the organisation, compromise its reputation, promote a cause or just cause chaos.

What are the main types of cyber security threats for businesses?

The threats you are most likely to experience are:

1)  Malware

Malware is a file or code that performs a malicious task on a device or system. It is often introduced via a phishing email or a download from a website. One employee opening the wrong email attachment can spread harmful software undetected through an entire network.

Examples of malware include Trojan viruses, ransomware and spyware. A Trojan is a programme that seems innocent but is a virus in disguise. Hence the name.

How big is the problem? According to Statista, there were 2.8 billion malware attacks globally in 2021. One new trend is that many attacks are now launched by non-human bots. Another is the use of malware to “hijack” computing power so that it can be used for cryptocurrency mining without the owner’s knowledge.

ed-hardie-1C5F88Af9ZU-unsplash

2) Ransomware

Ransomware is malware that “locks” files (or the entire system) so that no one can access them. The perpetrators demand money to restore access. In 2018 a ransomware attack shut down all data for the US city of Atlanta, Georgia.

Our cyber security breaches survey for 2021 shows that ransomware was the most significant cyber threat against UK organisations in that year. It particularly targets charities, legal professions, public services and health authorities.

Ransomware

3) Spyware

Spyware lies hidden on a device, secretly monitoring activity. This enables the attackers to access sensitive information such as bank details or passwords. They will use the information to steal money and data—or sell it to other criminals via the dark web.

Spyware

4) Advanced Persistent Threats (APT)

APTs are stealthy cyber attacks, usually conducted by a nation state or activist group. Such threats typically gain unauthorised access to a computer or system, then lie dormant and undetected for an extended period. “Dwell times” of APTs can be 200 days or more. That’s ample time to do significant harm and achieve the attacker’s aim, whether it’s to gain financially or damage companies and institutions.

APT

5) Software Supply Chain Attacks

Hackers are opportunists: never slow to spot a vulnerability. They understand that software installations and updates can be a weak point in cyber defences. Software supply chain attacks occur when criminals infiltrate a software vendor’s network with malicious code.

The software arrives with the cyber threat built-in. So as soon as you install it, the system is compromised. Your security has been successfully breached, and you have no idea it’s happening.

Supply_Chain_Attack

6) Distributed Denial of Service (DDoS)

Most threats work undercover, but this is an attack that feels like an attack. A blitzkrieg of unwanted data. Suddenly your network is overwhelmed by traffic from multiple sources. The system is overloaded and crashes, putting your IT out of action. Brutally effective.

Technology_Visual

7) Man-in-the-Middle Attacks (MitM)

This is where the attacker impersonates someone your system regularly contacts. The interloper is then able to intercept and tamper with messages you send and/or receive. The MitM can now steal data or cause confusion at will.

MITM

8) Password Attacks

A hacker with the right software can try 2.18 trillion password and username combinations in less than half a minute. That’s how easily cracked your “unguessable” password is. Hence the familiar (and frequently ignored) advice to vary passwords, change them regularly and avoid the obvious.

Criminals can also get through your password protected defences by subterfuge. A phishing email inviting you to reset your password is one familiar method, but today’s cybercriminals also mix it up with “smishing” and “vishing”—text messages and phone calls with the same intent. There’s “spear fishing” and “whaling” too—fake emails purporting to be from a friend or a boss respectively.

Picture9

9) DSN Poisoning Attacks

The Domain Name System (DNS) makes the internet much easier to navigate. It allows us to use familiar .com-style domain names rather than IP addresses, which are unwieldy strings of numbers.

But hackers know that anything useful can be abused. A DNS attack is when they deceive a server into sending traffic to the wrong websites. This misdirection enables them to remotely access the system and steal or tamper with data. Alternatively, they may drive users to fraudulent websites or launch DDoS attacks.

Hacker_Glasses

10) Social Engineering Attacks

Cybercriminals use advanced psychology, as well as technology, to achieve their goals. This type of assault on your online security is built around the manipulation of social situations. Examples include gaining someone’s trust, then giving them a flash drive infected with malware.

There are also online social engineering attacks. They tempt people with misleading ads (malvertising), phishing emails or fake security alerts (scareware). The aim is to coax them towards malicious websites or entice them with downloads containing viruses and spyware.

Social_Engineering

11) Injection Attacks

This type of attack happens when a hacker has the opportunity to physically or remotely enter (inject) code or malware into an application on a computer. It can then be used to execute remote commands, giving attackers the power to bypass security and steal or tamper with data.

Data

Emerging cyber security threats and challenges to be aware of in 2023

The threats you are most likely to experience are:

So you know you need advanced online security, but why BCN?

At BCN, advanced cyber security is just one aspect of the comprehensive managed IT portfolio we offer. Our three-step approach begins with a cyber security risk assessment, offering clear insight into your threats and needs. That enables us to recommend the most appropriate combination of solutions, based on in-depth understanding of the dangers you face. We will then implement your bespoke solution, providing agile, holistic and robust cyber security. Ready to find out more?