Cyber-Attacks – The Why and How
While the technology brings a host of benefits to organisations, it also comes with some inherent risks.
Many people tend to associate cyber-attacks with large corporate organisations when the truth is they affect both organisations large and small. While the payday for hackers may be somewhat larger when they attack large corporates, the fact is hackers target small businesses too.
Cyber-attacks – The Why
Hackers have an ever-evolving list of malicious tricks up their sleeves. While the methods of attack may vary wildly, the reasons behind the attacks normally fit into just a few categories.
Financial gain – attackers try to steal sensitive data such as credit card information and personally identifiable information in order to use it to steal money.
Espionage – attackers employed by government agencies or competitors try to access information that can be used to gain some sort of advantage or leverage, or damage the organisation being targeted.
Revenge – the attacker is an ex-employee who wants to damage a former employer’s reputation etc.
While there may be other reasons for cyber-attacks the above three are the most common. Out of these, financial gain is the number one reason for hacking.
Cyber-attacks – The How
As we have already mentioned, there are many different techniques employed by hackers in their attempts to access your data. We’ll take a look at a few of the more common methods.
DDoS or distributed denial of service – in simple terms, this type of attack attempts to overload your server in order to shut down your website or systems. Hackers can do this by using Trojan viruses to hijack thousands or servers, which are then used for a focused attack on a single target server.
Malware – malware is short for malicious software. There are many different types of malware, which include; viruses, spyware, Trojan horses, key loggers, worms, etc. Malware can be used to accomplish any number of goals. For example, it can be employed to gain unauthorised access – as in the case of hijacking a server for use in a DDoS attack – or it could be used to damage or shut down a target computer or system or to access sensitive data.
Phishing – this is a very common form of cyber-attack. No doubt, you would have been a target at some point in the past. Think back to those emails promising to deposit money into your account or saying you have won some or other lottery that you never entered. While many of these phishing emails can make for a hilarious read, many people nonetheless fall for them and give away sensitive data such as passwords or even end up making payments. While this type of attack is often targeted at individuals in order to con them out of money, it could also be used to try gain access to an organisation’s network through an unsuspecting individual being tricked into giving login details.
Brute Force Attack – This type of attack is aimed at cracking passwords. It is commonly employed against websites and servers in order to gain unauthorised access. Basically, the hacker sets up a program that tries to guess usernames and passwords in order to login to a website or server. Other type of password attack is keylogging. Keylogging uses software that is installed on a victim’s computer without them knowing about it and then logs the keystrokes of the user to obtain login data.
The above list is by no means exhaustive and due to the evolving nature of cyber-attacks, one may never be able to put together an exhaustive list. However, so long as you are aware that the threat exists you may be able to take steps to guard against cyber-attacks.
Iron Mountain prides itself on securing its clients digital and paper records through state of the art security. In our next article, “Cyber-Attacks – What can you do about them” we’ll take a look at some measures you can take to mitigate the risk of a data breach.
DDoS attack – Distributed Denial of Service – http://www.webopedia.com/TERM/D/DDoS_attack.html
Image Credit: Copyright: chainat / 123RF Stock Photo