There are no shortages in the variety of cyber-attacks your business may potentially face. Understanding the most common types and how to prevent or respond to them can be important for limiting the damage caused. Here are the three most common types of cyber-attacks and how you, with the support of the digital security experts here at Grundig IT, can deal with them.
1. Web Application Attacks
According to the Verizon Data Breach Investigation Report (DBIR) for 2016, Web Application attacks accounted for only 8% of all reported attacks (whether they were successful or not). However, these attacks on web applications accounted for over 40% of incidents that resulted in a data breach—which makes them the single-biggest source of data loss among all attack types.
In most Web Application Attacks the hackers run a program that enters code into form fields or other access points on your website. This code tricks your website and the databases behind it into making changes submitted by the attackers, or producing data for them to steal. Fortunately, we can protect against these attacks with a simple CAPTCHA or other forms of security measures loaded on your website to prove that the users entering information on your forms are humans, not bots. We can also use a Web Application Firewall (WAF) to monitor your network and block potential attacks as they happen.
2. Socially Engineered Malware
Hackers compromise legitimate websites all the time. During those periods in which they are in a someone else’s control they can become a dangerous trap for internet users visiting the site. If one of your employees were to visit a compromised site it is likely that they would see the site as usual, but with an additional message telling them that their computer is infected and they need to run antivirus software immediately, or run a disk defragger, or possibly install a PDF reader or other name-brand program. But, of course, selecting that option only leads to a quick installation of malware onto the target computer— malware that can steal data, take control of the computer to access your network, encrypt company files for ransom, or simply lie dormant and wait for more orders.
This scheme may sound too obvious to work, but because the hosting sites are legitimate (though temporarily compromised) and because many of these prompts are designed to look authentic, hundreds of millions of hacks in this vein are completed every year. Stopping them requires good anti-malware and end-user training to teach your employees never to download anything to company computers unless specifically instructed by IT.
3. App-Specific Attacks
Packet sniffers allow hackers to automatically collect information about a potential victim’s computer or network by scanning data packets sent over the internet. These packets can tell them what operating systems you or your employee is using, what applications they have running, and how much network traffic is passing back and forth. And this info be enough to give away known security flaws in your system.
Common programs like Java, Adobe Reader, and Adobe Flash are full of security flaws that have been patched over the years as they have been discovered. But if a hacker can determine that you or your team members are running an outdated version of Adobe Flash, they can quickly target that old vulnerability and get into your system. The only way to protect against these attacks to make sure that everything is automatically and routinely kept up to date and patched against all known security threats—and for that you need an IT team with experience and expertise.
Let Grundig IT be that team for you. Contact us today at grundigit.com for data security services and other technical support to keep your company and data safe, secure, and connected.