Know Your Enemy

To battle Cyber Villains, you need to understand what threats your business faces.

A cyberattack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information.

Introducing the Villains

The most common types of Cyber Attacks are: malware, ransomware, phishing, and man-in-the-middle attacks (MITM), SQL injection and denial of service.

digital illustration of realistic dark double heads creature monster from hell with action pose of pinching a bloody object

Dracul: Malware

The Devil

Malware — or malicious software — is any program or code that is created with the intent to do harm to a computer, network or server.

In malware attacks, hackers can employ phishing techniques or exploit network vulnerabilities to access the system. Most malware applications start by ensuring a means of persistent access, allowing the adversary to slip into the network at will. Once inside, the malware takes control of the system with the intention of transmitting sensitive information such as customer data, IP or images from a device’s camera back to the malware owner.


Azrail: Ransomware

Angel of Death

Ransomware is a type of malware that denies legitimate users access to their system and requires a payment, or ransom, to regain access.

A ransomware attack is designed to exploit system vulnerabilities and access the network. Once a system is infected, ransomware allows hackers to either block access to the hard drive or encrypt files on the computer.

In ransomware attacks, adversaries usually demand payment through untraceable cryptocurrency. Unfortunately, in many ransomware attack cases, the user is not able to regain access, even after the ransom is paid.


LOLA: Phishing

Lady of Sorrows

Phishing is a type of cyberattack that uses email, SMS, phone or social media to entice a victim to share sensitive information — such as passwords or account numbers — or to download a malicious file that will install viruses on their computer or phone.

Major brands and government agencies often fall victim to being impersonated by phishing attackers in order to increase the success rate of retrieving information.


Tirich: Man-in-the-Middle Attacks (MITM)


A man-in-the-middle (MITM) attack is a type of cyberattack in which a malicious actor eavesdrops on a conversation between a network user and a web application. 

The goal of a MITM attack is to surreptitiously collect information, such as personal data, passwords or banking details, and/or to impersonate one party to solicit additional information or spur action. These actions can include changing login credentials, completing a transaction or initiating a transfer of funds.

While MITM attackers often target individuals, it is a significant concern for businesses and large organizations as well. One common point of access for hackers is through software-as-a-service (SaaS) applications. Attackers can use these applications as an entryway to the organization’s wider network and potentially compromise any number of assets, including customer data, IP or proprietary information about the organization and its employees.


Griffin: SQL Injection

A monstrous creature to be feared

SQL Injection attacks are similar to XSS in that adversaries leverage system vulnerabilities to inject malicious SQL statements into a data-driven application, which then allows the hacker to extract information from a database. 

Hackers use SQL Injection techniques to alter, steal or erase data.


SETH: Denial-of-Service (DoS) Attacks

A god of disorder, storms, and violence

A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with false requests in order to disrupt business operations.

In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email, websites, online accounts or other resources that are operated by a compromised computer or network. While most DoS attacks do not result in lost data and are typically resolved without paying a ransom, they cost the organization time, money and other resources in order to restore critical business operations.

Government Regulation and Penalties

The Australian Privacy Act 1988 sets out how personal information should be managed by Australia businesses. It outlines the standards of accountability and transparency that need to be adhered to protect individuals’, personal information. As a business you have access to client records and private information and this information must be protected.

Data Breach Reporting

Under the Privacy Act 1988 , any business with an annual turnover of more than $3 million is required to notify individuals if their personal data has been involved in a serious breach.

If your business earns $3 million or less, you still may need to comply if you are:

  • private sector health service provider, including complementary therapists, gyms, weight loss clinics, child care centres and private education providers
  • business that sells or purchases personal information
  • contractor providing services under a contract with the Australian Government
  • credit provider/credit reporting body
  • residential tenancy database operator

For those who don’t comply, the fines are up to $420,000 for individuals (serious or repeated interference with privacy) and up to $2.1 million for corporations, with this soon to be increased to $10 million. 

Download Cyber Security Checklist


You will be redirected to Agile in 10 seconds to complete your Cybercare quote