To battle Cyber Villains, you need to understand what threats your business faces.
A cyberattack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information.
The most common types of Cyber Attacks are: malware, ransomware, phishing, and man-in-the-middle attacks (MITM), SQL injection and denial of service.
Malware — or malicious software — is any program or code that is created with the intent to do harm to a computer, network or server.
In malware attacks, hackers can employ phishing techniques or exploit network vulnerabilities to access the system. Most malware applications start by ensuring a means of persistent access, allowing the adversary to slip into the network at will. Once inside, the malware takes control of the system with the intention of transmitting sensitive information such as customer data, IP or images from a device’s camera back to the malware owner.
Angel of Death
Ransomware is a type of malware that denies legitimate users access to their system and requires a payment, or ransom, to regain access.
A ransomware attack is designed to exploit system vulnerabilities and access the network. Once a system is infected, ransomware allows hackers to either block access to the hard drive or encrypt files on the computer.
In ransomware attacks, adversaries usually demand payment through untraceable cryptocurrency. Unfortunately, in many ransomware attack cases, the user is not able to regain access, even after the ransom is paid.
Lady of Sorrows
Phishing is a type of cyberattack that uses email, SMS, phone or social media to entice a victim to share sensitive information — such as passwords or account numbers — or to download a malicious file that will install viruses on their computer or phone.
A man-in-the-middle (MITM) attack is a type of cyberattack in which a malicious actor eavesdrops on a conversation between a network user and a web application.
The goal of a MITM attack is to surreptitiously collect information, such as personal data, passwords or banking details, and/or to impersonate one party to solicit additional information or spur action. These actions can include changing login credentials, completing a transaction or initiating a transfer of funds.
While MITM attackers often target individuals, it is a significant concern for businesses and large organizations as well. One common point of access for hackers is through software-as-a-service (SaaS) applications. Attackers can use these applications as an entryway to the organization’s wider network and potentially compromise any number of assets, including customer data, IP or proprietary information about the organization and its employees.
A monstrous creature to be feared
SQL Injection attacks are similar to XSS in that adversaries leverage system vulnerabilities to inject malicious SQL statements into a data-driven application, which then allows the hacker to extract information from a database.
A god of disorder, storms, and violence
A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with false requests in order to disrupt business operations.
In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email, websites, online accounts or other resources that are operated by a compromised computer or network. While most DoS attacks do not result in lost data and are typically resolved without paying a ransom, they cost the organization time, money and other resources in order to restore critical business operations.
The Australian Privacy Act 1988 sets out how personal information should be managed by Australia businesses. It outlines the standards of accountability and transparency that need to be adhered to protect individuals’, personal information. As a business you have access to client records and private information and this information must be protected.
Under the Privacy Act 1988 , any business with an annual turnover of more than $3 million is required to notify individuals if their personal data has been involved in a serious breach.
If your business earns $3 million or less, you still may need to comply if you are:
For those who don’t comply, the fines are up to $420,000 for individuals (serious or repeated interference with privacy) and up to $2.1 million for corporations, with this soon to be increased to $10 million.