What is cyber security?
Cyber security is a broad term for the measures you might have in place to combat cyber-attacks – attacks on a computer system that can range from data theft to system damage.
Whether you’re an individual or a large company, the chances are that at least some of your work, personal information and/or private data is stored either on a computer or in a data cloud. This means it can be vulnerable to cyber-attacks, which can come in different forms. This makes it crucial to not only understand cyber security and what it does, but also why you need it and how it could protect you.
According UK government data collected in 2019
What are the most common cyber threats?
There are quite a few avenues a cyber-attacker could go down to access your information and data, but they can be categorised into the following:
Malware, or malicious software, refers to different types of programmes or files that are designed to sabotage a computer user. These can include:
- Viruses: Viruses are malicious programmes that are capable of launching and replicating themselves, but that need to be interacted with in order for them to be spread – for example, by someone opening an email or file containing the virus.
- Trojans: Trojans, or Trojan horses, are programmes that look safe or innocent but are actually hiding malicious software. Trojans themselves are classed as malware, but attackers generally must trick people into activating them using social engineering methods such as fake emails or software.
- Worms: Worms are similar to viruses in that they are malicious pieces of software that can launch and replicate themselves, but they can also spread without being interacted with.
- Spyware: Spyware is software that can spy on you – it collects information and data from whatever device it is installed on without you being aware. Software that can do this but makes you aware of its presence is generally not referred to as spyware, such as advertising cookies or tracking software on kids’ or corporate computers.
- Ransomware: Ransomware is a type of malware that locks a computer’s files, so the user cannot access them without paying a ransom to have them decrypted. It’s typically used on business-critical data, and is an increasingly common attack.
- Rootkits: Rootkits refer to one or more pieces of software used by attackers to gain access to your computer system remotely. With remote access, attackers can implement other forms of malware to take control of or damage your computer. Rootkits can include RATs (remote access Trojans) and backdoor viruses.
Social engineering is an interactive tactic used by cyber attackers to steal information or data. For example:
- Baiting: Baiting happens when an infected piece of hardware, such as a hard drive or USB device, is intentionally left where someone can find and use it, thereby installing the malicious software hidden on it.
- Phishing: Phishing refers to when attackers sent out emails pretending to be from a legitimate source, such as a bank or telephone company. They generally intend to lure you in so you share financial or personal information like your bank account details or answers to private security questions. When emails like this are designed for a specific target, this is known as spear phishing, while when it is done over the phone it is called vishing.
- Scareware: Scareware is software that scares victims into purchasing malicious software. They often do this by pretending to be an anti-malware programme that ‘finds’ threats on your computer system, before telling you to purchase the actual malware as the only solution to the ‘problem’.
- Water-holing: Water-holing is when an attacker targets a specific website that a certain person or group of people trust and use frequently.
According UK government data collected in 2019
These attacks aren’t rare – almost a third of businesses have been victims of cyber attacks.
However, sometimes computer systems can find themselves vulnerable to software that is intrusive and in some cases unwanted, yet that isn’t intended to do malicious harm to the computer system or the user. This can include things like adware and other potentially unwanted programmes (PUPs), and while they may not be malicious they can still affect your computer by:
- Disturbing users with unwanted ads
- Reducing the performance of the computer system
However, adware and PUPs still have the potential to be malicious – for example, software might be vulnerable to attackers who can turn advertising into ‘malvertising’ by giving the adware malicious features. Different ads and other PUPs might also contain hidden spyware that can collect your data and information without you knowing.
What consequences can cyber-attacks have?
A cyber-attack can potentially have big consequences for affected businesses, as heavy reliance on the internet and computer systems often means that a company’s data security plays a big part in its infrastructure. When a business falls victim to a cyber-attack, it has to consider consequence relating to:
Reputation and trust
Being the victim of a cyber-attack can bring up questions about a company’s reputation and trustworthiness, as customers, employees and partners could all be affected by a potential security breach:
- Customer relationships: If a cyber-attack results in large amounts of private customer data being accessed or stolen, people may lose trust in the company’s ability to protect their information
- Employees: Employees may also feel they can’t trust the company, and therefore be tempted to find a new role where their information is secure
- Partners and investors: Other businesses and potential future investors and shareholders could also be put off by fears over security, and therefore might want to take their business elsewhere
- Unwanted attention: When a company is hit by a cyber-attack, they may also find themselves subject to heavy scrutiny as well as investigations and audits, all of which can cause further damage to their reputation
According UK government data collected in 2019
As a result of cyber-attacks and the related reputational damage, companies can also incur financial losses, such as:
- Theft: Cyber criminals may be able to access and therefore steal money from business bank accounts.
- Fines: If your firm doesn’t comply with data protection rules, the General Data Protection Regulations (GDPR) could leave you with a huge fine.
- Legal fees: Loss of data can also lead to a lot of legal action by customers and business partners, which can be a burden on a company’s books.
- Investigations: A company may also have to conduct an investigation into its own cyber security framework and what went wrong that allowed the attack to happen, and these aren’t necessarily easy or cheap, even if done internally.
- Insurance premiums: As a result of the cyber-attack, a company might find that taking out cyber insurance could become more costly as they are seen as a potentially higher risk.
- Cyber improvements: When flaws in cyber security are exposed they need to be fixed, and this could range from new software and hardware to employee education and a complete rebuild in the company’s cyber infrastructure.
- Staff turnover: While it can be unfortunate, sometimes these attacks come down to a human mistake or error, in which case many companies may be forced to terminate contracts of employees responsible for the lapse in security, and spend time and money training new starters.
- PR: With a damaged reputation, a company might have to allocate more funds to repairing their public image through extensive PR work, which can be especially expensive to smaller businesses.
Cyber-attacks can ultimately have a big impact on the day-to-day operations of a business.
- Financial damage: Financial damage might be a minor issue to major companies which can afford to spend big, but for smaller businesses that fall victim the financial blow can cause a huge disruption to the company’s ability to function.
- Reputational damage: Major companies might be able to withstand financial damage, but word of mouth can still ruin reputations no matter how big they are – sometimes even more so for global brands. As a result companies could lose huge portions of customers and investors, severely impacting their operations.
- Operational disruptions: For businesses that rely heavily on their computer system to function, a cyber-attack could actually stop the business from functioning by attacking core parts of its functionality. If this disruption goes on for a few days or more, it’ll heavily affect your business at all levels.
What can you do to protect yourself from cyber attacks?
The landscape of cybercrime and security is constantly changing due to the ever-evolving nature of technology. As a result, it can sometimes be difficult for businesses to stay completely up to date with the latest information – particularly small to medium enterprises who cannot afford to allocate a lot of funds towards cyber protection.
However protection from cyber-attacks is essential due to the possible disastrous consequences that can be incurred as a result. It’s therefore a good idea to consider the following ways to keep yourself protected against future cyber criminals and their methods:
- Security: Keeping your business’s IT security software and hardware up to date is a good way to ensure you’re protected against the latest cyber threats. This includes keeping your anti-virus software up to date, as well as the security features on any applications your company uses, devices such as phones and computers, your network and internet connection, and your data stores.
- Detection and response: If you do come under attack from cyber criminals, it’s important to have a sure fire system in place to detect and minimise the immediate threat and protect anything that has yet to be attacked.
- Recovery and reparation: When you’ve been the victim of a cyber-attack, your business will benefit from a solid recovery plan that lets your business operations continue without too big an interruption in services. This can be particularly important for businesses that rely on online transactions if their e-commerce website comes under attack.
- Education: To prevent future attacks, make sure your staff are educated about the possible risks. This can include simple things such as choosing a secure password and being responsible with company hardware. This ensures they’re using best practice, giving your company a higher chance of protecting itself. This should be an ongoing process, as the risks constantly change.