What are some of the most common Cyber Security Attacks?
As technology continues to evolve more rapidly than ever, the importance for companies to continuously update their policies and practices is more vital than ever. Many businesses think that only larger companies fall victim to cyber crimes, but SMEs are the most consistent targets of a cyber crime.
Cyber criminals often target SMEs, believing they’re not as experienced as a larger organisation with their knowledge on cyber crime, making them more vulnerable as they may not even be aware it’s happening.
91% of cyber attacks and resulting data breaches began with a spear phishing email that was targeted at an employee. Without proper training and education, employees will not know which emails are safe, and which ones can lead to a disaster.
In order to help employees protect themselves and your company’s data, you should work on creating a security-focused workplace culture. Improve your security culture by:
- Training employees to recognise phishing red flags such as automated greetings, grammatical errors or demanding calls to action.
- Remind them not to click on links or open attachments from people that they do not know.
- Teach them to avoid unsecure websites when using work devices. You can spot a secure website if it begins with https rather than just http.
- Require employees to change their passwords every 4-6 weeks and implement Multi Factor Authentication (MFA). and encourage them to make each password complex and different from the previous one
Denial of Service (DoS) Attacks
A denial-of-service attack overwhelms a system’s resources so that it cannot respond to service requests. Unlike attacks that are designed to enable the attacker to gain or increase access, denial-of-service doesn’t provide direct benefits for attackers. That is unless the attack is from a business competitor, then the benefit to the attacker is very useful. By taking down your service it might rive your loyal customers to your competitors. The most common forms of this type of attack is:
SYN flood – is a form of attack in which an attacker sends a succession of requests to a system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
Teardrop attack – is a type of attack which exploits the fragment offset field in the IP header to produce buggy fragments which are then delivered to the target machine. Unable to rearrange the fragments, the victim keeps on accumulating the fragments until it crashes.
Smurf attack – The smurf program builds a network packet that appears to originate from another address . The packet contains an ICMP ping message that is addressed to an IP broadcast address, meaning all IP addresses in a given network. The echo responses to the ping message are sent back to the “victim” address. Enough pings and resultant echoes can flood the network making it unusable for real traffic.
Man in the Middle (MitM) Attacks
Man in the Middle attacks involves a cyber criminal intercepting the online connection and communication you’re having with someone or some website. They’ve have hacked their way right into the middle of the connection between the two of you. Not only have they placed themselves between you, but they’re able to impersonate each side of the connection, controlling the communication and getting temporary access to everything.