Topics In Demand
Notification
New

No notification found.

Understanding Cyberattacks
Understanding Cyberattacks

December 1, 2022

221

1

As advancements in digital technology have revolutionized businesses across all sectors, this progress has also introduced new risks relating to cybercrime. In recent times, cyberattacks across the globe have crippled large multinational organizations and even governments. This trend doesn’t appear to be going away, emphasizing the need for organizational cybersecurity initiatives that everyone, not just cybersecurity experts, can understand.

The top five cyber-attacks businesses should be concerned about are malware, phishing, Man-in-the-Middle (MITM) attacks, Denial-of-Service (DoS) attacks, and Internet of Things (IoT) attacks.

  • Malware, viruses, worms, trojans, and spyware have lasting effects on systems and personal data. However, the one we hear about the most is ransomware. It’s consistently in the news and has taken down pipelines, factories, and caused massive supply chain disruptions. Ransomware essentially holds data hostage and won’t release it without some sort of payment to the attacker. It’s hazardous and potentially life threatening, and we’ve only recently realized just how disruptive it can be on infrastructure, hospitals, and businesses.
  • Phishing scams attack people’s careers and can destroy their professional reputation, business standing, and even personal lives. Data is stolen and then manipulated to blackmail a person or business.
  • Man-in-the-Middle (MITM) attacks may sound a bit like science fiction but are extremely prevalent. A “pineapple” device, or rogue Wi-Fi device, is launched and mimics a public Wi-Fi access point. Anyone can unknowingly connect to the device, granting hackers access to their data. Anyone is at risk the moment they connect to available Wi-Fi from airports to cafes, to libraries. The only way to mitigate this risk is by using a Virtual Private Network (VPN) when connecting to a public network.
  • Denial-of-Service (DoS) attacks lead to website crashes from server overloads or traffic floods. This can occur when a new product launches on a website and the server is flooded with requests to the point of system overload, grinding bandwidth to a halt. The systems cannot process or fulfill legitimate requests because of all the attacker’s traffic to the site. This can lead to sales losses, upset customers, and irreparable damage to brand reputation.
  • Perhaps the most worrisome attack is via Internet of Things (IoT). These attacks can specially target devices used in infrastructure such as smart locks and security systems. If a device is exploited, an attacker can gain access to the network and control the devices. Smart technology such as thermostats, cameras, and door locks can be exploited. It is crucial to understand how to protect your business with additional security messages such as two-factor authentication.

Some of the most common mistakes organizations make are not prioritizing cyber risk prevention or recognizing what attack vectors are specific to their environment. Often companies cannot answer the following questions:

  1. Who has access to our critical data?
  2. What is our critical data?
  3. Where is our critical data stored?
  4. When are changes made to or around our critical data?
  5. How is our data managed and secured?

It’s essential to ask these questions regularly and not just because of an audit. This will avoid the knee-jerk reaction or panic to find these answers when a breach occurs rather than a proactive action.

Organizations have a huge responsibility to ensure their employees, clients, and products or services are well protected from cyberattacks. Educating your workforce on the different types of threats they can face will help mitigate future risks and disruptions. Be an advocate and share best practices regularly. Security awareness isn’t a once-a-year compliance training, it should be part of your workplace culture.

This article was originally published in Authority Magazine on April 17, 2022, under the title: Cyber Defense: BSI’s Kristin Demoranville On The 5 Things Every American Business Leader Should Do to Shield Themselves From A Cyberattack The content has been updated for this blog. Refer to the full article for Kristen Demoranville’s complete insights on this topic.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


BSI enables people and organizations to perform better. We share knowledge, innovation and best practice to make excellence a habit – all over the world, every day.

© Copyright nasscom. All Rights Reserved.