Cyber Security. The most common attempted attacks to companies

2018 was a landmark year in terms of cyber security approaches. This is when major attacks to corporations and companies took place (a huge data leak occurred from Facebook, for example, and in Poland, for example, from Morele.net.). In May 2018, the RODO directive was introduced. What challenges do companies face in terms of cyber security?

We often think that we are familiar with the topic of security, and that mainly corporations are vulnerable to attacks. This erroneous thinking can cost a lot. The number of threats on the web and the ingenuity of hackers have increased. About 2 million user data were leaked from Morele.net alone. According to a study by Cybersecurity Ventures, by 2027 spending on cyber-education will rise to 10 billion zlotys.

What are the most common attacks to companies?

There are several types of cyber threats that cannot be ignored:

1. Malware, or malicious software. It refers to programs, applications that, once they get into a company’s network, do a lot of damage to it.
2. Ransomware. This is a type of malware in the form of viruses, worms, Trojans that hook up to the system and often lock it up. It can only be recovered after a ransom is paid.
3. Phishing. This type of attack involves assuming a false identity and impersonating someone else in order to phish for information such as login credentials, personal information, credit card details or other sensitive information. This type of cyber attack is becoming increasingly sophisticated. Often, attackers try to extort sensitive data by threatening to block or delete accounts.
4. Password Attacks. Here several types stand out:
   • The Brute Force Attack. The cybercriminal looks for common words and combinations for a company, such as by reading the “contact” tab, which lists the names of employees. He then creates passwords based on this data and other common names, such as animal species. These are very simple combinations that company employees often use.
   • The Dictionary Attack. Similar to the first one, but focused on 7 letters or less, because these are the passwords statistically most often chosen by users. Programs are created to attack passwords to which the previously mentioned words are added. The cybercriminal types in a suggested password (length, type), and the program searches for them at a rate of several hundred words per minute.
   • Key Logger (Key Logger Attack) – this is a program that records every combination of characters on the keyboard, so that when you type your passwords, the cybercriminal immediately has them “on a platter”.
   • DoS and DDoS attacks. These are attacks used on a larger scale. They involve sending large amounts of data, queries and information from a network of tens or even hundreds of thousands of computers from all over the world. Servers don’t have the computing power and can’t handle such a large amount of data. As a result, the server “falls” from overload with the amount of operations. This is a common method of operation for cyber criminals. The best countermeasure will be to use analytics solutions to monitor unusual changes in network traffic.

What are the causes of attacks?

According to report by Cyber Security Statistic, nearly 50% of hacks are responsible for human error.

• Company’s negligence and mistakes
• Third party error
• System error
• Hacking attacks.

Cybercriminals are often concerned with the possibility of stealing data that can then be sold and the possibility of ransomware.

How to prevent threats?

A very important issue for companies is to put in place a coherent and thoughtful policy to counter cyber threats:

• Training employees on security and data protection, including creating strong passwords (e.g., using password managers like KeePass)
• Implementing other security procedures: two-factor data authentication, distinguishing dangerous messages from the right ones
• Install secure software and instruct employees on data storage
• Monitoring and control of employee behavior in terms of security
• Control of the company’s equipment, detecting errors on the fly and responding appropriately
• Data Backup.

It is worth following the example of companies that organize dedicated training for employees in security, and sometimes a phishing presentation during a workshop. According to research by Gartner, in the age of cloud solutions, by 2022 nearly 95% of attacks will be the fault of humans and organizations.

Security IT at ITH

We are a web hosting company with years of experience. We offer solutions to help you keep your data secure and protect yourself from cyber threats. We perform auditing and monitoring, have a cloud firewall and high-speed hosting. We encourage you to take advantage of our services.