Two in five businesses reported a cyber attack or data breach in the past 12 months, according to the UK government’s Cyber Security Breaches Survey 2021. Among those, 35% reported negative effects including the loss of money, data or other assets.
These are alarming figures, but how exactly are organisations being affected? After all, there are many ways that cyber criminals can target your organisation – from scamming employees with bogus emails to exploiting vulnerabilities to hack into databases.
Each of those attacks will result in different problems. In this blog, we look at five of the most common causes of security incidents and explain the damage they can cause.
A successful phishing attack does one of two things. The victim will either download an attachment that contains malware, or they’ll click a link and hand over sensitive information, such as their login credentials or financial information.
The latter is more common and has a more immediate effect. If the criminal hacker accesses financial information, they will siphon off funds and make a quick exit.
If the attacker targets the victim’s login credentials, they can access the organisation’s systems and compromise sensitive data. The most common tactic is to copy sensitive files and sell them on the dark web, which another party will probably use to conduct fraud.
Meanwhile, if the attacker uses a phishing scam to plant malware, the same damage will occur but in a different way. Attackers often use keylogging software to track information as it’s being entered into a computer, giving them access to employees’ passwords.
When an organisation is infected with ransomware, it’s pretty hard not to notice the effects it has. The malicious software spreads through the victim’s systems encrypting files, making it impossible for organisations to open them.
Additionally, organisations may decide to shut down parts of their business that haven’t yet been infected to stop the spread.
Given that organisations are being urged not to pay ransom demands, victims will be left without access to their systems until they’re able to restore information from backups.
In the meantime, they may be required to shut down some, or all, of their operations. Any processes that can be performed manually (using pen and paper, for example) can continue, albeit slower than usual.
This will result in financial losses from the disruption to productivity, and in having to spend time and resources on remediation efforts.
Organisations should also anticipate data loss, as they likely won’t have a comprehensive set of backups.
Unlike most security incidents, the objective of DDoS (distributed denial-of-service) attacks isn’t to compromise sensitive information. Rather, they are intended to frustrate the victim by shutting down or severely disrupting their systems.
They work by taking advantage of limitations on a computer network, overwhelming them until traffic is unable to be processed.
Organisations that fall victim are likely to experience a higher volume of spam than normal, a sudden loss of connectivity across devices on the same network, and slower website performance, with pages failing to load.
You may not have heard of the term, but you’ve probably been warned about the threat of credential stuffing. It refers to the way cyber criminals use lists of previously exposed usernames and passwords to access other sites.
The technique works because many people reuse their login credentials on multiple sites. If one account is compromised, therefore, attackers can use the information elsewhere.
The most obvious effect of credential stuffing is that victims will have their accounts compromised and give cyber criminals access to whatever information is held on them.
In some circumstances, attackers can leverage this into other attacks. For example, if they compromise an employee’s email address, they can send fraudulent emails to colleagues containing phishing lures.
Some of the most devastating data breaches don’t involve cyber criminals at all, but are instead the result of employees making mistakes. One of the most common examples of this is security misconfigurations.
Security misconfigurations can happen at any level of an application, including the web server, database and application server.
When they happen, sensitive information is often displayed in error messages, which could enable criminal hackers to gain access to the data.
The mistake may be even more basic than this. If employees store a database in the Cloud and fail to password-protect it, anyone who finds the file will be able to see its contents.
As a result, vast amounts of personal data will be compromised and the organisation won’t know that it has been breached until they audit their security practices or they are alerted to the information being in the wild.
Would you know if your organisation had suffered a data breach?
Although organisations are placing a greater emphasis on the threat of cyber security, it has never been harder to navigate the cyber threat landscape.
Criminals are constantly creating new ways to target organisations – and the array of issues currently facing them, from regulatory compliance to the pandemic to the effects of Brexit – make it almost impossible to keep up.
If there’s one lesson that organisations must learn, it’s that data breaches are unavoidable but the devastating after-effects aren’t. Those that plan for disaster alongside preventative measures are much better equipped to handle disruption and get back to business.
Those looking for help doing should take a look at our Cyber Incident Response service. It’s the ideal solution for anyone trying to recover from a data breach or cyber attack, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.