The ‘Why’, ‘How’ and ‘Who’ of Cyber attacks

Every minute of every day European organisations are attacked by cyber criminals, and the consequences can be catastrophic. If your organisation suffers a data breach and loses important information then your business could even be forced to close down. In many instances you won’t even know you have been hacked until it is too late, and even then you may not know what to do or who to call for help.

Why is your organisation targeted?

You may think your organisation is safe from cyber attack, but every company is a target, whatever its size or type. If you have a web presence, you are at risk, and for a variety of reasons. The main reasons hackers target companies of any sector or size are that:

  • there are vulnerabilities within your system
  • competitors want your customers’ personal information (e.g. full names, email addresses, physical addresses, mobile number etc.);
  • cyber criminals want your company’s  sensitive information, assets and/or money;
  • an activist group wants to destroy you for ideological reasons or
  • criminal organisations want your software information.

In essence, any organisation with inadequate information security management systems (ISMS) in place is a potential target. The absence of an ISMS could leave the doors open to cyber attack, and increases the risk of a data breach. Any unprotected business information is likely to be targeted by hackers. The growing number and sophistication of cyber attacks in Europe not only reflects criminals’ expertise but also the lack of adequate information security management systems in European organisations. Don’t let the cyber criminals be smarter than you!

ISO 27001 is the internationally recognised cyber security best practice specification for an information security management system (ISMS). The standard provides companies with assurance and also helps to develop and enhance information security best practice. It ensured that organisations are protected from risks and threats which could otherwise lead to heavy financial losses and reputational damage.

How could your organisation be hacked?

Methods of cyber attack are increasing every day, and criminals are constantly working to find new ways of accessing your organisation’s information. Common types of incident are:

  • hacking, which is the unauthorised access to a computer or network, and which simply means that an illegal intrusion has occurred without the permission of the computer or network owner;
  • denial of service attack, which occurs by flooding your network with external requests  so that it no longer has sufficient bandwidth to provide its intended service;
  • virus dissemination, which is when malicious software (e.g. viruses, worms, Trojans etc.) attack your organisation’s systems ;
  • credit card fraud, when  hackers steal credit card numbers when a transaction is taking place via your company’s website;
  • net extortion, when the company’s confidential data is copied in order to extort money; and
  • phishing, which is the technique of extracting confidential information by pretending to be a trustworthy entity such as a bank.

IT Governance recommends reading CyberWar, CyberTerror, CyberCrime  for you to understand the risks of cyber crime and learn what measures you and your business should take. With this book you will understand the case for applying international standards and practices as the key counter-measure to the global threat of CyberAttacks

To learn about the origins of cyber risks and the development of strategies for their management is recommended reading Cyber Risks for Business Professionals: A Management Guide.

 

Who is responsible for protecting your organisation?

The first thing to do is find out how (or if) your organisation is protected. Don’t think that the IT department is solely responsible for cyber security: cyber security is a shared business responsibility throughout the organisation. Good security awareness means that all of your employees are aware of, and are able to identify, cyber threats.

The  ITG e-learning Course – Information Security Staff Awareness helps you deliver basic information security training to your staff making sure that employees are fully aware of their role in achieving effective information security.

For more information on how to protect your organisation, visit IT Governance EU.