Just under half of all cyber-attacks are aimed at small to medium-sized businesses but, the risk isn’t limited to just those organisations. It is a risk that everyone faces, even national and international brands.
This week, budget airline company, EasyJet, fell victim to a cyber-attack. Around nine million people’s travel information and contact details were hacked in the breach along with 2,208 customers’ credit card details.
In a statement, EasyJet clarified to its customers that “issues of security are taken extremely seriously” and customers who have had their credit card details accessed are being contacted.
The news of the cyber-attack came just days after UK Foreign Secretary Dominic Raab highlighted the rise in cyber hackers looking to exploit vulnerabilities and steal valuable information during the coronavirus pandemic.
EasyJet is not the only high-profile organisation to fall victim to such highly sophisticated cyber-attacks. The likes of the NHS, British Airways and cleaning company ISS World have all been at the centre of huge hacks or data breaches.
As defined by the National Cyber Security Centre, cyber-attacks are “malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means”.
Cyber-attacks can come in many guises. Being aware and taking preventive steps against them are the best ways to protect business from an attack.
There are two different categories of cyber-attack; targeted and untargeted. Each category contains different ways that hackers can target an individual or organisation.
Untargeted attacks are not specifically aimed at any one type of person or organisation. They seek out multiple revenues for exploitation. These include:
Phishing – whereby emails are sent out to a large number of people asking for personal data or containing fake links which often contain harmful material
Water holing – compromising a legitimate website or creating a fake one for users in order to exploit them and their personal details
Ransomware – a type of malware which criminals use to gain access to and lock users out of files. Files that have been locked will often be used as leverage for ‘ransom’ to have the files returned
Scanning – searching a large area of the internet randomly to find sites to attack
Targeted attacks are aimed at an individual or organisation that has been singled out and often more thoroughly thought out and damaging. These include:
Spear phishing – similar to phishing however the emails are sent to targeted individuals
DDoS extortion – distributed denial of service attacks are attempts to overwhelm a website by supplying it with a large amount of traffic. This typically results in a server crash. Criminals will contact organisations and threaten to subject them to a DDoS
Subverting supply chain – this involves attacks on software or other suppliers that the organisation relies on
The variety of cyber-attacks and the ways in which hackers operate can be daunting, however you can protect yourself and your organisation. Bigger companies, such as EasyJet, are more at risk from more sophisticated and targeted attacks while SMEs are more likely to fall victim to untargeted attacks. SMEs can protect themselves against these types of attacks by taking preventative measures.
Not all measures to protect yourself from cyber-attacks have to be complex. Simple steps such as having secure passwords and installing security software all go a long way to protecting your computer or devices. Read our blog for six top tips for increasing your computer security.
During COVID-19 we are providing our clients with access to training, including topics such as cyber security, to pass onto their employees. Internal training on matters such as this can reduce the risk of attacks which include a decision made by an employee, for example, opening a scam email or attachment.
In a society were cyber threats are evolving at a rapid pace, the need to keep on top of cyber-security, is vital and even the most experienced computer users can run into issues. If you need advice, feel free to contact us.
As key project members in many of our IT projects whether, actively assisted or simply advised what they do not know about IT, in our opinion isn’t worth knowing!- Nadia Mullins-Hills -