Cyber security, in most people’s consciousness, is a relatively recent phenomenon but in reality, is something that has been around since the early 1970s when ‘Reaper’, the world’s first antivirus program, was created. Since then, the digital landscape has changed dramatically and with it, the issues and challenges of cyber security. Because of this, it’s important to have a good grasp of what cyber security is and in what situations we should be using it.
What is cyber security?
Cyber security is the act of protecting mobile devices, laptops, computers, servers, networks and other databases from cyber attacks which is essentially a malicious attack to steal, disrupt or destroy data and/or services.
With the prevalence of wireless technology including Bluetooth and WiFi and the increasing connectivity of smart devices via the Internet of Things (IoT) – people and organisations are more exposed to cyber security risks than they’ve ever been.
The sophistication of cyber attacks in this day and age now demands a holistic approach to cyber security to protect oneself or an organisation from as many potential threats as possible. Cyber security specialists like NEC, who are Palo Alto Networks and Juniper Partners, are well-placed to lead this fight with the latest strategies and techniques.
What are the different types of cyber attacks?
In order to fully comprehend what cyber security is, it’s important to understand the different types and forms cyber attacks can take. In doing so, you’ll be able to make an informed decision about which threats you’re likely to be most vulnerable to and act accordingly. Five of the most common types of cyber attacks are as follows:
Distributed Denial-Of-Service (DDoS)
A distributed denial-of-service attack is one that floods a website/server with traffic in the form of messages/connection requests etc, originating from multiple sources. This often causes the website/servers to crash stopping legitimate users from using the service. In the past, high profile companies, government and media organisations have fallen victim to this. One of the largest DDoS attacks was targeted at GitHub (a software developer platform) in 2018 and was hit with 1.35 terabits per second causing severe connectivity issues. Luckily, they had measures in place to help counter this but the scale of the attack led them to further bolster their defences.
Phishing
Phishing is one of the oldest types of cyber attacks which acts as a form of online identity theft. Typically this is in the form of an email that is received mimicking a genuine source requesting personal credentials, like login details to an online bank account. Once they acquire these details they are able to use and exploit your data for their own benefit. The worst example of this was the Austrian aerospace company FACC, which lost $47 million dollars from a single scam with a phishing email that got a junior accountant to transfer the funds to a fake account.
Malware
Malware is a form of malicious software that is designed to disrupt, damage or steal data from a computer or network. It’s an umbrella term that covers a wide range of cyber attacks like viruses, trojans, spyware, ransomware, adware – the list goes on. It’s probably the most common form of cyber attack for an individual user and can be particularly well concealed to the user. There are endless examples of malware that has affected individuals and businesses throughout the history of information technology including ILOVEYOU, MyDoom and Slammer – all of which did $1 billion + each worth of damages.
Man-In-The-Middle (MITM) Attack
A man-in-the-middle attack is a breach in the communication channels between two parties by a third party. This is the cyber equivalent of eavesdropping, typically when sensitive information is being exchanged. The purpose of this often to leak the information at hand or use it in some other way to benefit the perpetrator. In some situations, the actual communications between parties can be edited and manipulated without either party being aware. Even legitimate companies have been accused of doing a form of MITM attack like Nokia via its Xpress Browser which was accessing its user’s encrypted browser traffic in 2013. The browser soon shut down in 2015.
SQL Injection
An SQL injection is a type of cyber attack that typically targets databases by injecting malicious code that allows intruders to perform harmful actions to them. This can be done to extract information (such as customer/client details) from a database or to delete information from the database itself. Retailers have been particularly susceptible to this in the past and the implications for a business can be devastating. One of the biggest SQL hacks occurred in 2011 when its PlayStation Network was attacked and the personal details of 77 million users were compromised.
Why is cyber security important and for who?
As you can see, there are a wide range of cyber attacks that can threaten an individual, business or organisation with profound repercussions and consequences. The use of technology in our lives has risen dramatically and is only going to integrate itself further into day-to-day functions and processes.
With perpetrators constantly searching for vulnerabilities and developing their own sophisticated techniques in doing so, it’s crucial that those that rely on technology and systems equip themselves with the best defence of these threats where they can. You could justifiably say everyone needs at least some form of cyber security but we thought we’d give a few examples with context so you can better appreciate just how important it is:
Individuals
Some people take a flippant attitude towards their own cyber security thinking their own chance of being targeted is slim. Perpetrators, however, are experts at targeting the unsuspecting. Vigilance is therefore essential, especially when online banking or shopping with credit cards are concerned as well as the use of your own social media accounts. There are many suites and software packages available that can protect all your devices from such threats.
Small Businesses
As individuals can take their cyber security for granted, so too can small businesses. This, as you can imagine, is to their detriment. Small businesses are particularly vulnerable as they’ll often be operating within tight margins where cyber security may seem a luxury. Ransomware attacks, phishing attacks and weak passwords are some of the most common means used to exploit weaknesses and the costs of recuperating losses can be much worse than the costs to protect.
Global Corporations
Global corporations are often the target of sustained attacks for a variety of reasons including economic and political. In some ways, they can be victims of their own success as their increased visibility exposes them to more potential perpetrators. Needless to say, the larger an organisation is, the bigger the fallout from a cyber attack can be. This can not only result in financial losses but there can also be legal ramifications (where personal/confidential data is concerned) and reputational damage if the loss of services is experienced.
Government Organisations
Cyber attacks have unfortunately become a vehicle for cyber terrorism with incidents on the rise on a global scale. For governments, they are a huge threat and can disrupt and jeopardise government systems, databases, security and national intelligence systems to name a few. Government attacks can be particularly damaging because it can adverse effects on so many aspects of our society including public services and businesses as well as communities and individuals. In the worst-case scenarios, these can have knock-on effects for international partners and become global problems.
Cyber security can protect your future
As you can see, cyber security is a vital preventative measure to take to protect individuals and organisations from cyber attacks. NEC has been leading the way working with companies and organisations all around the world providing next-generation firewalls to keep current and emerging threats at bay. On top of this, NEC has contributed to INTERPOL’s own cybercrime investigation training in an effort to strengthen security measures on an international level. It is an area of utmost importance and one that NEC will continue to pursue for many years to come.