Firstly, what are cyber threats? Cyber threats are activities used to compromise the security of a network, website, social media account or system, by gaining unauthorised access and making changes or accessing information. This is achieved by changing the integrity, confidentially or availability of that system, or the information presented.
As you would expect, these activities all take place online, with motives ranging from hacker to hacker. Usually the purpose is to cause damage or create disruption to individuals and organisations. Hackers aim to take advantage of vulnerabilities, especially by those with low cyber security awareness, hence the need to educate yourself, your employees and your company.
Having a good understanding of how cyber threats occur, is the first step to protecting yourself and those around you. One effective option is to train yourself or your IT team in Cyber Security, through Cyber Security courses.
According to the National Cyber Security Centre there are two types or categories of cyber-attacks: targeted and un-targeted attacks.
Let’s explore these two categories in more detail.
Targeted cyber attacks take aim directly at your business, usually because, for some reason, the attacker has a specific interest in it, or has been hired to target your company directly. While finding the best way in can take months of planning and testing, the hard work all pays off if they manage to exploit your systems, users or processes. This type of attack is usually more damaging than an un-targeted attack and typical attacks include:
Unlike a targeted attack, un-targeted attacks pay no real attention to audience. Attacks are aimed at many devices, services and users as possible, to cause as much damage as possible. Hackers of this type of account don’t care who their victims are.
Typical attacks include:
No matter which type of attack you’re faced with, they’re be a few stages they have in common, some of which are repeatable stages.
Overall, an attacker is checking your defences for any weakness, which could help them hit their target. Being able to understand these stages better will ultimately help you defend yourself and your company from hackers.
There are four key stages present in most cyber-attacks. These are:
Let’s explore these four stages in more detail.
Stage 1 - Survey
A hacker will try any available means to find a technical, procedural or physical vulnerability, which they will attempt to exploit. This is achieved by using open source information, which often includes networking sites like Facebook or LinkedIn. Using commodity toolkits and techniques, they will store and review any information they can regarding your companies’ devices, security systems and staff.
Information can be gained from user errors, which can be used in attacks. There are a few common errors, which can include:
Stage 2 - Delivery
Here an attacker will try to position themselves in a way that allows them to exploit any vulnerabilities they’ve identified, or they think could potentially exist.
These can include:
Stage 3 - Breach
The goal is to cause damage to your organisation and unauthorised access can allow hackers to:
Stage 4 - Affect
Finally, an attacker will seek to expand access and explore your systems, to establish a persistent presence, which usually comes on the back of taking over a user’s account. All they’ll need now is administration access to one system and they’ll be able to install scanning tools, which will help them discover even more about your networks, or take control of other systems.
A hacker’s end-goal could be to:
Helping your business protect themselves from cyber-attack is becoming more and more vital, to ensure regular, day-to-day processes remain undisturbed. One effective way to get yourself or your team upskilled in cyber security is through our Cyber Security Job Academy Programme. Contact us today to find out more.
Interested in a training course? To get started or discuss your requirements in more detail, call our Course Consultants on +44 (0) 20 3198 7700 or fill out our contact form and someone will be in touch with you to go through your training options.