Cyber attacks are attempts to disrupt or disable computer systems or steal valuable data. They will usually result in a violation of one of the principles of the CIA Triad:
Cyber attacks can compromise sensitive data, including:
- Personal information such as social security numbers, government-issued documents, or medical information.
- Financial information such as credit card numbers and bank account numbers.
This can lead to consequences like identity theft, which is time-consuming, frustrating, and expensive to resolve.
Types of Cyber Attacks
There are several types of cyber attacks. Some of the most common include:
- Malicious software like malware that can spy on someone unnoticed (spyware) or hijack entire systems (ransomware).
- Phishing scams where an email, text, or link could trick a user into sharing sensitive, private information.
- A “man-in-the-middle” (MitM) attack where the attacker intercepts a connection between multiple users.
- Distributed Denial of Service (DDoS) attacks that overload a system’s resources and bandwidth.
- SQL injections that corrupt or collect data from servers and databases.
- Zero-day vulnerabilities that exploit software vulnerabilities before they’re patched.
- DNS tunneling that hides and removes the data of other programs in DNS queries and responses without being detected.
Organizations and individuals can and should take steps to prevent cyber attacks.
- Along with self-directed learning, organizations should educate employees on common cyber threats, including phishing and social engineering.
- Perimeter defenses, such as firewalls, should be installed and kept up to date.
- State-of-the-art antivirus software and malware detectors should be in place and continually updated to address threats.
- While patch management might seem tedious, it can help prevent vulnerabilities from being exploited.
- Strong user authentication and authortization practices, such as strong passwords and multi-factor authentication, should be utilized.
- Businesses should especially have a response plan to deal with security breaches.