What is a cyber-attack?

Blog / What is a cyber-attack?

What is a cyber-attack?

A cyber-attack is a malicious and deliberate attempt by criminals to disable computers, steal data, or utilise a penetrated computer network to initiate more attacks. Malware, phishing, ransomware, or man-in-the-middle assaults are just some of the ways cybercriminals might start a cyber-attack. Organisations are vulnerable to cyberattacks as a result of inherent and residual risks.

Cyber assaults can also be used as part of nation-state cyber warfare or cyber terrorism initiatives. Effective cybersecurity or network safety policies at the corporate level are now more vital than it has ever been.

By cracking into a target network, a cybercriminal can steal, change, or destroy a specific target. Cyber-attacks can vary in intensity from malicious programs such as malware or a ransomware assault (e.g WannaCry) on a small company to attempting to bring down key infrastructure such as a local authority or federal agency such as the FBI or Department of Homeland Security.

A data breach, in which personal information or additional sensitive information is revealed, is a typical result of a cyber assault.

As more businesses do digital, the demand for data security experts who know how to employ data risk management to decrease cybersecurity risk is expanding. Vendor risk management, or third-party risk management frameworks are now more critical than ever due to the growing use and regulatory attention on outsourcing.

There are two types of cyber-attacks: passive or active cyber-attack.

  1. A passive cyber-attack is one that tries to obtain access to or use data from a system without affecting system resources. Examples of passive cyber threats include computer surveillance, network surveillance, wiretapping, port scanning, keystroke logging, data scrapping, etc.
  2. An active cyber-attack on the other hand is one in which an attempt is made to change a system or disrupt its function. Examples include brute force, Denial-of-service attacks (DoS), phishing, email spoofing, Cross-site scripting (XSS, exploit, virus, ransomware, trojan horses, worms, sql injection, etc.

Another key difference between passive and active cyber-attacks is that passive cyber-attacks jeopardise data security and active cyber-attacks jeopardise the integrity and availability of information.

A cyber-attack can originate from within your company as well as outside your organisation.

Inside cyber-attack: a data theft attempt launched from within an organization's security perimeter. This usually comes from a person with authorised access to sensitive data.

Outside cyber assault: An attack launched from outside a company’s security perimeter, including a botnet-powered distributed denial-of-service (DDoS) assault.

Cyber attacks targets

Cyber-attacks are usually directed at vulnerable resources, both physical or logical, which can be easily exploited by cybercriminals. The resource's confidentiality, integrity, or availability may be jeopardised as a result of the attack. Below are some common targets of cyber-attacks:

  1. Control systems These are essential systems that control things like valves and gates.
  2. Energy Electric grids or natural gas lines can be the target of cyber-attacks. Such attacks can negatively impact the residents of a city or region.
  3. Finance Financial infrastructures have actually become a common target for cyber-criminals. This has been facilitated by the increased interconnection of computers and networks.
  4. Telecoms By targeting telecommunication companies such as internet providers, cyber-criminals can have an effect on the way we communicate.
  5. Transportation A cyber-attack on transportation infrastructure can disrupt the transportation system of a city by manipulating the schedules or availability.
  6. Water Because water infrastructure is frequently managed by computers, it is a prime target for hackers and one of the most dangerous if hacked.
How secure is

your business?

Security test
How secure is

your business?

Security test