We explore the types of cyber attacks and how you can stay safe when using IT equipment and systems.
The fast-paced world of digital technology means that we’re making rapid progress across many frontiers. However, with such advancements comes a rise in the scale and complexity of cyber threats. We explore some of the most common cyber security threats and how you can face them head-on.
As well as refreshing some of the basics of cyber security, we’ll examine some of the steps you should take to safeguard your IT systems. Finally, we’ll explore some of the best practices of cyber security and where you can get training.
The basics of cyber security
We’ve already covered the basics of cyber security in a separate article. Rather than providing the full details here, we’ve summarised some of the essential points as a refresher:
What is cyber security?
We use this term to refer to a set of different techniques that a person or organisation can use to protect the integrity of different networks, programs, and data from any attacks or unauthorised access.
There are many different methods and fields within the realm of cyber security, and these reflect the complexity and variety of cyber attacks.
Why is it important?
Whether on an individual, organisational, or even national level, cyber security helps to guard against issues such as information disclosure and the theft or damage of hardware, software, or electronic data.
The techniques used also help to ensure that IT-based services can function without disruption or misdirection. By understanding how essential the field is, it should come as no surprise that it’s one of the fastest-growing sectors in IT.
Who is responsible for it?
There are often some wrong assumptions made about who is responsible for cyber security. Some might say that an infosec manager or cyber security analyst is the one who takes responsibility within an organisation. While they’re certainly culpable to a point, each individual must take responsibility for their own cyber security.
While policies and protections exist to ensure that, from a technical perspective, individual equipment is safe, the end-user must also be educated and aware of the potential cyber risks that exist.
Part of this responsibility is understanding the cyber threats and vulnerabilities that exist and making informed decisions about how you interact with your IT equipment. And, of course, if it’s your home network and hardware, the need for this knowledge is equally as essential.
Types of cyber threats and how to deal with them
So, while there are cyber security jobs that focus on preventing data breaches, service outages, and other IT threats, each individual should be alert to the potential dangers. Not only this, but you should also know what to do to protect yourself against them.
Below, we’ve picked out some of the most common cyber security threats and outlined how you can deal with them. These are just some of the methods used by hackers and other malicious parties to compromise IT systems. To find out more, you can check out our microcredential on cyber security operations.
This is the term used to describe the process of trying to get private information by pretending to be a legitimate enquirer. A malicious individual or organisation may ‘fish’ for information by using fake communications, such as emails, to try and gain login credentials or other sensitive information.
Phishing is a well-established practice that has grown in complexity over the years. As such, these scams can be difficult to spot, even by those with a keen eye. Attackers can spoof email addresses, masquerade as legitimate entities on the phone, and create bogus websites capable of capturing sensitive data.
How to deal with phishing
There are several ways you can identify and avoid phishing attacks. Here are some top tips:
- Make sure your IT equipment is updated and installed with the necessary security software.
- Be suspicious of emails and calls that seem overly alarming or slightly odd. For example, an email might warn you of a breached password, but there could be spelling errors, an unusual email address, or an unprofessional layout. Don’t click on links unless you’re sure of the authenticity of a message.
- If you’re unsure whether a call or email is legitimate, contact the company before you respond. They’ll be able to verify whether it’s real or not.
- If you’ve fallen victim to a phishing scam, contact the relevant authorities. For example, in the UK, you can report it to the NCSC.
You’ll often find that malware and phishing scams go hand in hand. The term is used to describe malicious software designed to perform an attack on the device or server that downloads or runs it. Malware attacks can cause a corruption of data or even take down an entire system.
As with phishing, malware attempts to trick the user into clicking on a link or downloading/installing a program. Such programs can then self-replicate, track keystrokes, hijack system resources, block access, and other such compromising activities.
How to deal with malware
Again, there are several steps you can take to prevent and deal with potential malware cyber threats. We’ve picked out some essential advice below:
- Ensure you have anti-malware software installed and updated on your device.
- Back up your data, especially your important files, and make sure you can store them in an offline location.
- Only open files and software that you know is from a trusted source.
- Inspect content and correspondence to identify any features that seem amiss (as you would with phishing scams).
- Have a plan in place to deal with a potential malware attack. Find out more about this in our Cyber Security Fundamentals ExpertTrack.
Ransomware is a type of malware that essentially locks down a victim’s files, encrypting them so they cannot be accessed. Usually, the attacker will then demand a fee (often to be paid anonymously via cryptocurrency) to decrypt the data. It’s perhaps the biggest cyber security threat in the current landscape.
Again, a common starting point with a ransomware attack is with a phishing attempt. The attacker will try and dupe the victim into installing malicious software that then proceeds to lock the system down.
How to deal with ransomware
Victims of ransomware attacks can often feel helpless once they’re left without access to their files. As with many of the cyber security threats on this list, prevention is often the best way of dealing with them:
- Ensure you have antivirus software installed and up to date. The same applies to your IT devices.
- Set up your devices so that only authorised software and applications can run on them. Avoid opening applications and files from unknown sources.
- If you fall victim to a ransomware attack, notify your IT security team immediately (if at work). Disconnect the affected machine from your network.
- Notify the authorities of the breach. Do not pay the ransom, but ensure the relevant organisations are informed – they can advise you further.
- Find out more about cyber threats and risk management with our ExpertTack.
A man-in-the-middle (MITM) attack is when an attacker establishes a position between the sender of a message or information and the recipient, allowing them to intercept any correspondence. The MITM attacker could even alter the contents of a message without either sender or recipient knowing.
How to deal with MITM attacks
These types of attacks can be difficult to detect, so once again, prevention is a far easier method at dealing with MITM attacks:
- Ensure access points are secure. Wi-Fi networks are often particularly vulnerable to man-in-the-middle attacks, so making sure passwords are strong and secure is essential.
- Use VPNs for sensitive information. A virtual private network (VPN) can create a secure environment that you can use when handling valuable data.
- Make sure your web browsers are updated regularly – patches are released often to close any security vulnerabilities.
Trojan viruses are another form of malware. However, as the name suggests, these will invade your system by disguise. Often, they’ll look like a regular file or application in an attempt to trick you into running or installing it.
Once a trojan has gained access to your system, it can work to disable your antivirus, download more malware, or make it part of a DDoS attack (more on those further down).
How to deal with Trojans
Being thorough with understanding cyber security threats is the best way to prevent Trojans from gaining a hold on your system:
- Avoid downloading software from sources that you don’t trust/aren’t authorised.
- Ensure your operating system, browsers, and antivirus software is updated.
- Never run applications or open attachments from unknown sources.
- If you do have a Trojan, a strong antivirus application should be able to take care of it. If you’re unsure, contact your IT department or a professional.
A Denial of Service/Distributed Denial of Service Attack (DDoS) occurs when a hacker uses multiple devices (often numbering in the thousands) and uses them to overload target systems.
Usually, the attacker will target websites, which can only usually cope with a set number of users at any one time. This renders the website (and associated services) unusable for some time.
How to deal with DDoS attacks
A lot of preventing and dealing with DDoS attacks is handled by IT professionals with access to servers and networks. They will often ensure that cyber security solutions are in place. However, average users can help by following similar procedures and precautions as they would with malware prevention.
Cyber security best practices for 2021
Now that we’re familiar with some of the cyber security threats that are out there, we can bring together some of the cyber security best practices that regular users can put in place. These can help you prevent and deal with potential cyber threats. Whether you’re a home user or an employee at an organisation, these can help you stay safe:
Keep your system and applications updated
Hackers and organised criminals will often exploit vulnerabilities in software, operating systems, and web browsers to carry out cyber attacks. Providers will regularly patch their products to remove such vulnerabilities, so it’s essential that you install these updates.
Avoid links, programs, devices and attachments from unknown sources
As we’ve seen, cyber threats will often try to mimic authentic correspondence. If you’re in doubt as to where an email, call, or USB device originates from, you shouldn’t use it without a thorough screening.
Use a secure connection
When connecting to a network, whether at home or at work, you should ensure that you’re using a secure connection. This can mean using a VPN, ensuring a firewall is active, and that Wi-Fi access points are sufficiently protected and used safely. This can include:
- Never connect to a Wi-Fi network that is unknown, for example, a coffee shop or public transport; unless you know the Wi-Fi is hosted by them and that they are reputable.
- Never connect to a Wi-Fi network that is not protected using WPA2 security or better.
- Never connect to a Wi-Fi network that is “Open” or has no security protection at all.
Back up your files
When it comes to cyber risk, a loss of data is one of the most frustrating consequences. To avoid losing vital personal information, make sure you regularly back up your data. Cloud storage is useful, but an external device is also a good option.
However, when it comes to business data, your IT team should be backing up data. Individuals should not back up corporate data, as this could result in a data breach elsewhere.
Work with your InfoSec team
If you’re concerned about cyber security at work, you can liaise with your company’s InfoSec department to make sure you’re doing the right things. It’s likely that they’ll have policies and guidelines, and be willing to offer advice and training. Hopefully, the company will be certified to standards such as NIST, ISO27001, PCI-DSS, Cyber Essentials or similar.
Get cyber security training
Learning about how cyber threats manifest and are used against individuals and businesses is a key part of staying safe. By taking even basic cyber security training, you can further your knowledge about the right steps to take.
Cyber security training for minimising threats
So, whether you’re hoping to improve the overall IT security of your company or learn more about cyber threats and how to deal with them, some form of training can be useful. We have several options available to help you improve your knowledge and keep your IT systems safe.
- Cyber Security Operations (Cisco). With this microcredential, you can develop the skills to prevent and respond to cyber attacks and crimes.
- Cyber Security Foundations: Start Building Your Career in Cyber Defense. For those working towards entry-level cyber security jobs, this ExpertTrack can give you a detailed introduction to the field.
- Digital Security Training: Cyber Threats and Risk Management. If you want to explore the key principles of digital security, this ExpertTrack will teach you how to protect against cyber threats.
- Information Security Design and Development. For those seeking a more active role in developing secure systems, you’ll find plenty of info on this ExpertTrack.
- Network Defence Management. This ExpertTrack will help you develop the essential cyber security knowledge and skills you need to prevent, detect and recover from network security incidents.
- Introduction to Cyber Security. This short course covers the essential skills and knowledge you’ll need to protect your digital life.
- Introduction to Cyber Security for Teachers. If you need to teach students about cyber security but aren’t sure where to start, this course provides some of the key concepts.
Cyber security is an essential consideration in our modern digital world. With so much of our personal information available at the click of a button, there are always cyber risks to be wary of. However, by knowing about the cyber security threats and how to deal with them, you can give yourself the best chance of keeping your data safe.
Just about everyone can benefit from some basic cyber security training, and with our range of microcredentials, courses, and ExpertTacks, you can soon start mastering this crucial skill.