It's time to change what we think about securtiy

Keeping hackers and internet criminals away from your business

Last year, nearly three quarters of all companies fell victim to a cyber attack. The question is no longer if you'll experience a cyberattack, but when. And the key to understanding how to keep the bad guys away from your business is understanding how they can attack it, and if you've got the right defences in place.


Malware infections

Malware is the most common attack vector, and ransomware in particular is the most virulent type - and the most profitable, according to the Global Security Intelligence Report (SIR). In the 21st century, malware is big business.

Criminal gangs buy attack kits from specialist virus writers and distribute them via social media, hacked websites and emails (90 per cent of attacks still begin with a phishing email, according to the SIR). They attack hundreds of thousands of computers at once - often at little cost - in an attempt to spread malware far and wide. Criminals aren't targeting you, they're targeting everybody.

Social engineering

Blasting out a million emails doesn't work if spam filters block them all. As automated protection gets better, criminals have to work harder to infect your systems. Enter: social engineering.

Criminals use personalisation in an attempt to bypass filters and trick people into opening infected emails or visiting infected web pages, and they do it with old-school methods like impersonation. Just using someone's name or your company name in a subject line makes the message more plausible, especially if it looks like it comes from your boss or an important client. And criminals can easily find this kind of information on social media or from leaked data, breached databases, stolen contact records and emails.

targeted attacks

Targeted attacks

Although it is much rarer than the automated attacks described above, criminals still target individual companies and even individual managers. Companies of all types and sizes have been victims of targeted attacks.
If criminals want to steal customer records at a specific company, they might research people who work there and use custom-written emails with advanced social engineering techniques to convince them to reveal sensitive information like passwords or account numbers. For high-value attacks, they might even use custom-written malware that anti-virus software can't detect.

direct access

Direct access

In movies, hackers sit in darkened rooms typing commands furiously into a computer while they break into their target's network. This can happen for very high-value targets and is usually perpetrated by sophisticated, well-funded attack groups.
But insider theft and sabotage by employees, contractors and vendors is much more common than a deliberate external attack. These people have daily, often unrestricted access to your data and your systems - possibly from their own homes and mobile devices.

With the risk of attack coming from both inside and outside your organisation, it's essential to take a comprehensive, holistic approach to IT security. For advice about how to protect yourself against these attacks, see our article: how to avoid malware and ransomware attacks.

Might be interesting too:

Story of the month

Malware in
many forms

Learn more about types of Malware and how to fight them >
Story of the month

Data Leaks
and it pours

Learn more about data leakage and prevention >
Story of the month

a business risk

Learn more about managing your endpoints >
Story of the month

Some software
is not all it seems

Learn more about the benefits of SAM >
back to homepage BACK TO HOMEPAGE