3 Different kinds of cyber attack – and how to protect against them

According to the latest statistics released by GOV.UK, 82% of senior managers in UK businesses now see cybersecurity as a ‘very high’ or ‘fairly high’ priority.  

This is up from 77% in 2021 – a significant increase and the highest figure seen in any year of the government’s cybersecurity breaches survey. 

A big part of the challenge facing businesses is ensuring that all of their staff understand the answer to the question, 'what is a cyber attack'? as well as the risks involved with different kinds of cyber attacks and how this may impact both individual and organisational security. 

What is a cyber attack?

Firstly, let’s answer the question of ‘what is a cyber attack?'.

A cyber attack refers to an attempt made to exploit, damage or disable a targeted computer system.

Often, the goal of cyber criminals is to spread malicious viruses or steal confidential data from individuals and businesses. Cyber attacks come in many different forms and it’s important to be aware of the differences and risks involved with each.

Here’s a quick rundown of 3 different kinds of cyber attacks – and how to protect against them.

1. Phishing

Phishing is one of the most common forms of cyber attack in today’s online world. The attacks are so prevalent because they can take place through social engineering across a variety of formats, including email, phone and social media.

So, what is phishing exactly?

The idea of a phishing attack is to lure a victim into divulging sensitive information such as passwords, bank account details and other credentials.

The victim may also be tricked into downloading a harmful file that will upload viruses on their laptop or mobile phone. Often the attackers will try to make communication seem like they are from a legitimate company, such as a bank or credit card company.

How can you prevent phishing attacks?

The most effective way to prevent phishing attacks is awareness and cyber resilience training. Employees should know how to spot and avoid unsolicited communications. Any requests for financial information – whether personal or for the company – should be treated with extreme caution and reported immediately if there is any doubt as to the source.

2. Malware

Malicious software – commonly known as malware – is software that is intended to infect your computer or device so that hackers can infiltrate your system and gain access to confidential information.

A common way of doing this is to send a link via email that encourages the victim to download an executable file. All of the below fall within the category of malware:

• • Viruses
  • Trojans
  • Ransomware
  • Bots

Employees should understand the tactics involved with each approach, as well as key tips to deal with them.

How can you prevent malware attacks?

A good anti-malware software goes a long way to identifying and blocking threats before they can appeal to an unwary employee. New files should be thoroughly scanned, especially if they are being downloaded to a shared company network.

Employees should also be wary about downloading files from websites which have a poor trust rating, or that are not from a recognisable company.

3. Whaling

A whaling attack is a sophisticated approach used by hackers to target top company executives and senior leaders within an organisation. Cybercriminals often research and tailor their approach so that the executive they are targeting feels encouraged to respond or give out sensitive information.

Employees should be aware of these attacks too because it could be that a hacker is pretending to be a senior leader within a company in order to steal employee data and personal details.

How can you prevent whaling attacks?

Senior leaders must be aware of the different kinds of cyber attacks themselves. They must be shown how to spot the signs of a whaling attack by asking themselves:

• • if they are expecting a particular email
  • if it follows the usual pattern of the email sender

If there is anything at all suspicious about the content of the email then it’s crucial to report the breach and avoid giving out any financial or confidential information.

Want more expert tips on how to protect your organisation against different kinds of cyber attack?

Our goal at Access is to make sure your entire workforce not only understands what a cyber attack is, but also knows how best to defend against different kinds of cyber attacks.

Make sure to download our latest free guide – Making your workforce cyber resilient – to stay on the pulse of best practice and discover how to deliver effective cybersecurity.