The most common cyber security attacks and how to prevent them
The importance of cyber security is always on the rise, but with the dramatic change to the way most businesses are now working, it is more important than ever to ensure your business is secure from threats.
AJ Johnstone has just joined the IT Hotdesk team to head up our cyber security division. With a wealth of knowledge and experience in this sector, we have asked him to share some insights around the most common cyber security gaps companies currently have, how these can lead to serious cyber attacks, and advice on easily improving your cyber security.
The most common cyber security gaps:
“Ironically, the number one gap that companies experience isn’t actually a technical point at all, it’s related to people. When it comes to cyber security, issues most commonly arise from a lack of awareness or understanding from a company’s workforce.
“In my opinion, this problem is two-fold:
- Focus is placed on usability not security
“A lot of companies are focused primarily on getting their IT solutions and systems working, and ensuring they are user-friendly. However this focus means security can become an afterthought.
“Making your systems more secure and ensuring that your workforce is upholding cyber security measures often creates more hoops for people to jump through, and it can be perceived to hinder usability. Technology is also a rapidly moving sphere, and sometimes can be easier to just fix something quickly, instead of ensuring that it is also secure.
“You need to strike a balance between the security and usability of the systems you have in place, instead of security being forgotten about entirely. A system being secure and user-friendly is the sweet spot we want to aim for.
“Security has to come first, with usability built in behind it, instead of the other way around.”
- Lack of awareness or understanding
“The adoption of cyber security measures is still a prevalent issue in many workplaces, as many people are unaware or do not understand the threats that can present themselves.
“Technology is constantly changing, whereas humans aren’t. People don’t generally have an understanding of how to be secure or have good security posture, and changing this mindset is a big problem that will take companies time and effort to overcome.
“There will be many people within organisations who will be somewhat resistant to security measures due to this lack of awareness or understanding, and they will therefore be more vulnerable to threats. These people may be more likely to click on links from phishing emails, for example.
“It’s all about mindset, and the goal is to get people to the “questioning phase”. If everyone is at least questioning phishing emails, that’s a good point to be at.”
The most common types of cyber attacks:
“The majority of cyber attacks I’ve seen in Aberdeen over the last 5 years have started with a phishing email. An attacker can spoof a domain, send an email that looks like it’s from a trusted source and send it to an employee.
“It just takes one person to click a link, and the situation can escalate rapidly. I have witnessed this first-hand, with the hacker getting access to a company’s system and sending thousands of what was perceived to be legitimate emails from that employee. They even put rules in place to automatically delete replies from concerned colleagues and clients. So it went from one person clicking a link, to thousands of people in a matter of hours.
“The impact of an attack like this can be huge - from a financial perspective (with systems being down or hackers demanding money) to a reputational perspective (if emails were to be sent out with the business to suppliers and customers).
“This is a very real threat, yet these attacks could be prevented if staff awareness was higher.
“By actively raising awareness of cyber security threats in the workplace, encouraging your team to adopt a questioning mindset, and conducting relevant training, you will rapidly strengthen and protect your business.”
We are offering Scottish businesses free 1-to-1 cyber security discovery sessions, to provide advice and guidance around their biggest challenges or concerns. If you think you'd benefit from this, or would like to chat with our team, please click here.