Cyber Attack methods
The chart below shows the different types of successful Cyber-attacks suffered by 704 respondents in a survey conducted by ISACA in 2014. Whilst the respondents are based in North America, Europe and some African states, the issue of Cyber Security is a global one and this data will apply equally across most of the world.
Phishing and malware are the most common attack types identified closely followed by three others, namely, Hacking Attempts, Social Engineering and Loss of Mobile Devices.
Phishing describes emails all too often received that purport to be legitimate and usually seeking an action from the recipient such responding with information; clicking through to a likely rogue website; opening an infected attachment; or even telephoning to provide security details. These emails are sent out randomly to email addresses acquired and can be viewed as rewarding if only one person reacts but sadly far more than one person will be fooled by the well-crafted emails. The more sophisticated phishing attacks are called spear-phishing and as the name implies these emails are specifically targeted to the recipients.
Malware attacks occur once the attacker has successfully installed malware, that is, an application or code designed to change existing application, which has an ultimate purpose of enabling financial gain to be extracted in a pre-determined manner. The delivery method can vary across mediums such phishing emails; web site links; email attachments; drive-by infected websites; USB keys; or more daringly in-person installations by external visitors or indeed internal staff.
It is clear that the defences against the many varied types of Cyber attack need to be varied in themselves but the overarching defence is that of awareness coupled with a clear security approach and culture.