In general terms, an attack is defined as an act of violence. Attacks can happen in many ways and could be physical and/or emotional in nature.
I was kidnapped when I was in my early 20’s. After that experience, I wanted to regain my confidence and feel strong, so I decided to take martial arts lessons.
I was so nervous the first day! I was not coordinated at all. The movements were very challenging, the workout was so intense that I barely made it through, and I had to empty my stomach at the end of the class. Yikes!
Yet, with persistence and practice I became stronger and more centered. Although I didn’t master this discipline and I was only able to practice for one year, I gained so much confidence, and to this day, those foundational concepts are still ingrained in me.
What is a cyber attack?
A cyber attack happens when a Cybermonster deliberately attempts to disrupt, harm, steal, destroy or gain unauthorized access to computers, systems, mobile devices and networks.
One of the risks of a cyber attack is that it allows Cybermonsters to access your personal information and sensitive information, such as your financial information, your company’s valuable data, your confidential information, your customer’s details and a lot more.
A cyber attack or cyber breach can happen to individuals, organizations of all sizes, small businesses, large enterprises, to public, private and non-profit organizations, institutions, healthcare organizations and governments, it can happen to anyone.
How do cyber attacks happen?
There are many techniques and methods used by Cybermonsters to gain access and disrupt your operations, new approaches and old ways are reinvented depending on what is happening in the world at a given time with the objective to conduct and succeed on the attack. There are four steps considered as part of the anatomy of a cyber attack:
1- Reconnaissance: Cybermonsters research and investigate everything about the organization they want to target by scanning websites, searching social media channels, email addresses of key players in the company, job postings, and any public information available that they can use to find vulnerabilities in their network.
2- Attack: Cyber criminals gain access to someone’s computer, electronic devices or network, aiming to get system accounts or privilege accounts that have access to many systems so they can freely get what they want.
3- Expansion: Cybermonsters attack and use additional malicious programs to expand their damage and move within your network and systems.. Sometimes they may remain dormant for a period of time until they are ready to get on with their planned attack.
4- Obfuscation: Here’s where they try to confuse you and erase their tracks, by masking how they got inside your network. Cybermonsters use various tools and techniques such as spoofing, erasing log files, creating zombied accounts, etc.
What are the potential attacks that can affect anyone?
These are the most common types of cyber attacks:
Malware Cybermonsters use malicious software, programs, or files known as “malware” with the intention of harming your computer or devices. There are many different malicious codes or malware including viruses, worms, trojan horses, keyloggers, adware, and spyware. The AV-TEST institute.org registers 350,000 malware creations every day.
Phishing attack While fishing is the activity of trying to catch fish, some of the techniques used include hooking, trapping, and using bait to lure them. Phishing is the activity of trying to catch “you.” Phishing techniques include a form of bait to lure you and catch or trap you, to then steal data. The lure used is “malware” or malicious links for you to click on. Most phishing bait lives in your inbox when you get an email that claims to be from your bank, credit card company, official agencies, or other institutions asking you to verify your identity or provide your credentials. When you fall for this trap, you end up clicking on a malicious link or an infected attachment. Cybermonsters are constantly testing new ways to phish you through voice calls, texts, and social media, so it’s necessary to be aware.
Ransomware attacks Ransomware is a type of “malware” that can affect your device when you click on an infected link, download an infected file, or visit a fake website. Cybermonsters lock your information to try to extort you and the encryption is unbreakable, which means that when this happens, the victim is unable to get their files back on their own. Ransomware attacks are one of the most rampant security threats and dangers of the cyber world since many of us keep our sensitive data on our computers and other electronic devices. Cybermonsters can lock or encrypt all types of files you have on your computer: your pictures, videos, and other files may be impacted.
Main-in-the-Middle (MitM) Attacks Have you ever wondered what happens when you hit enter on your keyboard or tap on your phone and the information travels from you to your destination? Sadly, it is not always a straight line from point A to point B. When Cybermonsters intercept your two-part transaction and they get right in the middle, it is known as a Man-in-the-Middle (MitM) attack. The purpose of interrupting your traffic is to steal and manipulate your data or information. The potential threats of a MitM attack are fairly common. This usually happens when your systems are not updated, your systems are full of security vulnerabilities or they are not secured, so they end up being easily exploited and abused. Phishing or malware are often used to carry out the MitM attack. For example, when using an unsecured public WiFi, Cybermonsters may place themselves in the middle between you and the WiFi network you are using and any data or interaction you have online is intercepted. Therefore shopping online, changing your password, accessing your bank accounts or updating your phone over an insecure WiFi is a huge risk I urge you not to take.
Denial of service (DoS) and Distributed Denial of service (DDoS) A denial of service attack has the purpose to stop or disrupt online services. Cybermonsters may send such a large amount of traffic into a website that the system becomes overwhelmed and can’t function or respond and may become unavailable. Imagine your company website gets so much traffic that it brings all your systems down and you are no longer able to operate your online business. During a DDoS attack, a large group of hacked computers and electronic devices resources form a “bot army” under the control and command of the cybercriminals.
Password attacks Passwords are the first layer of protection in your cyber world, they are the door that opens and gives us access to our information and they are used pretty much everywhere. Whether it is your email, social media accounts, to access your job or school, to use your computer, phone and electronic devices, games, shopping, and the list goes on and on. This is why they are very attractive to cyber criminals. Think about the keys of your house or your car, if someone is trying to break in and they happen to obtain your keys, it makes their job so much easier, don’t you think? There are many methods to figure out your password, whether it is from a data breach or weak passwords that can easily be guessed.
What are effective ways to recover from a cyber attack? When unexpected situations trigger feelings of panic, fear, anxiety and overwhelm, it could delay taking the necessary steps to remediate the situation. A cyber attack or data breach could trigger these feelings in you, your team, and your organization. Below are five steps to consider:
1. Remain calm and focused despite the circumstances: Cultivating within you and your teams the skills and resilience necessary to face your security incident can help you accelerate your recovery. Two techniques to consider are practicing breathing exercises and cultivating mindfulness. Even one minute of deep breathing or meditation can make a significant difference to get yourself or your team ready.
2. Assess the impact: taking prompt action when a cyber attack happens is critical, yet if the actions taken are random or reactive, they could delay the recovery of your services. Investing a few minutes to gather basic information can help you lay out the next steps to take, such as the technical resources needed whether they are internal or external, legal counsel involvement, management of communications and public relationships, and interactions with senior executives. Documenting all the actions you and your team take in each step is important for further investigations on the attack, or for cyber insurance, legal or regulatory requirements. Consider also creating an Incident Response Plan. This process documents the steps your company or organization will follow when responding to a cyber attack or data breach. Make sure everyone in your team is familiar with it. You can use different tools to capture the information such as flowcharts, maps or a simple list. For example, the steps to take and the people to involve will be different for a case where your email addresses were stolen, versus a situation where your social security number was stolen, or in the case of your company becoming a victim of ransomware, causing your business operation to be stopped. Consider answering these simple questions to help determine a course of action: When did you notice the data breach or cyber attack? Which computer devices, services, systems, or infrastructure are affected? Who is behind your attack? Is it someone inside your organization? Is it a particular cyber criminal group? Is it unknown to you at this time? What is the type of attack? Is it a ransomware attack, DoD,or any other type of attack? Does the cyber attack affect only you? Or could Cybermonsters potentially exploit your customers or external partners?
3. Isolate and contain the damage: When firefighters handle a fire, they focus on isolating the affected area to prevent spreading of the fire. In the same way, when a cyber attack happens, you must immediately separate the infected computer, device, and system. This is an important step so that the rest of your critical infrastructure and services can remain functional. This step also allows you to focus your attention in examining and repairing the damage. If your personal or business devices are affected by a cyber attack, these are the most critical steps: Disconnect from the Internet Remove remote access to your computers or services Change, update and secure the login and password of the affected systems, and Update your security software tools.
4. Prioritize remediation and cleaning: When you have documented what has happened, and have found the source of the problem, it is time to repair and clean out the damage. This step may take the longest depending on the scope of the attack and because you want to prevent any other future attacks. For example, on a Sunday afternoon a pipe under my kitchen’ sink broke causing water damage in our house. It was a disaster! After we were able to identify the source of the problem and turn the water off, the next step was to take action to repair and clean up. We couldn’t work on all areas of the house at once, so we prioritized the cleanup process to save our furniture and the most critical items in our home. So my recommendation is to prioritize what services to restore, taking into consideration what would be essential for your business to function and operate.
5. Communicate intentionally: It is important to be intentional on the message and the timing of the message. Transparency helps you maintain trust from the affected parties, and, at the same time, it helps you comply with regulations. Balance is necessary, so beware of oversharing details to avoid opening the door for further cyber attacks.
What are the cyber attack prevention steps you can take?
1- Keep up with software updates. This includes updating your computer, servers, and any devices specially if they are connected to the Internet.
2- Educate yourself and your teams about avoiding clicking on phishing emails or opening an unsafe email attachment, and encouraging them to use multi-factor authentication and passphrases instead of passwords to protect personal data and your company information.
3- Incorporate cyber safety practices in your organization, making the content simple and relatable so these habits can become second nature to you and your organization. As technology expands, so does cybercrime, and this is why preparing your organization, your team and yourself against it can make a big difference to keep your data safe or restore your data and or your services in a timely manner, when an attack occurs.
What action are you taking today to protect what matters most to you? Share with us below.