What is cyber security and the top 5 threats

Let's start with the basics: what is cybersecurity?

Cyber security is a catch-all term for a whole host of things but the basic explanation is actions that are taken to protect a computer or network from being compromised, stolen or attacked. This includes, but is not limited to, putting a cyber security strategy together, marshaling resources (people and technology), educating employees and consulting with peers and industry professionals. It is a never-ending race to safeguard systems, people and data. 

With that in mind, here is a list of top 5 cyber security threats based on popularity among threat actors and the market suffering from these types of attacks, reported by the European Union Agency of Network and Information Security.

1) Malware

 Malware is software that is written to intentionally penetrate and harm a computer, client, server, or computer network without the owner knowing it. There is a buffet of Malware types out there: Ransomware, Grayware (Spyware, Adware, Scareware), Worms, Trojan Horses, Viruses (system and boot infectors, file infectors, macros viruses), Rootkits and more. This is an ever-evolving list of threats. 

You will see Malware attacks increase more and more over the years. Among the above list, one will take the crown, Ransomware, and this is why I want to focus on this one.

Arguably one of the most devastating threats, Ransomware is one of the most advanced pieces of software that is gaining popularity among threat actors at an alarming rate. The concept is simple, gain access to a victim's data and (as the name suggests) demand a ransom be paid or they will publish or delete the victim's data. Threat actors will encrypt the data on the device of a computer system so that it becomes near impossible to decrypt the data and reclaim it.

One of the ways that everyone can combat Malware is by being vigilant of emails you receive and having strong passwords to stop accounts being taken over. A jaw-dropping 92% of Malware infections were delivered through compromised emails.

2) Web-based attacks

 This is the side of cybersecurity that deals with the security of web applications, web services, and websites. This is one of the most prolific and least understood parts of cyber defense.

Just like Malware, there are a host of different web-based attacks: cross-site scripting, SQL Injection, DDoS, URL Interpretation, Input Validation, Buffer Overflow, Password-based attacks, Brute Force attacks and more.

These forms of attacks focus on information that is stored on the web servers and the potentially sensitive data that are contained within it. Many of the infamous breaches that you would have heard of, would have been accessed through one of these web-based attacks.

3) Web application/injection attacks

Again, like the above list of attacks, Web application/injection also has a wide variety of attacks, although this would sit underneath web-based attacks. Here are a few: LDAP Injection, Code Injection, OS Command injection, Email injection and more.

Like an injection is designed to deliver medicine or take blood from our veins, injection attacks behave similarly. The difference here is that these injections can deliver malicious code which can harm your data in a wide array of ways causing damage.

One of the more famous ones is SQL Injection (SQLi). This particular brand of cyber attack is one of the most dangerous and widely used web-based tactics. These types of attacks have grown in popularity and have brought large corporations and government agencies to its knees.

These types of attacks are conducted by threat actors injecting SQL commands into a server database that can potentially enable it to read, write and modify the said database.

4) Phishing

Phishing is as it sounds, Fishing. This is where someone will send an email, text message or some other form of digital message pretending to be some he/she is not. For instance, you may get an email from your father saying that he is in trouble and needs some help. Or, the CEO of your company sends you an email to click on a link. The end goal is to have your emotions triggered to be fearful, curious or have some form of major urgency behind it. A call to action. This could be to click a link, download a file, open an attachment or fill in (send) their login details, credit card numbers or anything personal. 

We, along with other cybersecurity vendors, have seen a sharp rise every year in Phishing attempts. There is virtually no industry, seniority level or business side which is exempt from this. If you think you are immune - you would be very wrong.

Take this for instance. The weakest link in any organization is its employees. It is estimated that a whopping 97% of the world population is unable to tell the difference between a real versus sophisticated Phishing email.

5) DDoS (Distributed Denial of Services)

DDoS attacks involve commanding a wide number of computers to overwhelm a target web server with requests which overwhelm the server and renders it to go down. Although this does not allow access to anything internally, it does bring down the websites that it targets and thus disrupts operations. Imagine right now if we were not able to collect real-time data for COVID-19 cases.

The harsh reality is that there is no such thing as a guarantee when it comes to cyber security. My job, as a cyber security technology provider, is to ensure that my clients have the best technology available and are aware of the shifts happening in the cyber realm so that they can make it more difficult for threat actors. One of the best lines of defense is to have informed people that will take cyber security as an important part of their digital lives, be it in their personal lives or at work. With the massive rise in IoT along with BYOD, the lines are increasingly blurry between personal and work.