Cyber security for business

Different types of cyber crime

Guide

Cyber attacks can take many forms: from malware injection and phishing to hacking and ransomware. Some types of attacks are more effective than others, but all present a significant - and increasingly unavoidable - business risk.

In order to counteract that risk, it helps to understand the different cyber threats you may face and the various ways criminals might try to cause harm to your business.

Common cyber security threats

Most likely cyber security threats your business may be exposed to include:

  • cyber fraud - including phishing, spear phishing, vishing and whaling
  • malware attacks - including viruses, worms, trojans, spyware, rootkits, etc
  • ransomware attacks
  • drive-by downloads
  • hacking - including distributed denial-of-service attacks (DDoS), keylogging, etc
  • password decryption
  • out-of-date, unpatched software

Attackers can use multiple routes, including web, email and malicious files, to exploit different vulnerabilities in your business systems, networks or processes.

Human error

Not all security breaches are the result of hacks or malicious action. Many are due to human error. For example, a member of staff may inadvertently send information to the wrong recipient, lose paperwork or fail to redact personal data.

What is a cyber attack?

A cyber attack is a malicious attempt by a third party to damage, destroy or alter:

  • computer networks
  • computer information systems
  • computer or network infrastructure
  • personal computer devices

There are many reasons behind cyber attacks. Criminals may wish to steal money, access financial and sensitive data, weaken integrity or disrupt the operations of a company or an individual. Attacks often result in crimes such as financial fraud, information or identity theft.

Examples of cyber attacks

Cyber attackers use many different methods to try to compromise IT systems. The most common practices are:

  • remote attacks on IT systems or website
  • unauthorised access to information held on a corporate network or systems
  • unauthorised access to data held in third-party systems (eg hosted services)
  • system infiltration or damage through malware
  • disruption or denial of service that limits access to your network or systems

Attacks can be:

  • targeted - where you are singled out because of specific interest in your business or the attacker has been paid to target you
  • un-targeted - where attackers indiscriminately target as many devices, services or users as possible

Read the National Cyber Security Centre's guidance to find out how cyber attacks work.

Can you avoid cyber attack?

Many attacks can be prevented by following the steps recommended in the UK government's Cyber Essentials scheme.

You can also use the NCSC's free Check your cyber security service to perform a range of simple online checks to identify common vulnerabilities in your public-facing IT.

The NCSC also offer a free Cyber Action Plan. By answering a few simple questions, you can get a free personalised action plan that lists what you or your organisation can do right now to protect against cyber attack.

Keep in mind that, however stringent your safety measures are, not all cyber attacks can be avoided. If you do experience an attack, see how to report a cyber crime.