With the number of threats growing and the likelihood of an attack against individuals or firms increasing, it’s never been more important to understand the ins and outs of cybersecurity. Awareness is perhaps the most important defense against cyberattacks. We hope you can utilize this Cyber Basics series, incorporating some of our industry-leading expertise into your own computer practices. In this post, the first installment of our Cyber Basics series, we will begin to go over some of the main issues at play when it comes to cybersecurity, including the basics of how cyberattacks are conducted, who commits them, and why.
A cyberattack is any attempt by someone to access, damage or disrupt a computer network or system. The dangers can range from inconvenience to embarrassment to financial loss. A hacker looking for laughs can do something as benign as changing your Facebook profile picture. A more sinister cybercriminal might try to steal your credit card information, social security number, or extort some sort of payment. Unfortunately, as we conduct more of our shopping, banking, and communicating online, the dangers only become more acute.
Cyberattacks can take a number of different forms, and come from a number of different types of hackers. According to Verizon’s 2015 Data Breach Investigations Report (to which GRA Quantum was a contributor), the vast majority of hackers are motivated by financial gain, with espionage and various other motives like ideology or personal grudges making up the rest. Individuals and firms involved in defense or national security can expect to be in the crosshairs of a nation-state or terrorist hackers at some point. Regular consumers and those involved in the commercial world are not completely immune to attacks by these kinds of groups, but are much more likely to fall victim to avaricious cybercriminals or mischievous pranksters.
Despite their diverse backgrounds, most hackers use similar tactics. The bulk of reported cyber incidents stem from malware-infected devices. Malware, or malicious software, is an umbrella term that includes destructive software like viruses, Trojans, and spyware. They are typically introduced onto a victim’s device via deceptive links and downloads in emails or forcibly uploaded by hackers. Once inside a computer, malware can do whatever they were programmed to do – record keystrokes, steal data, or replicate themselves across a network. Other common attack vectors include password cracking and denial-of-service attacks. The former involves the use of computer programs to sort through millions of password combinations until the correct credentials are entered. The latter entails artificially directing high volumes of traffic through a network with the intention of overloading it and bringing it down.
The frequency of cyberattacks is difficult to quantify. Large firms are constantly bombarded by malicious attacks, and sometimes hackers get through their security measures. Individuals can take adequate personal security measures, but still be at risk from hackers if, for example, they used a debit card at a retailer recently struck by a cyberattack. Small businesses and individuals are less likely to get hit with targeted attacks simply because hackers perceive their data to be less valuable, but are just as likely to be targeted by indiscriminately-deployed phishing attacks that lure people to click malicious links in emails.
This post was a general overview on the cyber threat landscape. The rest of the Cyber Basics series goes deeper into the topics mentioned, including the steps you can take to mitigate your own risk, as well as basic cyber hygiene, security software, social engineering, VPNs, and encryption. Beyond personal security, look for articles on network architecture, commercial network defense, and the principle of least privilege. Finally, we’ll take a look at the future of computing and cybersecurity with a deep dive into quantum computing and the Internet of Things.
By the end of the series, you will rest assured knowing that for individuals and businesses alike, most cyberattacks are relatively easy to defend against or avoid altogether.