As mentioned in our article on Cybersecurity, and if you have not read it yet, you are invited to do so, this is an extremely important practice for individuals, companies and organizations alike. This is a subject that touches anyone who has data on their devices and does not want to run the risk of losing it or being damaged/exposed to the outside.
Nowadays we hear more and more about the importance of having antivirus on your computer, or programs that detect anomalies in your devices right? But do you really know the function of these programs and the potential risks you may face? The truth is that in the days that run the risks are greater, by the advancement of technology, but we also have more and more online programs that promise to detect and eliminate any threat in 1 minute or less. But do all these promise a good solution/cost? The answer is probably no.
And that’s why we advise you to look for a company specialized in cyber security, someone who can really talk and show you what you need, in a more personalized service, and without having to pay unnecessary extras you don’t really need.
Attacks to Cybersecurity
What are cyber attacks and why do they exist?
In a practical way, it can be said that cyber security attacks are characterized by the violation of an individual’s or organization’s privacy. They occur from one or more computers and aim to reach other devices or networks. However, there are two types of purposes of the attacker: The first is to obtain access to the system in order to disable certain operations, and the other is to reach confidential information and use it to his advantage.
Cybersecurity – What are the most used attacks?
There are many types of attacks perpetrated by hackers, but while some are easier to practice than others, in the end, the risk is the same.
Malware – Of all, the most used. It refers to any software that can damage a device, which can be installed manually by the criminal or, through other means, such as opening a link or a fake website, sent to the victim. Although this attack is unable to damage the physical hardware, it may be able to steal, encrypt, delete information, change device functions and even spy on the user, without the user being suspicious. There are many types of malware that can damage any device, such as: Adware; Spyware; Worms and Ransomeware.
We start with Malware, as this is the most widely used. It refers to any software that can damage a device. It can be installed on a computer manually by the perpetrator or gaining access through other means, such as simply clicking on a link or opening a page that seems reliable and may not be so.
Although this attack cannot damage physical hardware, it can steal, encrypt, delete information, change functions of the device and still spy on the user without knowing it. There are many types of malware that can damage any device. Some of these are: The common viruses; Adware; Spyware; Worms and Ransomeware.
The common viruses, that everyone knows, and many times have encountered, are those that stick to certain programs and infect and modify legitimate files, as soon as the victim opens the file, the virus is activated too. The common antivirus programs that we know as much as they try to eliminate the problem correctly, many times end up putting the risk in quarantine only, or delete the file. Worms, on the other hand, to activate themselves do not need handling by the victim, which gives them an even greater danger. For example, if in a company someone clicks on an infected email, the whole company could be infected in a short time.
Regarding spyware and adware, the first as the name indicates, is used to spy on the user’s activities without permission, removing confidential information, while adware creates advertisements on the devices, which in the first instance appear to be reliable, however, can lead to security breaches, and by being clicked can decrease the processing power of the infected device. This last attack, however, is the least worrying.
Finally, we have Ransomeware, this is a type of cyber security attack that blocks and encrypts access to your device, requiring payment to return it to normal.
The second most used type of attack is Phishing. As the name implies, it is the act of “catching” people, it can be through an email or other type of communication, leading the victim to think that it comes from someone they can trust and lead them to share confidential data and to carry out risky actions. The criminal often uses emotions such as fear, curiosity and greed to grab his victim. Fearing the consequences if he doesn’t, he has to open documents or click on certain links that can endanger an entire network, and the safety of the individual or organisation.
Phishing is a high-risk type of attack because it can lead to identity or money theft, and can be used to spy on an organisation. Many of the attackers even create a link with the victim, for example by creating fake profiles on social networks, in order to incite confidence for a later attack. The most common type of phishing is by email, this can contain a link that leads to unreliable sites, often copies of real sites or attachments that contain malware. Phishing can also happen over the phone, causing the victim to disclose confidential data, by SMS, also with a link, or by downloading an unreliable application, or through social networks, where they create fake profiles and invite the victim and send malicious links to their network of friends.
According to data from security company Check-point and Kaspersky, in 2020 this type of attack was above the overall figures, with 3% of organisations being negatively impacted, and Portugal is the second country with the highest number of attacked users.
Last but not least we have Cryptojacking. This type of attack is essentially motivated by profit, access to cryptojacking. The attacker in this case gains access to the victim’s device when it clicks, for example, on a link, and in this way is able to enter code into programs with the aim of diverting the processing capacity of the affected device, and generate cryptocurrency, a form of digital money that only exists in the online world.This type of attack is difficult to detect, and the victim does not take great risks, but it is still a security breach and an activity carried out without the consent of both parties. However, it may seem harmless, this attack can sometimes interfere with the activities of an organization, taking into account that for it to happen it requires the use of high levels of energy from the devices.
As you may have already calculated, the practice of cyber security is something fundamental, essentially for companies but also to take into account for personal cases. Cyber-security strategy must be a company’s decision in favor of its assets, data, its and its customers, integrity of its operations and everything that depends on a network or electronic system. Although many companies already have this concern, as demonstrated in the article, What is Cybersecurity, there are still many organizations that mistakenly consider that these security flaws and attacks on Cybersecurity only happen to others or to large companies.
So it’s time to start acting on your own and corporate security. Below we show you some practices that you can start taking into account now so that your devices are more protected.
Practices for a good Cyber Hygiene
Your passwords are the first thing to consider if you want to be better protected. They should be discreet, complex and memorable; changed with some regularity; never used on more than one platform; saved in a manager with an encrypted database and should never be saved in browsers.
According to nCipher Security’s Chief Strategy Officer, only with good “password hygiene” can anyone play an important role in cyber security and information privacy.
When it comes to Internet browsing, the use of a firewall comes first. This serves to monitor traffic entering and leaving your network, deciding whether to allow or block something specific based on a defined set of security rules. Next, you should privilege all web addresses that start with “https”, data that is more secure; online shopping, only if it is from a proven security site, always doubting too good offers and using safe forms of payment, always keeping track of all transactions made; and lastly something of great importance, follow up whenever you have young children on the Internet.
Email is one of the most used platforms by companies, and it should be specially protected. First of all, you should never open emails of unknown origin, and if it happens you should not open any links or attachments; check whenever possible that the emails you receive are known and reliable; do not send information with sensitive content through this platform; identify SPAM for a prior selection of the system; and when you finish using the email always log off in the device.
Emails can be a major threat to cyber security attacks, and are extremely used by organizations on a daily basis. According to the Cyber Security Breaches Survey of 2018, most of the attacks that occurred started with contact on this platform, and 75% of all attacks had the same involved in some way.
Social networks are a danger to your security as your data is easily exposed and we often lower our guard, thinking that only our friends can see our information. Around here you may fall victim to phishing, and it may also happen that the hacker takes over your account and starts sharing infected links or fake publications. In case it is a company account, the risk is even greater being that it has a network of customers.
What you should do to protect your site is only accept calls from people you know; never share addresses or phone numbers in your profile; don’t click on suspicious posts; check the truthfulness of the news you share; and avoid sharing images of children, sites or data with sensitive content.
You should always keep in mind that what you publish can always be published by others; per household you like, you can create a usable profile in advertising, and when you access platforms using your social network accounts you are sharing your data.
In addition to these practices there are also others that you should take into account:
– Cover the cameras of your devices (at least the computer), when you are not using them;
– When you are on the go, never let your devices disappear from view;
– Do not use unknown USB pens.
All these are behaviors that can be done by anyone, safely ensuring the use of cyberspace, avoiding potential incidents and risks to the individual or company. An Informed Citizen is a Cyber-secure Citizen.
All these factors can be a daily help, however if you have a company, with a Website, that requires a higher level of security, given the confidentiality of the data, it is important that you resort to a Cyber-security Audit from time to time, helping to clarify the potential risks and get a more personalized help.
Many companies have IT professionals, however they may not have the necessary tools to guarantee the security of the systems.
At Crispus we give you the possibility to use a free first Audit of your Website, detecting potential threats, and acting on a wide range of technological media such as networks, systems, viruses, cryptography, and many others, so you can be and feel more protected while working. If you don’t know our Website yet, visit us and schedule your Free Audit now.