What is a cyberattack?

A cyberattack is an attempt to steal, alter, destroy, disrupt, or disable information resources and
systems found in computer networks and systems. Cyberattacks can fit into two categories:
insider threats or outsider threats. Insider threats stem from individuals with legitimate access to
the systems they target, using their access to exploit vulnerabilities intentionally or
inadvertently. They could be committed by a dissatisfied or angry employee or a contractor
with access to the organization’s systems. An outsider threat is from someone who doesn’t
have any affiliation with the system they’re attacking, such as criminal organizations or
hackers.

Who do cyberattackers target?

Cyberattackers commonly target industries including health care, government, non-profits, and
finance companies. The health care industry has been especially susceptible to being targeted
by attackers. This is because health care organizations have access to many people's personal
data. Since health care infrastructure is so critical, ransomware attackers understand that these
organizations will likely pay their demands quickly.

Confidential information, such as social security numbers, cause government organizations to

fall victim to hackers as well. Nonprofits are unique in that they possess financial data from
donors and fundraising efforts, making them ideal targets for cyberattacks. In the finance
industry, institutions like banks and insurance companies are common targets for extortion and
theft due to their access to significant amounts of money.

Common types of cyberattacks

Cyberattacks can have motives other than financial gain. Some cyberattacks focus on
destroying or gaining access to critical data.
Organizations and individuals face the following types of typical cyberattacks:
1. Malware
Cyberattackers use harmful software such as spyware, viruses, ransomware, and worms known
as malware to access your system's data. When you click on a malicious attachment or link, the
malware can install itself and become active on your device.
2. Phishing
Phishing attacks rely on communication methods like email to convince you to open the
message and follow the instructions inside. If you follow the attackers’ instructions, they gain
access to personal data, such as credit cards, and can install malware on your device.
3. Spoofing
Cyber attackers will sometimes imitate people or companies to trick you into giving up
personal information. This can happen in different ways. A common spoofing strategy involves
using a fake caller ID, where the person receiving the call doesn’t see that the number is
falsified. Other spoofing methods include subverting facial recognition systems, using a fake
domain name, or creating a fake website.
4. Backdoor Trojan
Backdoor Trojan attacks involve malicious programs that can deceptively install malware or
data and open up what’s referred to as the “backdoor” to your computer system. When
attackers gain access to the backdoor, they can hijack the device without it being known to the
user.
5. Ransomware
Ransomware is malicious software that cyberattackers can install on your device, allowing
them to block your access until you pay the attackers a ransom. However, paying the ransom
doesn’t guarantee the removal of the software, so experts often advise individuals not to pay the
ransom if possible.
6. Password attacks
Password attacks can be as simple as someone correctly guessing your password or other
methods such as keylogging, where attackers can monitor the information you type and then
identify passwords. An attacker can also use the aforementioned phishing approach to
masquerade as a trusted site and try to fool you into revealing your account credentials.
7. Internet of Things attack
Communication channels between connected IoT components can be susceptible to
cyberattacks and the applications and software found on IoT devices. Since IoT devices are in
connection with one another through the internet and may have limited security features, there
is a larger attack surface that attackers can target.
8. Cryptojacking
Cryptojacking involves gaining unauthorized use of a computer system, usually through
malware that allows the attacker to use the computer's resources for mining cryptocurrency.
Mining cryptocurrency can come with significant operational costs, so cryptojacking provides
attackers with a way to avoid these expenses.
9. Drive-by download
Drive-by download attacks occur when you download malicious code to your device through
an app, website, or operating system with flawed security systems. This means you could do
nothing wrong and still be a victim of a drive-by download since it can occur due to a lack of
security measures on a site you believe to be safe.
10. Denial-of-service attack
A denial-of-service attack causes an entire device or operating system to shut down by
overwhelming it with traffic, causing it to crash. Attackers don’t often use this method to steal
information. Instead, it costs the victim time and money to get their systems up and running
again. Cybercriminals typically use this method when the target is a trade organization or
government entity.

How to prevent cyberattacks

An important first step in preventing cyberattacks is ensuring you and other employees at your
organization know of the potential of cyberattacks. Being mindful before clicking links and
checking the email address to ensure it appears legitimate can go a long way in ensuring your
data and systems are kept safe.
Here are some useful tips to prevent cyberattacks:
Update your software.
Up-to-date software systems are more resilient than outdated versions, which may be prone to
having weaknesses. Updates can correct any flaws and weaknesses in the software, so having
the latest version is optimal. Additionally, consider keeping software systems updated by
investing in a patch management system.
Install a firewall.
Firewalls are helpful in preventing a variety of attacks, such as backdoors and denial-of-service
attacks. They work by controlling the network traffic moving through your system. A firewall
will also stop any suspicious activity it deems potentially harmful to the computer.
Back up data.
When you back up data, you move it to a different, secure location for storage. This might
involve using cloud storage or a physical device like a hard drive. In case of an attack, backing
up your data allows you to recover any lost data.
Encrypt data.
Data encryption is a popular way to prevent cyberattacks, and it ensures data is only accessible
to those who have the decryption key. To successfully attack encrypted data, attackers often
have to rely on the brute force method of trying different keys until they can guess the right
one, making breaking the encryption challenging.
Use strong passwords.
You should have strong passwords to prevent attacks and avoid using the same passwords for
different accounts and systems. Using the same password repeatedly increases the risk of
giving attackers access to all your information. Regularly updating your passwords and using
passwords that combine special characters, upper and lowercase letters, and numbers can help
protect your accounts.