electronic devices

This article is written by Sanjana Jain, a student of Guru Gobind Singh Indraprastha University, Delhi. This article talks about the types of cyberattacks and how cyberattacks impact business information. This article also talks about the ways to protect technology from cyberattacks. 

Introduction

The current advancement in modern technology has helped the people around the world to develop and expand their communication networks by enabling them to easily exchange their information with other people. Currently, there are billions of people using the internet and mobile phone network worldwide. Every day billions of emails and phone messages are exchanged between them. Today, the people around the world depend upon the consistent access and accuracy of these modes of communication.

But the growing popularity and convenience of these digital networks, however, come at a cost now. Because of the complete reliability of businesses on these computers and internet-based networks, digital attacks, and  Cybercrime have increased. These attacks are generally classified as any crimes that involve the use of a computer network, such as computer hacking, virus attacks, creating a website that promotes racial hatred, email stalking, and financial scams. In 2000, when a mass-mailed computer virus affected nearly 45 million computer users worldwide, was the first major instance of cybercrime that was reported.

Download Now

new legal draft

Cyberattack

Cyber-attacks are fraudulent online activities from a computer against a computer system or individual computer,  or a website, that acquires users sensitive information via email, during online transactions, live video streaming, online gaming, and browsing. A Cyberattack is defined as an exploitation of a computer system and networks deliberately done by the attacker. Malicious codes are developed by Cyber attackers, to damage the data and system or to get unauthorised access to a network. Cyber attacks are also known by the name “Computer Network Attack” (CNA). Thus cyber attacks result in:

  • Identity theft  
  • fraud, extortion
  • Malware 
  • Phishing
  • Denial-of-service
  • Private and public Web browser exploits
  • Website defacement
  • Messaging abuse
  • intellectual property (IP) theft or unauthorized access                              

Types of cyberattacks

s.no

Types of Attacks

              Details

1.

Viruses and Worms

Viruses and worms are computer programs that affect the storage devices of a computer or network, which then copy the information stored therein without the knowledge of the user

2.

Spam emails

Spam emails are unsolicited bulk emails.Spam emails are sent without the consent of the receiver with fraudulent or malicious intent.

3.

Trojan

A Trojan is a malware that appears as legitimate software. In this, users are by some form of social engineering tricked to load and execute Trojans on their systems. Once activated Trojans enable the attacker to spy on the user’s computer, and steal its sensitive information, and also it has backdoor access on users’ systems.

4.

Denial-of-service (DoS)

Denial of service attack is a cyberattack in which the attacker by interrupting the normal functioning of the device, renders the device or computer unavailable to its intended user. It brings down the computer network or website by flooding it with massages.

5.

Malware

Malware consists of codes, which are developed by Cyber attackers, to damage the data and system or to get unauthorized access to a network. Malware is in the form of a link, and the user is required to click on the link to execute malware.

6.

Phishing

Phishing attacks steal a person’s sensitive, confidential information such as username, password, network credentials, and more. In this cyber attackers manipulate the person such as they are bound to perform certain actions like clicking on malicious links or attachments, or wilfully giving confidential information.

7.

Fiscal Fraud

Fiscal fraud is a form of cyberattack in which cyber attackers by targeting official online payment channels, can hamper processes such as tax collection or make fraudulent claims for benefits.

8.

State cyber attacks

Cyberattacks can also be used by some government agencies as a new means of warfare. An example of such an attack was in 2010 when “Stuxnet” a computer virus, was used to attack  Iran’s secret nuclear program.

9.

carders

Carders is another form of cyber attack in which cyber attacker steals the bank or credit card details of a person, and then make duplicate cards and use it to withdraw cash at ATMs or in shop

How cyberattacks impact business information

With the advancement in hacking technology and social engineering techniques, cybercrime is increasing day by day. For every achievement in cybersecurity, hackers are coming with more complex counter approaches, which means businesses have to keep themselves updated on cybersecurity, or else they can become a victim of Cyberattack. As in today’s world, each and every business has some form of an online presence. The cyber attackers are working day and night to find those with loopholes and take advantage.

Cyber attacks impact the reputation, finances, operation, and staff of a business. As cybercrime is becoming more profitable day by day, Cyber attacks are more likely to occur. Cyberattacks have both short and long term effects on business.

Cyber Attack short term effect

Some Cyberattacks can damage your business immediately. For example, Denial of service attacks  (DoS) and ransomware.

Denial of service attacks damages the business services connected to the internet temporarily. Because of this, a customer will not be able to reach the business online portal, and also they will not be able to access your site. This not only blocks your current client but also diverts your new potential clients.

Ransomware is another Cyber attack that can cause immediate damage to your business. Ransomware is malicious software that gets into your system and conceals your data, because of this business losses its customers, employees,  and tactical data.

Cyber Attack long term effect

Like short term effects of cyber attacks, long term effects are not so obvious. If customer data or personal information are leaked to hackers after a  cyberattack, then damage to business reputation may occur. If the data breach is severe, customers take their business elsewhere, and thus it slows down the business. Lawsuits and fines are other long term effects of cyber attacks. When a large amount of personal information is leaked then civil lawsuits arise, and these suits are quite expensive and also they take years to settle.

Ways to protect technology from cyber attacks

Understanding what is sensitive data

Data protection starts by identifying what all information you have and who all have access to it. You can take the best steps to protect your information only by knowing what all information you have and who all have access to it.

For collecting all sensitive information that business has to first search in all computers, laptops, flash drives, disks, home computers, and other equipment to find out where the company stores sensitive data. Also by talking with the company’s sales department, information technology staff, human resources officer, accounting personnel, and outside service providers you can collect personal information of your business. Get a complete picture of who gives the sensitive information of business and who receives it.

Limiting employee access to personal data

Companies shall make sure that access to valuable company data is appropriately restricted, as it reduces the chance of human error which is the number one threat to information security. Company staff shall only have access to information which is necessary for doing their job.

Protective action must be taken immediately if an employee leaves or transfers to a  different company, which includes deleting passwords and accounts from all systems and collecting company ID badges and entry keys.

Mend operating systems & software regularly

If you do not update all software on every device used by your employees, then every new app on that device can open the door to a cyber attack.

While purchasing a new computer or installing new software in your system always check for updates, and always be aware that software vendors are not required to provide security updates for unsupported products. Always download new updates as they include new or enhanced security features.

Installing software and hardware firewalls

By installing firewalls, malicious hackers can be prevented, and also it stops the employees from browsing inappropriate websites, so install and update the firewall system on every employee computer, smartphone, and networked device.

Even if you use a cloud service provider (CSP) or a virtual private network (VPN), Include off-site employees. Intrusion detection/prevention systems (IDPs) can also be installed to provide a  greater level of protection.

Securing wireless access points & networks

For secure wireless networking, do the following:

– On new devices, administrative passwords shall be changed.

– The wireless access point  shall be placed properly so that it does not broadcast its service set identifier (SSID)

– To use WiFi Protected Access 2 (WPA-2), with the Advanced Encryption Standard (AES) for encryption, set your router properly.

– WEP (Wired-Equivalent Privacy) use shall be avoided.

If customers or visitors are provided with WiFi services then it should be separated from the business network.

Arranging web & email filters

Hackers can be prevented by using email and web browser filters and also by downloading blacklist services companies can block users from browsing risky websites that pose malware risks.

Prevent the company staff from visiting sites that are associated with cybersecurity threats, such as social media, as it only takes one employee to visit the wrong website to unintentionally download malware onto your company systems.

Encryption for sensitive business information

To protect a company’s computers, tablets, and smartphones use full-disc encryption, and a copy of your encryption password or key shall be saved in a secure location that shall be separate from your stored backups.

The same encryption capability is needed by email recipients to decrypt, password or key shall not be shared with employees in the same email as an encrypted document, it can be given to them via phone or by some other method.

Disposing of old computers safely

Wipe all valuable hard drive information from your old computer, before donating or trashing it, sensitive business or personal data on old CDs, flash drives, or other old media shall be deleted properly, and then take them to a  company that will shred them for you. Sensitive paper information shall be destroyed with the help of a shredder.

Train employees

The best protection against information security threats is Cyber-vigilant employees.

Every staff in the company shall know:

  • How sensitive information has to be used at the office or home.
  • What to do if  a cyberattack occurs
  • Train each and every employee how to protect business information and made them sign the information policy of the company.

Others security controls

Several controls shall be implemented, depending upon the risk in the company,  to ensure the confidentiality of data. controls can be classified in the  following:

Preventive controls 

Preventive controls are the security controls that aim to prevent any kind of threat by restricting access to the company’s network, programs, and data that may prevent unauthorized access. 

Detective controls  

Detective controls are the controls that aim to detect any threat to the business information.

Corrective controls 

Corrective controls are the controls that aim to correct any irregularities that are identified.

Conclusion

Nowadays,  a Cyberattack on business seems to be inevitable. But these attacks are avoidable if companies follow the following steps which are made for preventing cyberattacks, and these are:

  • Creating a backup system for restoring data if attacked, and these systems shall not be connected to the main network, or else they will also be lost.
  • Business continuity plans shall be well tested and up-to-date, it’s essential that these plans are updated and well tested at regular intervals.
  • Table tap exercise shall be conducted regularly and it shall include facility and operation managers, IT managers, C suite executives, and legal teams.
  • Make sure that the network shall encrypt both data at rest and data in motion.
  • Keep a check with a business cyber insurance company to know whether or not existing policies cover ransomware or not.

Thus these are the defences that are available for businesses to prevent a cyber attack.

References 


LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

LEAVE A REPLY

Please enter your comment!
Please enter your name here