There are also a number of attack vectors available to cyber criminals that allow them to infect computers with malware or harvest stolen data, such as:
Social engineering – An exploitation of an individual’s weakness, achieved by making them click malicious links, or by physically gaining access to a computer through deception. Phishing and pharming are examples of social engineering.
Phishing – An attempt to acquire users’ information by masquerading as a legitimate entity.
Pharming – An attack to redirect a website’s traffic to a different, fake website, where the individual’s information is then compromised.
Drive-by – Opportunistic attacks against specific weaknesses within a system.
Man in the middle (MITM) – An attack where a middleman impersonates each endpoint and is able to manipulate both victims.
Find your vulnerabilities and exposures with a cyber health check now
Assess your cyber risk exposure with our consultancy services, designed to audit your organisation and provide you with detailed recommendations for improvements.
How can an organisation improve its cyber security?
There are a number of effective measures you can take to reduce cyber risks, although there are dangers in thinking that technological solutions alone will improve cyber security.
The three fundamental domains of effective cyber security are people, processes and technology.
The best approach to effective cyber security is to identify the threats, vulnerabilities and risks the organisation faces, and to forecast the impact and likelihood of such risks materialising.
Once the risks have been identified, the organisation should implement appropriate measures to mitigate those risks, while balancing its business objectives against the costs of those measures, and the impact and likelihood of the risks occurring.
Fortunately, a number of frameworks already exist to help organisations reduce their cyber risks.
IT Governance recommends that organisations use ISO 27001, the international standard providing best practice in information security, combined with Cyber Essentials, which offers a baseline for mitigating key cyber security risks.