How to Prevent Cyber Attacks
While cyber attacks are nothing new, cyber criminals have become even more active since the onset of the COVID-19 pandemic. According to Deloitte, these attacks have evolved to take advantage of remote workers using their own devices and potentially sub-par internet security. In addition, given that 47% of phishing victims fall for the scam while working from home, cybersecurity measures to prevent cyber attacks are more critical than ever before.
Furthermore, bad actors have become more sophisticated in order to access personal information for malicious purposes. Website spoofing related to COVID-19 vaccines, small business PPP loan applications, and government stimulus check inquiries are just a few examples of this evolution.
Just as cyber criminals are evolving, so too must those who want to prevent cyber attacks. Read on to learn more about the most common types of cyber attacks and how to prevent them.
What Is a Cyber Attack?
According to the U.S. National Institute of Standards and Technology (NIST), a cyber attack is a cyberspace attempt to “disrupt, disable, destroy, or maliciously control a computing environment/infrastructure; to destroy the integrity of the data, or steal controlled information.”
These attacks take many forms and can be difficult to spot — that’s why it’s so important to understand the most common types of cyber attacks that you may encounter in both a personal and professional setting. Being aware is the first step toward the prevention of cyber attacks.
Types of Cyber Attacks
Did you know that there is a cyber attack every 39 seconds in the U.S.? That equates to 2,200 attacks per day, or 803,000 attacks per year! The resulting cost of these attacks goes far beyond the billions of dollars lost — identities are stolen, personal information and photos are posted on the internet, and social media accounts are hacked. These events can be devastating both professionally and personally, causing psychological trauma as well as financial losses.
Here are some of the most common types of cyber attacks.
Short for “malicious software”, malware is hardware, firmware, or software inserted into a system for a harmful purpose. These purposes can include compromising the confidentiality, integrity, or availability of data, applications, and operating systems; as well as generally harassing the intended target.
Common forms of malware include:
- Spyware: Code secretly inserted into an information system in order to obtain confidential data, information, or content.
- Ransomware: Code that blocks user access to key components of a system until a specified amount of money is paid by the victim or organization to the perpetrator.
- Rogueware: Misleading content that tricks a user into thinking their computer is infected with a virus, and prompts them to click on a fake “warning” which results in the installation of malware.
- Virus: Self-replicating malicious code that attaches itself to another program, waiting until that program is activated to spread further and consume data or resources.
- Worm: Self-replicating malicious code that can run independently (without a host program), creating complete copies of itself to attach to other hosts and consume computer data or resources.
- Trojan Horse: A seemingly useful program that contains hidden malicious code which is activated when the program is used.
Phishing is an attempt to obtain sensitive personal or financial information through the use of fraudulent email communications or a spoofed website (fraudulent website). The term “spear phishing” has the same meaning, except the attack is directed in a highly targeted manner.
MitM is an attack positioned between two communicating parties where information is intercepted and modified by a cyber criminal posing as one of the communicating parties. Common uses of this type of attack include banking information or password capture.
Denial of Service (DoS)
A DoS attack prevents authorized access to resources or causes critical operations to be delayed for a period of time. This can entail everything from denying access to buildings via key card to the slowdown or shutdown of computers or computerized equipment. A DDoS attack (Distributed Denial of Service) results in the same effect, but is perpetrated through multiple host systems that have been infected and are under perpetrator control.
SQL Injection (SQLi)
A SQLi attack exploits web security vulnerabilities (e.g., unprotected/underprotected database access), allowing the attacker to “inject” SQL code into a SQL server. This malicious code allows the attacker to access private, sensitive data as well as modify or delete data.
Cross-Site Scripting (XXS)
In an XXS cyber attack, a bad actor injects malicious script into a web application and then waits. When an unsuspecting user visits a “trusted” website that has been infected, the malicious script is delivered with requested content to the victim’s browser. This access enables the attacker to steal session cookies and pretend to be the user for the purposes of theft or harassment. This type of attack can also be used to hack social media accounts, phish for personal information, and spread malware.
A zero-day attack targets recently identified hardware, firmware, or software vulnerabilities requiring a “patch” (i.e., corrective modifications or code from the developer). Oftentimes, individuals or organizations will experience a delay between the vulnerability identification and patch application, giving bad actors an opportunity to exploit the vulnerability before it’s fixed.
This attack uses DNS (Domain Name System) protocol to send non-DNS activity across Port 53, which is used to maintain consistency between a DNS server and a database. While DNS tunneling is often used for legitimate and helpful reasons, such as hotspot logins, it can also be used to illegally extract data from targeted systems, as well as to remotely control them.
How to Prevent Business Cyber Attacks
In the past year alone, 61% of small and medium-sized businesses have experienced at least one form of cyber attack. These attacks have cost the business community $4.2 billion in the past year, disrupted operations, and negatively impacted their hard-won brand equity across all industries. As cyber criminals become even more sophisticated, it is imperative that all businesses (regardless of their size) take this threat seriously and proactively work to prevent cyber attacks.
To prevent cyber attacks, it is recommended that businesses implement the NIST Framework for Improving Critical Infrastructure Cybersecurity, and tailor it to their specific industry and needs. Developing a general plan utilizing NIST’s five functions (below) is a good first step in developing a strong business cybersecurity program which will significantly reduce the risk of your business becoming the victim of a cyber attack.
Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
Key focus: This step is basically an assessment of your electronic business environment, equipment, and assets. The most important thing is to take your time and be thorough.
- List all the electronic assets that support your business-critical functions or operations, such as WLANs, client-facing websites, POS systems, shared document libraries, etc.
- List your most valuable data assets (e.g., customer databases, product inventories, proprietary intellectual capital).
- Document systems relating to facilities access management (e.g., key cards, electronic locks, internal camera systems).
- Consider your company’s mission, key operations, and associated stakeholders. This will help you identify the right individuals to assign key cybersecurity responsibilities and decision-making authority.
- Carefully consider all the ways these assets could be attacked (remotely and physically) by both internal and external bad actors.
Risk Management Strategy:
- Meet with your identified key cybersecurity stakeholders and decision makers to decide on priorities, acceptable risk levels, and key assumptions.
- Be sure to factor in any insurance, compliance, or governance requirements your business must meet relating to cybersecurity.
Now, you’re ready to begin building out your cybersecurity plan. Many businesses engage a cybersecurity expert to help build their initial plan, and then may work through the plan using internal resources. You can also get started right now using the Federal Communications Commission Small Business Cyberplanner, which can help you create an initial cybersecurity plan for your business.
Interested in becoming a cybersecurity expert yourself? The Cybersecurity Boot Camp at UT Austin can help you gain the in-demand skills to help small businesses protect themselves from cyber attacks.
Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
Key focus: Ensure that best practices are in place to protect all the vital electronic elements of your business. Below are some of the most important areas to address as you work through your cybersecurity plan to prevent cyber attacks.
- Identity and Access Management (IAM)
- Privileged Access Management (PAM) for back end administrative access
- Random password generation and two-factor authentication
- Vendor and third-party access control standards to help maintain the cybersecurity posture of your company as you interact with them
Awareness and Training:
- Employee cybersecurity awareness training to help avoid phishing and other malware attacks
Information Protection Processes and Procedures:
- Secure payment processing
- Critical data and file backups (both cloud-based and physical storage)
- Development of cyber event response, recovery, and business continuity plans
- Practice and testing of response, recovery, and business continuity plans
- Patch management
- Ongoing OS, software, and firmware updates
Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Key focus: No matter how good a cybersecurity plan is, there is always the possibility a cyber attack can occur. Making sure your business has the ability to detect anomalies and cybersecurity events through continuous monitoring and detection processes is key to a robust cybersecurity posture.
There are many ways to monitor business systems for anomalies and cyber events. Some businesses engage monitoring services which will notify them of suspicious activities, and some of these services will also take predefined steps to mitigate these events. Other businesses employ a variety of tools to help them monitor systems for anomalies and events internally.
Some of the tools used to perform this monitoring include:
Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Key focus: Once an anomaly or potential event has been detected, it’s imperative that your business be ready to respond immediately. Repelling or containing the impact of a potential cybersecurity event can make the difference between normal business operations and catastrophic repercussions.
- Response Planning: Create plans that you can quickly execute when specific types of cyber attacks are detected. Having these plans in place before the event occurs will not only help your organization respond quickly, but will also ensure the response is well thought out, practiced, and as effective as possible.
- Communications: Coordination of response activities and communication with stakeholders is a critical response component. Defining communication roles and responsibilities prior to the cyber event is key to ensuring a swift and effective response.
- Analysis: Investigation of the cyber event notification, the impact of the event, and how effective your company’s response has been in protecting your digital assets are key elements in cyber attack analysis. Forensic measures are usually performed as part of the analysis as well.
- Mitigation: Implementation of previously developed cyber attack response plans and mitigation of additional damage (if any) are key steps in cyber attack response. Before moving on after the threat is neutralized, it’s also important to review and document any new or unforeseen vulnerabilities exposed during the event in order to enhance your cybersecurity plan and prevent further attacks.
- Improvements: Review of the cyber attack after it has been neutralized will help you understand any updates or revisions needed in your cybersecurity plan, as well as evaluate your company’s execution of your plan. This will help you iteratively improve your company’s cybersecurity posture.
Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
Key focus: After a cyber attack, recovery includes carrying out activities to repair any impacted systems or data in order to restore normal business operations and avoid damage to your company’s brand and reputation.
- Recovery Planning: Creating recovery plans ahead of time for the various types of cyber attacks through the anticipation of likely effects will help your business demonstrate resilience and return to normal operations as quickly as possible.
- Improvements: Documentation of any unanticipated repercussions from a cyber attack are important, as this will help prevent or mitigate damage from a similar cyber attack in the future.
- Communications: Effectively communicating recovery efforts, systems status, and associated timelines is key to a successful cyber attack recovery. This not only includes internal communications, but also communications with vendor partners, external stakeholders, and customers as well.
How to Prevent Personal Cyber Attacks
Protecting your personal devices from hackers and viruses is a necessary skill in our digital world. This requires an understanding of, and adherence to, personal cybersecurity best practices such as those listed below.
While it can be tempting to use the same username and password for all your online accounts and apps, it puts you at significant risk should a hacker gain access to one of your accounts. In addition, using passwords that have personal significance makes it easier for cyber criminals to guess your username and password through some fairly simple web scraping.
Use a password manager that will help you generate random, strong passwords for each of your online accounts and store them securely for easy access so you don’t have to remember them.
WiFi and Hotspot Usage
Using public WiFi hotspots at your local coffee shop or the airport is certainly convenient. However, remember that they are truly public — it’s easy for a cyber criminal to intercept your communications and access confidential information.
- When using a public WiFi hotspot, be sure to use a Virtual Private Network (VPN) or use your smartphone as a personal WiFi hotspot.
- Never use a public charging cord as they can be used to deliver malware.
There are endless options for free email account providers. When choosing one, or more, consider incorporating the following steps.
- Use a password manager for all email account credentials and change your password every 90 days.
- Check to see if your email account has been part of a data breach regularly.
- Configure your email client to use the TLS option (Secure IMAP or Secure POP3).
- Employ a “zero-trust mindset” when receiving emails from unknown persons or organizations and discard without opening if unrecognized.
- For commercial or business email from a trusted source that has an embedded link, consider opening a browser and navigating to the site via search engine — phishing can be very sophisticated.
- Before opening an unexpected email from a friend or family member with an attachment, verify with the source that they did send the document (e.g., direct email, text, phone).
Web Browsing and E-Commerce
Many people conduct the majority of their banking and shopping online. As a result, cyber criminals consider these activities to be valuable targeting opportunities. To avoid becoming the victim of cyber attacks, consistently use these best practices.
- Use Multi-Factor Authentication (MFA) whenever available, especially for financial services or banking.
- Websites often use challenge questions to authenticate users — use false answers when setting up your questions (e.g., the wrong high school, pet name) in case a web-scraping hacker has accessed personal information.
- Create bookmarks in your browser for commonly accessed websites (e.g., banking, food delivery, retailers) to avoid mistakenly accessing a fraudulent site and entering your credentials.
- Only shop on sites that have secure socket layer (SSL) encryption at minimum. Look for a padlock icon to the left of the URL in the address bar to verify SSL encryption.
- Consider how you pay for purchases when shopping online to minimize fraud and identity theft risks.
- Only download applications from Google Play or the App Store as third-party app stores and pop-ups are much more likely to contain malware.
It’s fun to share events, thoughts, and memories with friends and family on social media. Just make sure to adhere to best practices to keep yourself and your loved ones safe.
- Set all social media accounts to “private” or “friends only” access.
- Review privacy settings for your social media accounts when Terms of Service updates are made. Always opt out of allowing search engines to include your information.
- Be careful when accepting friend requests — if you don’t know them, don’t accept.
- Remove location data from photos before sharing them on social media.
- Think carefully before clicking links from friends; social media accounts are hacked often, so make sure the post seems consistent with their usual content.
- If you suspect you’ve been hacked, take immediate steps and notify your contacts through a secondary source such as text or email.
Home Network and Devices
These days, everyone has personal routers, home WiFi, and smart home technology. However, just as our technology has evolved, so too have hackers.
- Purchase and install an American-made antivirus product on all home PCs and laptops. Be sure to apply updates and patches regularly.
- Consider purchasing a smart firewall which monitors all home network traffic. This will monitor smart home devices as well as traditional electronic devices, checking for anomalies and unusual activity volume.
- Verify that your personal or ISP-provided WAP is using Wi-Fi Protected Access 2 (WPA2) and use a strong, 20-character password. Change the default SSID to something unique and impersonal.
- Disable the ability to perform remote/external administration on your routing and disable Universal Plug-n-Play (UPnP) to help prevent hackers from entering your network.
- Make sure that all home devices access the internet through your home router/firewall to avoid unauthorized access.
- Don’t forget about wireless printers — images of everything you print can be accessed. Keep their software updated and take all necessary security precautions.
- Carefully evaluate smart home purchases (e.g., cameras, voice assistants, Bluetooth lightbulbs) for innate manufacturer security and hardening. Carefully review permissions and reduce them to the lowest necessary settings.
We are all very busy and applying updates can seem tedious and inconvenient. However, given the potential impact of a hacker gaining access to your personal information, it’s worth it.
- Make sure you update your software, OS, and browsers quickly when upgrades or patches are released. This will give you the benefit of the additional security provided in upgrades while helping you avoid zero-day and malware cyber attacks.
How to Learn Cybersecurity
Interested in going further and becoming a cybersecurity professional? There are many skills required to land a cybersecurity role, but luckily there are a number of ways to learn cybersecurity.
Traditional degrees are one way to prepare for a role in cybersecurity. For students who have the financial resources and time to devote to this type of study, it can be a great option which allows them to earn an undergraduate degree in computer science, while diving into cybersecurity as well. For example, The University of Texas at Austin Computer Science program has been ranked top 10 in the nation, and offers a robust cybersecurity concentration.
Bootcamps are another great option for learning cybersecurity. With their focus on in-demand skill sets, as well as practical, real-world projects, it’s no surprise cybersecurity bootcamps are a top choice for discerning students and employers alike. In fact, The Cybersecurity Boot Camp at UT Austin is an excellent option for aspiring cybersecurity professionals.
Independent learning is another option for those interested in learning more about cybersecurity. Such free resources as scholarly articles, blogs, and LinkedIn groups can help you understand more about the cybersecurity industry. In addition, free or low-cost online classes from Udemy and Coursera may be helpful in getting started too.
Want to move into a career in cybersecurity? Learn more about what The Cybersecurity Boot Camp at UT Austin has to offer, and how Career Services can help you get noticed by prospective employers.
Increase Your Protection Against Cyber Attacks Today
Having the knowledge and skills to protect yourself and your company from cyber attacks is critical. With increasing threats from cyber criminals, and the pandemic’s ongoing impact on every aspect of our lives, now is the right time to learn cybersecurity and apply it every day. Face the digital future with the confidence of knowing you’re ready to recognize and prevent cyber attacks.