Every year cyberattacks become more prevalent and more sophisticated and therefore also of greater concern for business continuity. The Business Continuity Institute ranked cyberattacks as their number 1 threat to business continuity – a further indication of how rapidly cyberattacks are becoming the top concern of business continuity professionals worldwide. In this post, we highlight the 12 most commonly used cyberattacks that can impact on business continuity planning. This should encourage you to consider at least the basics of cybersecurity and how to include that consideration in your business continuity planning to protect your data and computer systems.
1. Denial of Service (DOS) attack
Hackers overwhelm a computer or a network with traffic to such an extent that it can't continue operating. This can occur in the form of a flooded inbox or server making it inaccessible to the intended user and therefore causing a system disruption.
2. Man-in-the-Middle (MitM) attack
Hackers insert themselves between, for example, a Wi-Fi network and a victim's machine. This means that the hacker can either steal the information transferred between the machine and the Wi-Fi network or install malicious software to carry out a malware attack.
3. Phishing attack
The recipient is tricked into thinking an email is from a reputable source, when it's actually fraudulent communication. It can steal sensitive personal information such as credit card numbers and login details on the victim's machine.
4. Drive-by download attack
Hackers slip malicious code into apps, operating systems, or web browsers that haven't been updated and consequently contain vulnerabilities. Ensure that old apps that you don’t use are either removed or updated to avoid this form of attack.
5. Wifi Eavesdropping attack
When connecting to a public Wi-Fi network, hackers can intercept communication between the user’s device and the public network and so steal usernames, passwords and other unencrypted confidential information sent. You can avoid this by using a VPN.
6. Formjacking attack
Hackers load malicious code onto e-commerce sites and steal customers' credit card details from the checkout pages. The biggest targets of this form of attack are small to mid-sized retailers.
7. Malware attack
Users unknowingly activate malicious software (virus, spyware, ransomware) that was installed via a link or an email attachment click. This can block access to the network, steal information by transmitting it from the hard-drive, and disrupt a victim's machine.
8. Password attack
Hackers attempt to guess a password to gain access by repeatedly trying different passwords. This doesn't work when a lockout policy protects the account and it locks after three incorrect password entries.
9. Zero-day attack
Hackers become aware of a network, app or system insecurity and exploit it before a patch or update has been issued. Zero-day attacks are opportunistic attacks that can be avoided by having advanced cybersecurity in place; a consideration that should form part of your business continuity planning.
10. SQL injection attack
Malicious code is embedded (structured query language) into a poorly designed app which results in hackers being able to gain access to resources or alter data.
11. Brute force attack
Hackers use trial-and-error to guess a username or password, trying repeatedly with various combinations until eventually gaining access. This is a fairly old attack method that's still surprisingly effective and popular with.
12. Cross-site scripting (XSS) attack
A hacker injects malicious code into a trusted app or website. The code triggers when a victim visits the app or page. Most common in forums, message boards and web pages that allow comments. Can also be used to deface a website.
Organizations should undoubtedly include cybersecurity concerns in their business continuity plan instead of just focusing on the traditional threats. In fact, cybersecurity as part of business continuity planning should receive a special degree of attention since a cyberattack or data breach can have a much more far-reaching effect on the organization and its clients, than some of the more traditional threats.