Common Cyber Attacks: Reducing the Impact

Overview of Common Cyber Attacks

The document titled “Common Cyber Attacks: Reducing The Impact” serves to enlighten organizations about the nature of prevalent cyber attacks and emphasizes the importance of developing fundamental security measures to safeguard against such threats. For the complete version, please download the PDF available at the end of this page.

This guide complements the updated “10 Steps to Cyber Security,” which provides in-depth guidance on practical measures organizations can adopt to enhance their network security and protect their information assets.

It is important to note that the paper does not encompass a thorough examination of advanced or ongoing attacks, nor does it dissect the mechanisms through which such attacks materialize.

Quick Reference: Common Cyber Attacks

A concise infographic on Common Cyber Attacks is available for download at the end of this page, illustrating the security measures organizations can implement to mitigate their risk of falling victim to cyber threats.

Understanding the Threat Landscape

Before committing resources to cybersecurity defenses, organizations often seek definitive proof of their vulnerability to specific threats. However, in the realm of cyberspace, accurately assessing the risks faced by particular organizations can be challenging.

Nevertheless, any organization could potentially be targeted. All entities possess valuable assets that may attract illicit attention. By showcasing deficiencies in basic cybersecurity practices, organizations may inadvertently invite cyber attacks.

Strategies to Reduce Exposure to Cyber Attacks

Fortunately, there are cost-effective methods for organizations to diminish their exposure to the prevalent types of cyber attacks affecting internet-facing systems. The following measures are included in the Cyber Essentials framework, along with guidance on their implementation:

• Boundary firewalls and internet gateways – implement perimeter defenses, including web proxies, filtering, content validation, and firewall settings to identify and obstruct executable file downloads, block access to known harmful domains, and prevent direct internet access from users’ devices.
• Malware protection – establish robust malware defenses to detect and respond to known threats.
• Patch management – regularly update software to address known vulnerabilities and mitigate risks associated with software exploitation.
• Allow listing and execution control – restrict the execution of unauthorized software, including disabling AutoRun for USB and CD drives.
• Secure configuration – limit the functionality of devices, operating systems, and applications to the essentials required for business operations.
• Password policy – develop and enforce a strong password policy.
• User access control – restrict execution permissions for standard users and adopt the principle of least privilege.

For organizations anticipating risks from more skilled attackers, consider implementing the additional measures outlined in the 10 Steps to Cyber Security:

• Security monitoring – track and identify any irregular or suspicious activities.
• User training, education, and awareness – ensure staff are trained to recognize their role in maintaining security and to report unusual activities.
• Security incident management – establish a robust response plan to address cyber incidents, which can help minimize the impact on your organization.

Enhancing Your Cyber Defenses

The internet is fraught with dangers, and the risk of cyberattacks is continually increasing as new vulnerabilities emerge and tools to exploit them are made widely available. Inaction is no longer a viable choice. It is crucial to protect your organization and maintain your reputation by instituting essential cyber defenses to avoid becoming just another statistic in the rising tide of victims.