Common Cyber Attacks: Reducing the Impact

Overview of Common Cyber Attacks: Insights from the White Paper

The document titled “Common Cyber Attacks: Reducing Their Impact” aims to provide organizations with an understanding of what constitutes a typical cyber attack. It emphasizes the necessity for all entities to implement fundamental security controls and practices to safeguard against these threats. You can access the complete version at the end of this page (PDF).

This paper can be read in conjunction with the updated guide, “10 Steps to Cyber Security,” which delivers more extensive advice on the practical measures organizations can take to enhance the security of their networks and the sensitive information within them.

The white paper does not encompass a thorough analysis of advanced or persistent attacks, nor does it provide a detailed breakdown of the methodologies behind those incidents.

Quick Reference: Common Cyber Attacks

An infographic summarizing common cyber attacks is available for download at the end of this page. This resource outlines the essential security measures that organizations can adopt to minimize their vulnerability to successful cyber attacks.

Understanding the Threat Landscape

Before allocating resources towards defensive measures, many organizations seek clear evidence that they are, or will be, targeted by particular threats. Unfortunately, accurately assessing the specific threats facing each organization proves challenging in the digital realm.

Nevertheless, it is crucial to recognize that every organization is a potential target. Each has assets of value that could attract malicious interest. Demonstrating vulnerabilities in cyber security by neglecting basic protections can lead to experiencing a cyber attack.

Mitigating Your Risk of Cyber Attacks

Fortunately, there are effective and cost-efficient approaches to decreasing your organization’s risk of typical cyber attacks targeting Internet-exposed systems. The following measures, outlined in the Cyber Essentials, offer guidance on implementation:

• Boundary firewalls and internet gateways – Create strong network perimeter defenses with web proxies, filtering, and content checking policies to detect and block potentially harmful downloads, restrict access to malicious sites, and prevent direct Internet communication from users’ devices.
• Malware protection – Maintain up-to-date defenses to identify and respond to known malicious software.
• Patch management – Update software regularly to close known vulnerabilities and prevent exploits.
• Allow listing and execution control – Block unauthorized software from running, including from USB and CD drives.
• Secure configuration – Limit device functionalities and applications to what is necessary for operational efficiency.
• Password policy – Implement and consistently enforce an effective password policy.
• User access control – Implement restrictions on users’ permissions based on the principle of least privilege.

If your organization is at risk from more sophisticated attackers, bolster your defenses with additional measures as detailed in the 10 Steps to Cyber Security:

• Security monitoring – Actively monitor for unexpected or suspicious activities.
• User training and awareness – Equip staff to understand their security responsibilities and report unusual occurrences.
• Security incident management – Formulate plans to manage attacks effectively, as prompt responses can mitigate business impacts.

Enhancing Your Cyber Defenses

The Internet is fraught with threats. As new vulnerabilities emerge and readily available tools to exploit them come to market, inaction is no longer viable. To protect your organization and its reputation, establish fundamental cyber defenses to avoid falling victim to the multitude of attacks faced online.