Phishing, a term coined in 1996, is a form of online identity theft. Phishers or scammers utilise deceptive phishing and social engineering with the use of email to steal victims’ personal identity data and financial data (e.g. banking credentials). For example, spoofed emails are commonly used to lure unsuspecting victims with links to spoofed websites that harvest information.
A deceptive phishing attack lures the web user to believe they are communicating with trusted and legitimate entity for the purpose of stealing their personal data (account details, logon credentials, etc.).
Insider threats are malicious threats to an organization that comes from people within the organization such as employees, former employees, business associates and contractors who have and possess inside information concerning the organization’s security practices, computer systems and data. In addition, insider threats are commonly caused by the following group of people:
- Privileged users: these are trusted users in the organization have the ability to misuse data intentionally or unintentionally.
- Third parties: these are remote users, subcontractors and vendors such as IT technicians who have access to the organizations’ systems.
- Terminated employees: these are former users within the organization that are either terminated by the organization and/or have left the organization for other jobs.
Users within an organization who work against organization policies to share sensitive data to external parties. Insider threats are regarded as the more difficult form of attack to stop.
Unauthorised access of data /theft
‘Unauthorised access to data’ or ‘data theft’ is gaining access to data that you are not authorised to access, see and in possession of. As more and more data are termed ‘sensitive’, the need and ability to secure sensitive data to reduce data theft is becoming a challenge. This is due to multiple reasons:
- Lack of security and data policies to save guard the handling and use of data.
- Lack of awareness on the importance of data, hierarchy of data sharing rights.
- Lack of implementation of security group policies and access rights to files, shares and directories.
- Loop holes in the systems creating backdoors for users to have access to sensitive data.
Designing and implementing proper security policies, protocols and managing users, shared drive accesses are some simple ways to reduce and/or stop unauthorised access of data.
Data Leakage / Data Breach
‘Data Leakage’ or ‘Data Breach’ is the event when unauthorised data or classified data is transferred from one computer or datacentre to the outside of the organization or world. Data leakage is defined as the accidental or unintentional distribution of private, sensitive data or classified data to an unauthorised entity. Sensitive data in organizations involved in data leakage are in the following form:
- Intellectual property (IP)
- Financial information
- Patient information
- Personal credit card data
- And other sensitive organization data depending on the nature of business
Ransomware is a form of malicious software that utilizes a number of attack vectors such as phishing to deliver its payload to the targeted machine. The payload requires a user to click on the phishing link to via an email attachment in order to take control of the system and lock up all windows files.
Ransomware attacks are financial motivated threats which purposely gain control of a system and demands a ransom in return. The ransom is usually demanded in bitcoins. Here are some tips to identity and defend against ransomware threats:
- Avoid clicking on phishing emails. These emails have URLs that usually contain meaningless speech or writing, characters that do not make sense.
- Be vigilant online when accessing the Internet.
- In an organization, always make sure there are security scanning tools on both the server side and client side to verify email attachments and links.
- Stay away from online spams, online shopping advertisements and free streaming sites. These sites are vulnerable.
Denial of Services Attack
A ‘Denial-of-Service (DoS)’ attack is a cyber-attack whereby the perpetrator seeks to make a victim (machine (s), servers, network resource or a website) unavailable to its intended users by temporarily or indefinitely distrusting services of a host connected to the internet. DoS attacks usually flood the targeted machine or network resources with superfluous requests in an attempt to overload systems and prevent legitimate requests from being fulfilled.
DoS attacks can escalate to a ‘Distributed Denial-of-Service (DDoS)’ attack. This happens when the victim (machine, servers, network resource or website) gets flooded by incoming traffic originating from multiple and different sources.