Cyber Risks : Intrusion, invasion, and/or hacking into a business or individual’s processing system via Malware (malicious software) for the express purpose of committing a financial crime, data theft, obtaining business secrets, stealing intellectual property, harassment, system lock-downs, taking control of systems and software programs.
Types of Attacks
DDOS: Attackers select a specific target and find a vulnerability to gain access. They then flood a website, server, network or even phone systems with computer generated traffic (normally bots).
Keylogger: Type of spyware that tracks your activity as you input it to obtain passwords and financial log-ins.
Ransomware: Type of malware that restricts access to the infected computer system by encrypting the data and demands that the user pay a ransom to the hackers to remove the restriction.
RootKit: Allows access to administrative rights so that the hacker can take control of the systems from the foundation.
Spyware: Infection that allows the criminal to track internet activity such as to gather information: personal data, financial details, and online habits.
Virus: Destructive string of code attached to another program through a file or attachment and spreads across systems.
Worm: Like a virus but does not need an infected file to spread.
How Hackers Install Malware
Advanced Persistent Threat: Hackers gaining entry to systems, gathering information and leaving quietly. Done repetitively and goes unnoticed.
Man-in-the-Middle: Hackers put themselves in the middle of two systems or people and impersonate one or the other.
Oblivious: Unknown to user while visiting a website hacker will embed code (can be just from landing page) or download through links.
Phishing: Hackers sending emails, texts, phone-calls, gather information such as, personal data, financial account details, or to install bad code.
Quid-Pro-Quo: Impersonates someone that promises a service to gain sensitive information.
Smishing: Social media phishing malware is hidden in random friendly requests.
Spearphishing: Very targeted phishing scam sent to many people hoping that at least someone clicks on it.
Social Engineering: Psychological manipulation so someone performs tasks to deploy malicious code.
Spoofing: A fake site.
Trojan: Invades a system disguised as other code and is downloaded to a computer and executed to grant access to the system.
Whaling: Hack targeted at high net worth individuals.
Cost of a Hack
Cyber crimes are very costly to the individual victim, business and brand. Along with actual financial losses there are other losses. including:
- Forensic/Incident Investigation
- Hardware loss & cleanup
- Security upgrades & improvements
- Crisis management time & effort
- Added Insurance
- Business disruption & recouping data lost, if possible
- Loss of business
- Brand exposure