Skip to main content

How does a cyber attack work and how your business can protect against it?

Cyber attacks may cause havoc for your business. It can mean operations grind to a halt and there may be significant financial loss and reputational damage. The threat of a cyber attack is so high for every enterprise today that it’s vital to understand what happens during an attack so that your business can take steps to protect itself.

Targeted vs untargeted

Cyber attacks can be broken down into two different categories - targeted and untargeted. In an untargeted attack those carrying out the attack are targeting as many devices as possible in a scattergun approach. There’s no actual focus on who the victim is, just the desire to find vulnerabilities and exploit them for gain. Phishing is a great example of this type of attack. A targeted attack happens because the attacker has a particular interest in that business or has been paid to target it. Examples of a targeted attack include deploying a botnet or spearphishing that is focused on specific individuals.

The stages of a cyber attack

Whatever the type of attack it will likely have a number of recognisable stages including:

  • Survey, where the potential target is investigated for vulnerabilities. This could be anything, from information from LinkedIn or Facebook to using network scanning tools.
  • Delivery, which means getting to the point in a system where it can be breached, for example by trying to gain access to a business’ online services.
  • The breach itself, which achieves unauthorised access to do something like gain control of a device or access accounts.
  • Ongoing affect, which are the activities an attacker carries out once it has breached security. This could be something like getting hold of information that they shouldn’t have access to, making changes to systems that benefit them or disrupting business operations.

How your business can protect itself

  • Train your employees so that they are cyber-aware. Staff are the first line of defence for any business - and can also be its biggest vulnerability. Training is the difference between people who can spot cyber attacks and risks and people who can’t.
  • Backup and encrypt data. Having a back-up available means that you’ll be able to ensure business continuity. Encrypted data is protected from anyone who does break through your defences unless they have the key.
  • Make sure that you follow best practices for password security. Use complex passwords as Regularly changing passwords is counterproductive as you will have to keep thinking of a new password each time.
  • Ensure your systems are always up to date so that you don’t miss out on security patches and repairs.
  • Track who has access and restrict it where necessary. Not everyone needs access to every area of your business and its data and limiting access improves protection from a cyber attack.

Cyber attacks are a serious business and not something that any organisation can ignore today. Whatever the size of your enterprise, the data within it alone is an appealing prospect for an attacker - which is why it’s so important to have protection in place.

Back to News
Written by:
Tom Lejava
12 April 2023