Cyber Security For Businesses

Njabulo Hlefana
October 10, 2022

Cyber security is a hot topic these days, and it's only getting hotter. Every business needs to ensure that its information and resources are safe from hackers and cybercriminals. Experts say that cyber attacks are getting more sophisticated and business owners need to be prepared to defend themselves from these cybercriminals.

Don't Be Under The Belief That You Are 'Too Small'

There is a belief among many business owners that they won't get hacked because their business is small and so this would make them less attractive targets. While this may be true to some extent, they may very well still attack any site for any of their more common goals.

Statistics say that there is an attack every 39 seconds on average on the web and on average 30 000 new websites are hacked every day. Hackers bank on being one step ahead of you and your team. The best way to combat this is to be on top of the basics as well as new vulnerabilities that may develop over time.

The main goals of a hacker can include the following:

  • Exploiting site visitors.
  • Stealing information stored on your servers.
  • Tricking bots and crawlers (black-hat SEO practice).
  • Abusing server resources.
  • Pure evilness

1. Cross-Site Scripting Attacks

Cross-site Scripting (XSS) attack is a type of malicious injection attack which is used by the attacker to exploit the XSS vulnerability in a web application. The main entry point for XSS attacks are forms on your website. The objective of this attack is to inject malicious scripts or HTML codes into a legitimate and trusted website. 

Hackers choose cross-scripting injections because they are easier to execute when compared with other injection methods like SQL, LDAP, etc. Hackers can also use Cross-scripting attacks when there are no filters in place on their target website.

2. SQL Injection attacks

SQL injection is a form of attack against an application that uses Structured Query Language to retrieve data from a database. It is one of the most common database attacks used in web-based attacks, and it is often used for extracting information from databases.

A successful SQL injection attack can read any data present in the database, modify existing data, or even delete records from the database. This includes all sorts of different personal information about customers including credit card numbers, online banking credentials, identification numbers etc.

3. Phishing

Phishing is a common term that refers to the fraudulent attempt of acquiring sensitive information such as usernames, passwords and banking credentials by disguising as a trustworthy entity in an electronic communication such as e-mail. It usually comes in the form of an email or text message and tricks you into clicking on a link or visiting a website controlled by criminals. There are several different types of phishing attacks, including:

  • Spear Phishing — targeted attacks directed at specific companies and/or individuals.
  • Whaling — attacks targeting senior executives and stakeholders within an organization.
  • Pharming — leverages DNS cache poisoning to capture user credentials through a fake login landing page.

4. Man In The Middle Attacks:

Man-in-the-middle (MitM) attacks are a popular method of intercepting and relaying communications between two parties without the knowledge of either party. The attacker is able to masquerade as each endpoint in the conversation so that all data is relayed through their machine. This allows them to eavesdrop on conversations and even alter the content during transit.

This type of attack usually exploits security vulnerabilities in a network, such as an unsecured public WiFi, to insert themselves between a visitor’s device and the network. The problem with this kind of attack is that it is very difficult to detect, as the victim thinks the information is going to a legitimate destination. Phishing or malware attacks are often leveraged to carry out a MitM attack.

5. Denial-of-Service (DoS) & Distributed Denial-Of-Service (DDoS)

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users.

If you send more traffic to a website than it was built to handle, its servers will become overloaded and it will be near-impossible for the site to load its content for visitors on your website.

In other cases, these attacks can be carried out from many computers at the same time. This is commonly known as a Distributed Denial-Of-Service (DDoS) attack and this can be very difficult to overcome as the attack will be coming from different IP addresses around the world at the same time.

This makes it difficult to find the origin of the attack.

6. Malware

Malware is the most common form of computer virus and it also extends to ransomware. It can be spread through websites, USB drives, and e-mail attachments. Malware differs from viruses in that it is not self-replicating.

Once it is on your company, it can create massive headaches for you. It can take control of your computer, monitor your actions and keystrokes and silently siphon information from your computer and network servers. Always be mindful of what you click on!

If you want to be safe online, it’s important to always be mindful of suspicious links and emails. Install antivirus & firewall software on your machines and restrict access to authorized devices. Ensure that members of your organization change their passwords periodically.

Cybersecurity Companies