Statista reports that as of April 2019 there are nearly 4.4 billion active internet users in the world. This means that more than half of the global population has some connection to the internet. Today, in our information-driven and technologically advanced society, a world without the internet is simply unimaginable.
This ease of internet access is often accompanied by a false sense of security that our sensitive personal information is safe online. With the popularity of social media on the rise, consumers are driven to share, connect and gain visibility. This makes it easier for hackers to infiltrate our personal lives. Depending on their skill set and motives, these cybercriminals can inflict a lot of damage. Hackers are always finding more advanced and creative ways to illegally obtain personal data. Large industrial organisations are most often the target, but consumers who store information like passwords and bank details are also susceptible.
Threats we face online
Large industrial organisations are usually the big targets for cybercriminals but average consumers are far from safe. The three most popular cyber threats businesses and users face are:
Malware
AVG defines malware as “a contraction of malicious software. Put simply, malware is any piece of software that was written with the intent of doing harm to data, devices or to people.”
Common types of malware include:
- Viruses: The most common type of malware, viruses attach malicious code to a system’s clean code. It spreads quickly and causes damage to the core functionality of the system by corrupting files and locking users out of their computers.
- Worms: Worms start by infecting one device and, like a worm, crawls through the network infecting any linked devices.
- Spyware: Simply, spyware is designed to ‘spy’ on the user. This type of malware hides in the background collecting sensitive information like passwords and banking details without the user’s knowledge or consent.
- Ransomware: Also known as ‘scareware’, ransomware has the ability to lock users out of their devices and networks until a ransom is paid. Large organisations are usually targeted.
Phishing
Phishing is a cyber attack disguised as an email from a reputable entity. These emails distribute malicious links or attachments that can extract login credentials or account information. Techtarget goes on to explain that victims receive a message that appears to have been sent by a known contact or organization. The attack is carried out either through a malicious file attachment that contains phishing software, or through links connecting to malicious websites. The objective is to install malware on the user’s device or direct the victim to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details.
Man-in-the-middle (MitM) attack
The MitM attack requires the perpetrator to infiltrate communications between a user and an application to either eavesdrop or impersonate one of the parties. The goal of such an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, e-commerce sites and other websites where logging in is required.
The impact of a cyber attack
From an organisational perspective, a cyber attack can inflict serious damage to the business’s reputation and its customer relationships. Additionally, financial loss can also occur as a result of the theft of corporate and financial information, a disruption in trading, and the loss of contracts.
Consumers, on the other hand, can fall victim to identity theft, financial loss as a result of stolen banking information, and reputational damage.
Staying safe online
McAfee, a security software company, lists these tips to help consumer protect their personal information online:
- Create complex passwords
- Use a firewall
- Practice safe surfing and shopping
- Be up to date on the latest scams
- Regularly back up data
To protect sensitive information and ensure its overall safety online, businesses can take the following steps:
- Regularly update software and operating systems
- Secure all wireless networks
- Set up a firewall
- Secure access to all company devices and
- Implement an ISO standard
- Educate employees on cyber safety
The latter is especially important as employees with access to sensitive company data are often prime targets. Computerweekly.com says that cybercriminals send emails to employees who have access to company funds through an email account closely resembling that of a company executive. The “executive” requests the employee to authorise a money transfer to a particular account, which is actually owned by the perpetrator.
Staying safe with ISO 27001 and 27032
ISO 27032, which was published in 2012, belongs to the ISO 27000 standard series and addresses the topic of cyber security and provides guidelines and explanations on how organisations can ensure safer data processing. It also provides a framework for information sharing and the process of incident handling. By becoming ISO 27032 compliant, organisations will see a drastic improvement of cyber security. Furthermore, the standard can protect the privacy of individuals all over the world by helping them monitor, detect, prepare, and respond to attacks.
Your organisation cannot be ISO 27032 certified, but it can be ISO 27001-certified for your information security management system. ISO 27032 aims to improve security in the virtual world by giving recommendations. ISO 27001 provides the requirements for the design, implementation, and maintenance of an information security management system.
How Wwise can help
We provide you with ISO-specific training options. Our courses are available through our e-learning platform, which helps to reduce the time it takes to complete courses. The platform makes it possible for attendees to attend the courses through the virtual classroom structure. View our full range of courses, and call us on 08610 99473 or visit our website for more information about cyber security training options.