Nov 29 9 min read
The Different Types Of Cyber Security
Cyber security is how organisations, like yours, protect their IT infrastructure from cyber-attacks.
What is Cyber Security? Types and Threats Explained
Cyber security is defined as using applications of technologies, processes and controls to help protect systems, networks, programs, devices and data from cyber-attacks or threats.
Cyber security is a term that has become synonymous with IT security and information security.
Here's why your business needs cyber security:
Why is cyber security important?
At Bluecube we understand that the thought of unplanned downtime, information disclosure, and monetary losses are enough to make your hair stand on end. Unfortunately, these are all potential risks when your IT is not closely guarded by highly trained professionals - and by that, we mean protected and monitored by an expert cyber security company.
Implementing cyber security protections is essential for businesses of all sizes, and not just reserved for the likes of the BBC or Twitter.
If you’re a growing business in the UK, safeguarding against cyber threats online is imperative. Having the right cyber security features in place ensures your operations continue uninterrupted with no issues or challenges you haven’t planned for.
With a cyber security company, you shouldn’t have to think about your IT security. The relationship needs to be based on reliability and trust, so that you can focus on other areas of your business with the peace of mind that all work-related devices and your IT systems are protected.
The last thing you want is to be interrupted when you’re leaving the office because of an issue with IT.
A professional cyber security service lets you go home, put your feet up, and enjoy your evening, rather than running around fixing an IT problem.
What are the different types of cyber security?
The most effective and efficient IT security protections vary depending on your organisation’s requirements, future goals, and pain points. There’s no point focusing on security measures that protect tablets when all your staff work from a desktop.
Do you know your malware from your software? To understand what IT security is and the best fit for your business, explore the different security measures below.
There is also critical infrastructure security and application security.
1. Network Security
Network security protects your computer network from cyber-attacks. Utilising different features, these safeguards reduce the risk of cyber threats from inside and outside your business. The strategy of this cyber security type encompasses various software and hardware that is constantly evolving to adapt to the landscape of cyber threats.
Across your network are multiple layers that all require separate protections. There are three different controls involved in network cyber security, physical, technical, and administrative. All three feature technologies work in tandem to create a robust protection against potential cyber security threats.
Three controls involved in network cyber security:
Routers, cabling cupboards, and servers all require physical protection from unauthorised access. Even devices as simple as locks play an important role in protecting your network from cyber threats. As your IT security protections evolve, you can incorporate access control or biometric authentication systems for total peace of mind.
Data losses can inconvenience your business, but in the worst-case scenario can lead to password breaches, financial information being exposed, and sensitive data leaks. Technical security features prevent unauthorised personnel, both inside and outside your business, from gaining access to your data.
95% of cybersecurity breaches are caused by human error.
That’s why administrative security features are essential to monitor user behaviour to ensure no internal breaches occur. A single mistake can be costly, don’t let it happen to your business. An expert cyber security company can advise you on the best way to prevent issues arising from administrative errors. (That may sound like a shameless plug, but when it comes to IT security, we’re happy to humbly brag about our skills!)
2. Cloud Security
Many growing businesses are using cloud computing to improve efficiency, data storage capacity, and scalability. Cloud-based infrastructure enables you to store large quantities of data and requires cloud-specific IT security features to prevent any data losses. You should never leave your organisation vulnerable to cyber-attacks through your cloud infrastructure, however.
Implementing the right measures makes your life easier; instead of worrying about cloud security, you can focus on other areas of your business.
Utilising automation allows IT security professionals to continuously monitor your cloud-based infrastructure. This allows you to spot potential threats and vulnerabilities before they cause a problem for your organisation. You can also collect data and use it to identify areas for cyber security improvement.
Multi-factor authentication is a type of access control method that means users need multiple credentials to prove they’re authorised to view data. Whether you’re storing data or moving it to another location, you should always use multi-factor encryption to safeguard your business.
Cyber security breaches, natural disasters, or a disaster due to human error can cause all kinds of issues for businesses’ cloud infrastructure. Having a recovery plan allows your operations to seamlessly continue without incurring unplanned downtime or data losses.
3. Internet of Things (IoT)
Across your team, there are many devices connected to your organisation’s network. Tablets, desktops, and mobiles used on your network have the potential to be exploited through cyber-attacks.
Internet of Things (IoT) security is a technology area dedicated to securing internet of things connected devices and networks.
As much as we want to think that staff are always working when using these devices, exploring personal social media accounts, or even doing a spot of Black Friday shopping, could leave your network at risk.
On separate employee devices, there is the risk of malware being downloaded through phishing attacks, for example.
Utilising network security features safeguards against this issue as all devices are connected to the same network. However, some devices aren’t designed with network security as a key feature, so IoT-specific security measures are essential to implement.
IoT Cyber Security Vulnerabilities:
• Data breaches
• Software attacks
• Weak encryption across devices
• Reduced visibility
When working across multiple devices, your business’s cyber security is only as strong as the weakest link. We’re sure there’s an Anne Robinson pun in there somewhere, but essentially, if one device is compromised, your entire network is vulnerable to the same cyber-attack.
Working with IT security professionals allows you to analyse all aspects of your operations and devices to identify risks. From there, it’s simple to source and implement the most effective security measures to give you complete peace of mind.
What is a cyber-attack?
A cyber-attack is an offensive that is launched by cybercriminals against a computer or network. This could be a targeted attack against one individual or a multi-national corporation’s network.
The purpose of the attack is to gain unauthorised access to a company's systems through the exploitation of technical or human weaknesses. Then extract and steal data or cause malicious damage. A lesser-known purpose of cyber criminals is to hack a computer system to use for attacks on other systems.
Now you can see the importance for all types of business to protect themselves. A dedicated IT provider can help protect against and disrupt cybercriminal activity.
As well as providing protective controls, your company’s computers and network should be monitored for signs of cyber-attacks in progress. This is the purpose of a security operations centre, manned by a specialist team that is available 24-hours a day, 7 days a week all year round.
What are the different types of cyber security threats?
In total, there are 15 types of cyber security threats; these include: virus, spyware, phishing, firmware hacking, IP spoofing, ransomware, attacks on virtualisation, social engineering, hardware based attacks, DDoS, IoT based attacks, botnets, rootkits, Man-in-the-Middle attacks (MitM) and SQL injection.
Today, we’re just going to cover three of the above cyber-attacks in more detail.
1. Phishing Attack
A phishing attack is when a hacker poses as a trusted organisation to trick a person into responding, clicking a link onto a fake website or opening an attachment. The fake communication link or attachment is the bait that aims to lure victims into revealing sensitive company or personal data such as intellectual property or bank account details.
How does a phishing attack occur?
Phishing, whilst a cyber-attack, is also a psychological attack. The hacker will send out an email, text message, or instant message to several targets, this could be thousands of people at once. A cyber-attacker may also want to trick the recipient into opening a link that may cause the computer to download malicious software.
Ways to Prevent A Phishing Attack
When this tactic is used on businesses, it’s often as a precursor to a more vicious attack. With the support of your SOC and specialist IT consultants, we can offer safety provisions in two ways.
• Educate all members of staff on what a phishing attack may look like
• Safeguard your computer network to protect your business if a phishing email is inadvertently opened
• validate the sender is legitimate via a phone call or looking their details up separately online. Often, phishing emails are sent from misspelled domains, public email systems - such as gmail.com or contain poor grammar
2. Denial of Service Attack (DDoS)
The purpose of a DDoS attack is always the same; to make a website slow or unresponsive.
A DDoS attack will attempt to overwhelm the volume of web traffic to a site or server, the objective being to prevent it from responding to service requests and possibly take the site or server offline completely.
This form of cyber-attack is launched from a large number of host machines (called a ‘botnet’) that are infected with malicious software.
Types of DDoS Attacks
There are three main types of DDoS attacks. Each has unique qualities and causes different types of damage to a computer system or IT network.
1. Volume-Based - The most common form of DDoS attack is a volume-based attack. This attack overloads the website or server with a massive amount of fake traffic measured in bits per second (bps); it’s also known as a flood attack.
2. Protocol or network-layer - A protocol or network-layer DDoS attack is slightly different but focuses on sending a large number of packets, which are a small amount of data grouped together, to a switch.
3. Application-layer - The final most common DDoS attack is an application-layer attack. Again, this method focuses on overloading the server or website but this time with malicious requests. This attack overloads the system by targeting specific weaknesses within the website application’s configuration.
Why is a DDoS Carried out?
A DDoS attack will not provide a direct benefit for the attacker but can be used as a threat to extort the recipient organisation. Alternatively, a competitor may launch a DDoS attack on a rival to prevent them from being able to work. Unlike other cyber-attack techniques, this form is often preferred when attacking or destroying an organisation, rather than stealing its resources.
3. Man-in-the-Middle Attack (MitM)
What is a MitM Attack?
A MitM attack happens when the attacker plants themselves in the communications chain of a client/customer and server.
The general purpose is to try and intercept communications between a business and its customers. It’s crucial not to overlook the importance of ensuring your business is protected against MitM attacks, especially as the IBM X-Force Threat Intelligence 2018 Index showed 35% of exploitation activity involved MitM attacks.
How to Prevent MitM Attacks
A MitM attack presents a lot of risks as they’re very difficult to notice and detect. This is why a dedicated Security Team manned by expert IT specialists can help spot malicious activity by monitoring your communications channels.
One of the preventative measures available for your web services involves installing SSL certificates. At the network level, using an Intrusion Detection System (IDS) is also a must. Another safeguarding procedure is to set-up a VPN, adding multiple layers of protection to your system.
Our team will also work with you to help your organisation to be able to detect and stop MitM attacks. For businesses, MitM attacks present a unique threat because if a hacker can impersonate someone in your company it can be extremely damaging for your business and reputation.
Popular Type of MitM Attack
One of the most common types of MitM attacks aims to intercept the communications your business has. If your system is compromised, every communication from you to trusted third parties could be compromised. One form of MitM attack is called Business Email Compromise.
Business Email Compromise
The Business Email Compromise attack technique is one of the most successful ways for cyber criminals to commit fraud. Through the use of phishing lures and other methods, they can fool you into providing your login O365 account credentials. Armed with these, the fraudsters will access your account and set up an email forwarder. This means that any emails that are sent to you are also automatically forwarded to the fraudsters. They will then scan every email for keywords or phrases such as ‘invoice’, ‘sort code’, ‘payment’, etc.
Passwords are still the primary method by which we prove who we are online. Being able to compromise this ability to prove who we are so they can impersonate us to make money is something that cyber criminals value highly. Because passwords have both human and technological weaknesses, it’s important to use a blend of guidance combined with different technology features to keep them secure.
Passwords can be obtained by methods such as social engineering, password spraying attacks and installing keyloggers.
The biggest defence against a password compromise attack is a combination of methods. Consider disabling password expiry and complexity, increasing password length to 10 characters and sharing some up to date guidance around creating and managing secure passwords (such as using three random words) with your company employees.
Our team can help with technical controls around passwords and implementing them, we can also offer advice on preventative measures your employees can take against hackers trying to steal your passwords. We will also ensure your passwords are encrypted at rest and in transit to add a further layer of protection for your business.
Cyber Security Services at Bluecube
At Bluecube, we’re a managed IT service provider that makes IT simple and straightforward for businesses. Cyber criminals are constantly evolving, which is why we constantly innovate to provide the best cyber security service to all our clients.
Talk to us today to find out the right cyber security solutions for your organisation. Explore how we design long-term strategies to future-proof the security of your business. Call us on 0845 257 8010, alternatively, you can drop us an email (email@example.com) or fill out our online enquiry form, and we’ll be in touch.