Cyber security aims to protect systems, networks and data from cyber attacks by using technologies, processes and controls. Cyber attacks can disrupt and cause considerable financial and reputational damage to even the most resilient organisation.To understand the concept of cyber attacks, consider a case of losing your wallet. There are several reasons your wallet will be lost:
- You may accidentally drop your wallet or forget your wallet somewhere in public places and a random pedestrian may pick it.
- A thief may steal your wallet because you do not zip your handbag. So the thief looks for a low-cost opportunity and it can be anyone.
- A thief may design a trap and wait for the correct time to steal a particular wallet because the amount of money and your identity cards inside are valuable enough to make him spare the effort.
In cyber security context, the reasons which cause your loss are the cyber risks. Instead of losing your valuables in your wallet, in cyber risk you may risk losing money, sensitive information, reputation or even face regulatory fines and litigation.
The reasons for cyber risks are similar to those of losing a wallet:
- Accidental risks: you may accidentally share sensitive information to unrelated parties via emails, or lose your USB drive which contains sensitive information. This type of risks could be prevented by setting up controls & measures, rectifying users’ behaviour through awareness training.
- Opportunist risks: hackers choose easy targets with low protection or awareness to steal from because it is the most efficient way to them. This is the most common risk that companies encounter. To avoid being the low-hanging fruit, measures should be taken to equip your system.
- Targeted risks: some hackers may target a company's or even a state’s assets and spend a long time and effort on it. The scope of this attack is narrow and focused. Having said that, this is not a common type of attack for average company.
Company owners usually think that they are not high profile enough to get a targeted attack. Yes they are right but wait, targeted attacks are less common form of attacks. However, most of the cyber attacks happen to the victims of cyber low-hanging fruit, which is a result of easy-to-fix vulnerabilities and bad practices.