Tech

3 most common types of cyberattacks — and how to prevent them

As a business owner operating online, you’ve probably wondered: what is a cyberattack? The simplest definition is this: it’s an unsolicited, deliberate attempt to breach another person or company’s computer system to steal, change or destroy its data.

Though unwelcome, cyberattacks are widespread, and hackers don’t discriminate between small, midsize and large businesses. Here, the team at ESET share the types of cyberattacks we see all the time and share their top tips for how to prevent cyberattacks from happening to your company.

#1 Malware

Malware is short for “malicious software,” and it’s an umbrella term that encompasses many attacks, including ransomware, spyware, adware, viruses, worms and Trojan horses. All types of malware have one thing in common: they breach a system or network through a vulnerability. For example, a cybercriminal could encode a virus into an email via a link or attachment. When the user clicks on the file, it infects the device with the virus. Once malware has been downloaded onto a device, it can install harmful software, track or transmit your data, block you from your own systems, or restrict access to your files or data until you pay a sum of money (i.e. a “ransom”).

The easiest way to prevent malware

Update your computer’s operating system (OS) and applications regularly, and invest in premium antivirus and antimalware software. ESET PROTECT Complete offers multilayered protection against a range of attacks and works to defend your cloud email, collaboration and storage systems. It also encrypts your data with endpoint protection, which is handy if you have employees working remotely.

Be sure to accept all software updates to keep your security up to date — manufacturers constantly release patches to address new vulnerabilities and malware threats, so it’s important to stay on top of those notifications. Our advice? Switch to auto-updates, so you never miss another one.

#2 Phishing emails

Also known as social engineering attacks, phishing emails are scams where cybercriminals impersonate other people or companies with the goal of stealing sensitive data or infecting the user’s device with malware. The emails appear to be sent from a reputable, trustworthy source (like a bank or healthcare organisation), and they often look legitimate, with familiar logos and content. But when users open or interact with the email, this “activates” the scam. Phishing emails have been a persistent threat for years, but they’ve become more common since the pandemic for two key reasons: the rise in remote work, and the fact that email scams prey on emotions, like fear or anxiety.

The easiest way to prevent a phishing attack

To avoid falling victim to a phishing email, carefully check any emails you receive and don’t open emails from unknown senders. Spelling errors, weird turns of phrase, and unusual email addresses are red flags, as are emails that ask for your login details or financial details, like credit card numbers. If you come across a suspicious email, don’t click on any links or attachments. Instead, mark it as spam or alert your company’s IT department to it — cybercriminals often try to target multiple people in the same organisation.

#3 Man-in-the-middle attack

In the cybersecurity world, man-in-the-middle (MitM) attacks are often referred to as eavesdropping attacks. Basically, a hacker (the “man in the middle”) finds their way into a two-party transaction. If they’re successful, any communication between the client and server then goes through the hacker, putting the client’s data at risk. The most popular point of entry for MitM attacks is unsecure public WiFi networks, those unlocked, free networks you might join at a cafe, airport or coworking space. Since the traffic entering and exiting this network isn’t protected, a cybercriminal can put themselves in between your device (i.e. the client) and the network (i.e. the server). From that point, any sites you visit or email, social media or financial accounts you access pass through the attacker first. As you can imagine, this makes it much easier for hackers to steal that data for malicious purposes.

The easiest way to prevent man-in-the-middle attacks

Steer clear of public WiFi networks. Rely on your cellular data – like 4G or 5G — if you’re using your smartphone or computer in public and need to hop online, or wait until you can connect to a secure WiFi network. If you can’t avoid jumping onto an open WiFi network, join a Virtual Private Network (VPN) before you start browsing. This will encrypt the traffic between the VPN server and your device, strengthening your protection. Even with a VPN, try not to use any sites or accounts that contain sensitive information, such as work emails or online banking accounts.

Stay one step ahead of cybersecurity updates

This is by no means an exhaustive list of the types of cybersecurity attacks. There are many more, including watering hole attacks, password hacks and zero-day exploits. As they say, knowledge is power. To learn more about cybersecurity and potential threats your company might face, sign up for ESET’s Cybersecurity Awareness Training. This free training will teach you how to protect yourself against cyber attacks, and ESET’s team of experts is available to answer any questions you have.