Data Loss Prevention

Data loss prevention (DLP) refers to the identification and monitoring of sensitive data to ensure that it’s only accessed by authorized users and that there are safeguards against data leaks. This can be done accidentally or by a malicious attacker (Hacker).

Accidental Loss

It’s normal to feel as though our lives exist mainly within computers now. Times of remembering passwords or phone numbers feel like distant memories, thanks to autofill and our mobile phones.

Although, what happens if we lose all of this key data? Unfortunately, it’s easy to make mistakes with our technology, whether it’s the wrong click of a button, a smashed phone or even a misplaced computer, at the end of the day we all make human mistakes.

That’s why ensuring data is encrypted, so that the memory stick you lost doesn’t fall into the wrong hands and having a backup of your data so you can access it in an emergency is a must-have, it just isn’t worth the risk.

Malicious Attackers

The main threat most people tie to a breach of cyber security are criminal hackers, and that’s with good reason. In 2019 the Official Annual Cybercrime report predicted cybercriminal activity will be one of our greatest challenges over the next two decades, with new business models for this crime arising constantly.

A Malicious attacker is anyone who illegally breaks into a computer system to damage or steal information. Ensuring all of your personal and professional data is safe from potential hackers is a must-have and will only become more important in the years to come.

Attack/Threat Vectors

The term threat vector is the way in which an attacker poses a threat. This can be a particular tool that they can use against you (a vulnerability scanner, for example) or the path(s) of attack that they follow. Under that broad definition, a threat vector can be anything from a fake email that lures you into clicking a link (phishing) or an unsecured hotspot (rouge access point) and everything in between.

Malware & POS Malware

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network (by contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of types of malware exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware. POS malware is specifically designed for point-of-sale (POS) terminals and systems with the intention of stealing payment card data. It is commonly used by cybercriminals who want to resell stolen customer data from retail stores.

Account Hijacking

Account hijacking is a process through which an individual’s email account, computer account or any other account associated with a computing device or service is stolen or hijacked by a hacker. It is a type of identity theft in which the hacker uses the stolen account information to carry out malicious or unauthorized activity.

DoS & DDoS

DoS & DDoS (Denial of service & Distributed Denial of Service) are cyber attacks against networked resources like data centres, servers or websites and can limit the availability of a computer system. The attacker floods the network resource with messages which cause it to slow down or even crash, making it inaccessible to users. Potential mitigations include CDNs and proxies.

SQL Injection

SQL stands for structured query language, a programming language used to communicate with databases. Many of the servers that store sensitive data use SQL to manage the data in their database. An SQL injection uses malicious SQL to get the server to expose information it otherwise wouldn’t. This is a huge cyber risk if the database stores customer information, credit card numbers, credentials or other personally identifiable information (PII).

Phishing Attack

Phishing is a social engineering technique where the target is contacted usually by email by someone who is posing to be a legitimate website or institution to trick them into providing sensitive data, credentials or personally identifiable information (PII). To minimize phishing, educate your staff on the importance of cybersecurity and prevent email spoofing.

Dictionary & Brute Force Attacks

Dictionary and Brute force attacks are based on trial and error. Attackers may continuously try to gain access to your organization until one attack works. This could be by attacking weak passwords or encryption, phishing emails or sending infected email attachments containing a type of malware.

Social Engineering

Social engineering is a non-technical strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices. The success of social engineering techniques depends on attackers’ ability to manipulate victims into performing certain actions or providing confidential information. Today, social engineering is recognized as one of the greatest security threats facing organizations.

Man In The Middle

Public Wi-Fi networks can be exploited to perform man-in-the-middle attacks and intercept traffic that was supposed to go elsewhere, such as when you log into a secure system.

Ransomware Attack

Ransomware is a form of extortion where data is deleted or encrypted unless a ransom is paid, such as WannaCry. Minimize the impact of ransomware attacks by keeping your systems patched and backing up important data.

There are many more types of attack and anyone of them could be devastating for you or your company.