What is a cyber attack?
A cyber attack is deliberate exploitation of computer systems and networks using malicious software (malware) to compromise data or disable operations. Cyber attacks enable cyber-crimes like information theft, fraud and ransomware schemes.
Common types of cyber attacks
Malware is malicious software. It’s the chief weapon of a cyber attack and includes viruses, worms, trojans, ransomware, adware, spyware bots, bugs and rootkits. It installs when a user clicks a link or takes an action. When inside, malware can block access to data and programs, steal information and make systems inoperable.
Ransomware is malware used to blackmail victims by threatening to publish sensitive information or locking users out until a ransom is paid — often in cryptocurrency such as Bitcoin. IBM estimates ransomware attacks cost companies more than $8 billion globally in 2017.⁽¹⁾
Phishing typically uses email that appears to be from a trusted or reputable source. Unsuspecting users open the email and take further actions like providing protected information or downloading malware.
Man-in-the-Middle attacks get between two communicating parties to access and steal data — getting in between a user and a public Wi-Fi hub for example.
Denial-of-service (DoS) attacks inundate systems with traffic to consume resources and bandwidth and make them unable to perform.
SQL injection is short for Structured Query Language. These attacks install malware on servers and query the server to reveal protected information.
Zero-day exploits introduce malware through vulnerabilities unknown to the maker or user of software or systems. It is “zero-day” because developers have had zero-time to address or patch the vulnerability.⁽²⁾
Cyber attacks are perpetrated for financial gain through crimes like fraud or extortion, as with ransomware. There are cases where sabotage or revenge are factors. Think disgruntled employee. Cyber attacks also have a political dimension and are used in cyber-warfare.
Cyber attacks don’t always originate outside organizations. “According to white hat Dark Web professionals at Black Hat 2018, it appears that many hackers are certified professionals who operate as trusted time bombs and have already penetrated most organizations,” said ITBizAdvisor: ⁽³⁾
Can your business survive digital transformation?
IDC explains how digital transformation creates greater vulnerability for cyber-attacks and how cyber resilience can help.
View the video (02:16)
Why are cyber attacks significant?
The cost to businesses from cyber attacks and their consequences, such as data breaches, are devastating. According to the 2018 Cost of a Data Breach Study by Ponemon Institute, the average total cost of a data breach is $3.86 million.⁽⁴⁾
It’s more than dollars and cents. Cyber attacks can also…
- Damage brands and reputations
- Erode and even decimate customer loyalty
- Result in loss of intellectual property
- Put companies out of business
- Invite regulatory penalties
- Impair security for governments and states
- Increase potential for future attacks
Preventing cyber attacks would save organizations a lot of money and trouble, however, this may not be a practical approach. IBM contends that attacks are a matter of “when” not “if.”⁽⁵⁾ Former Cisco CEO John Chambers said, “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” ⁽²⁾
The numbers bear out this perspective. Cybersecurity incidents doubled in 2017⁽⁶⁾ and more than 2.9 billion records were leaked from publicly disclosed incidents.⁽¹⁾
2018 Cost of Data Breach Study by the Ponemon Institute Understand the implications and effects of a data breach.
Ponemon Institute's study of over 477 organizations around the globe details costs and impact of data breaches, with breakdowns by industry and country.
Key features of an effective response to cyber attacks
Given the prevalence, if not inevitability, of cyber attacks, organizations need to address response as much as prevention. IT analyst IDC notes that “as businesses adopt new technologies, their protection strategies must change to keep pace. These strategies must include stronger and more varied security mechanisms, but they must also include ways to recover quickly should a breach or an incident occur.”⁽⁷⁾
Organizations are adopting an approach of cyber resilience to gain this position of preventive security and rapid recovery.
Cyber resilience encompasses data protection, disaster recovery and business continuity and resiliency practices. It combines them with advanced technologies to assess risks, protect applications and data, and recover rapidly during and after a cyber attack. IBM, aligning with the IDC view, has identified a five-point, cyber resilience lifecycle:
Identify risks and vulnerabilities – Dynamic analysis (DAST), static analysis (SAST) and open source testing can help pinpoint business-critical applications and associated risks. Potential business impact of disruption is assessed against business continuity and disaster recovery readiness.
Protect applications and data – The goal is to safeguard applications and data before they are leveraged. Air gapping — physically separating data as a fail-safe — is an effective way to secure back-up data from infection, particularly against malware that can rapidly traverse and infect connected systems.
Detect data corruption and configuration anomalies – Organizations are looking to automated testing capabilities to detect changes in data and system configuration files, without disrupting business systems.
Respond to changes in configuration and data – Unauthorized changes in configurations and data need to be rapidly addressed. Dashboard technologies can provide real-time visibility into open vulnerabilities and enable rapid, if not preventive, response.
Recover access to critical applications and data – Should an attack be sustained, mission-critical applications and data (from air-gapped backup) must be restored rapidly. Automation and orchestration technologies use pre-determined workflows to restore an entire business process, application, database or discrete system with the click of a button.
IDC: Five key technologies for enabling a cyber resilience framework
A cyber resilience strategy considers how digital transformation breaks down the traditional safeguards. Discover practices and technologies to mitigate risks and support recovery in a controlled, measurable way.
Watch and learn about data protection
Discover services to help protect a business’s most valuable asset.
Watch the video (01:22)
Watch and learn about disaster recovery
The system is down. Get back up and running in minutes — maybe seconds.
Watch the video (03:10)
Watch and learn about business continuity and resiliency
Stay up and running in the face of human error, viruses and more.
Watch the video (02:24)
Find the latest analysis and insight from top IT business continuity and resiliency experts and leaders.
1. IBM X-Force Threat Intelligence Index 2018, IBM Security, March 2018 (PDF, 2.85MB)