Understanding Cyberattacks: Examples and Protection Strategies for Businesses

What is a cyberattack? Causes and consequences

Cyberattacks have become a prevalent threat across various sectors, including healthcare, finance, and government. These malicious activities often involve unauthorized access to sensitive data, leading to devastating consequences for organizations and individuals alike. For example, the ransomware attack on Ireland's healthcare system in May 2021 was one of the largest in the sector's history, severely disrupting patient care and compromising personal health information. Just a few years later, in February 2024, the Change Healthcare cyberattack emerged as a significant incident, surpassing the previous attack in scope and impact, further illustrating the vulnerabilities within healthcare infrastructure.

‍

Healthcare isn't alone in facing these threats. Financial institutions, manufacturers, SMEs and governments are targets, with attacks resulting in significant data breaches and financial losses. As cybercriminals become more sophisticated, the urgency for organizations to enhance their cybersecurity measures and protect against these pervasive threats has never been greater.

‍

Definition: Cyberattack

A cyberattack is an attempt by a malicious individual or organization to breach the system of another individual or organization. The purpose of such an attack is to make a profit from intruding on others' information.

A cyberattack is like a virus, it finds its way onto a device by exploiting a security flaw in vulnerable software, or by tricking somebody into installing it.

‍

For instance, a cyberattack can include:

• Introducing malware into data (in order to damage or steal data)
• Disabling computers
• Shooting down systems
• Using a breached computer as a launch point for other attacks

‍

What are the different types of cyberattacks?

The rise of different types of cyberattacks is becoming more problematic as hackers, also called threat actors, start to combine techniques, making it increasingly difficult to identify and fight against cybercrime.

‍

Some of the common types of cyberattacks are:

• Phishing: sending emails that appear to come from a trusted source to steal sensitive data such as passwords, user information or credit card details.
• Malware: all types of malicious software such as viruses, worms, ransomware.
• Man-in-the-middle: an eavesdropping attack where a threat actor insert themself between two parties and use someone else's device as a source.
• SQL injection: insertion of malicious code into a SQL database which can reveal, modify, or delete data.
• Zero-day exploit: threat actors exploit an issue that has been announced to the public but has not yet been solved.
• DNS Tunnelling: threat actors exploit DNS traffic to carry out malicious activities.
• Denial-of-Service attack: the threat actors seek to disrupt a device or network’s traffic, temporarily or indefinitely.

‍

Some of the objectives of a cyberattack can be to steal, altar, expose, disable or destroy data, applications or other digital assets:

• Espionage
• Sabotage
• Extortion
• Reputational damage

A step-by-step guide of what happens during a cyberattack

To understand how to mitigate a cyberattack, you need to understand the different stages involved. Let's take the example of a company that falls victim to a data theft attempt:

‍

1 / First, the threat actor finds a loophole in the computing system. They could, for example, access the email account of a staff member who has not chosen a very secure password. The threat actor can also seize a stolen business device, or exploit any other breach in an application, server, or network.

The threat actor uses this to infiltrate the IT system and install malicious software. They can remain in this position for months as an observer, without attacking.

‍

2 / Then, the malware will explore the victim's computer network in search of other exploitable computer security flaws. It can connect to a botnet (a network of hacking bots) to expand its malicious code and strengthen its areas of action.

By opening multiple access points, the threat actor will then have a higher chance of success if the attack is detected.

‍

3 / Finally, the threat actor can infiltrate the computer network and seize confidential data, thereafter encrypting it to demand a ransom.

‍

4 / If, during the data theft process, the cyberattack has not been detected, the threat actor can remain in the system for months without revealing themselves. They may even return to the computer network to steal more information. The potential negative consequences for the company are virtually limitless.

Who is targeted by cyber threats?

A famous example of this kind of cyberattack is the Internet Research Agency (IRA). Among other things, this Russian organization created hundreds of fake accounts on social networks aiming to discredit the candidacy of Hillary Clinton in favor of Donald Trump (Source: What We Know About How Russia’s Internet Research Agency Meddled in the 2016 Election, 2018).

The State of the Phish 2020 report by Proofpoint shows that 75% of companies installed a new working-from-home model in 2020, yet only 39% of those have trained their employees on IT security. It is important to note that company weaknesses in the face of cybercrime are primarily related to human vulnerabilities.

‍

The Verizon 2019 study shows that 43% of companies affected by cyberattacks are SMEs, a statistic that has logically increased since remote work started to boom with the COVID-19 pandemic. Moreover, another survey underlines that 41% of VSEs have already experienced this type of online hacking.

According to an article by cybersecurity company LIFARS, IBM estimates that a company takes an average of 280 days to detect and contain a data breach, and return to normal activity. IBM’s report also claims that by reducing this response time to 200 days, a company could save $1 million in costs.

‍

What could the consequences of a cyberattack be?

Fallouts from cyberattacks depend on the category of cybercrime experienced.

DDoS attacks can mean a website becomes unavailable for long periods of time, therefore resulting in a loss of natural traffic or even reputational damage.

‍

Theft of industrial property and extortion of confidential data impact the company financially and also damage its reputation. It could also potentially result in penalties due to a violation of the General Data Protection Regulation (GDPR).

CEO fraud and other email misuse such as Business Email Compromises (BEC) result in heavy financial losses. Computer system infiltrations and other access breaches slow down or completely stop ongoing operations.

Cyber crisis management can be costly, especially due to the recovery of extorted or corrupted data.

‍

All these consequences can lead to a financial devaluation of the company. What’s more, insurance companies sometimes take advantage of the attack to increase their rates.

‍

How to protect yourself from cyberattacks

A multilayered end-to-end cybersecurity architecture is essential for protecting your company from cyberattacks.

Below are some actions you can take to protect yourself from cyberattacks:

• Audit your cybersecurity strategy
• Protect yourself with antivirus software, a firewall, a bot manager, or even a Security Event Information Management (SIEM)
• Train employees and management staff on human vulnerabilities that are a breeding ground for cybercriminals, using an IT charter or best practices guide
• Insist on the importance of strong passwords of more than 8 characters that are updated regularly
• Implement a crisis management plan in case of a security breach.
• Secure digital equipment and store physical backups of sensitive data in a locked room with limited access
• Make regular backups of your confidential data in order to keep a usable version in the event of a cyberattack

Risk reduction with CRQ

Cyber Risk Quantification (CRQ) offers a data-driven approach to measuring and managing cyber risk, enabling business leadership to make informed decisions about risk reduction. Unlike traditional qualitative assessments, CRQ takes a quantitative view of risk, allowing security leaders to translate complex cyber threats into financial terms that resonate with executive leadership. CRQ helps identify, assess, and prioritize risks based on potential impact, optimizing the allocation of resources to the areas that most effectively reduce risk.

C-Risk works with CISOs and risk professionals to operationalize their CRQ assessments with a goal of improving the allocation of resources, communicating with executive leadership and mitigating cyber risk across the organization. Schedule a complimentary 30-minute strategy session with a C-Risk expert to discuss how CRQ can improve your risk reduction.