- Insider Threats – Someone in the organization either knowingly or inadvertently gives access to company data.
- Viruses and Worms – These can wreak havoc on a network costing the business downtime, lost productivity and money
- Botnets – Users unwittingly allow their computers to become part of a network that is used to launch Distributed Denial of Service Attacks. The computers are commanded to send requests to a company or site all at once, flooding the site with an influx of traffic and paralyzing the site.
- Drive-by Download Attacks –Attacks launched from infected websites. End users land on a page and the system gets infected with a keylogger or some other type of malware to steal information.
- Phishing Attacks – Typically emails that look like they are from a legitimate source, but often have a link designed to trick an end user into installing software or stealing information.
- DDoS (Distributed Denial of Service Attack ) – Coordinated attack by multiple machines on a single resource rendering it inoperable.
- Ransomware – The victim’s computer is locked and files are encrypted. A ransom is demanded by the hacker to provide the key to unlock the files. These attacks are crippling and very expensive.
- Exploit Kits – DIY hacking toolkit for novices to create their own malware.
- Advanced Persistent Threat Attacks – An intruder gains unauthorized access to a system and watches traffic to steal information typically over months or years.
- Malvertising –Cybercriminals inject malicious code on legitimate sites through advertising which redirects users to fake sites where the real fun begins.
Having a solid security strategy can help mitigate these types of threats. Firewall, security software, and system patching are essential. Arguably the most important defense is an educated end user who understands what not to click on and is aware how these types of attacks occur.