By Mark Johnson
Cybercrime and Open Source Intelligence professional (ISACA CISM)
What action does your company need to take to ensure your staff know the risks associated with cybercrime? Here Mark Johnson, a certified information security manager and open-source intelligence expert, identifies 3 of the most significant cyber security risks that could be affecting your organisation right now.
1. Malware infections. These occur when a link is clicked on in a cleverly-worded spam email, known as a 'phishing' email. You don't need to download anything in order to become infected; merely visiting the page can be enough to trigger the malware attack. Malware will spy on your activities, steal your data, or even take over your device.
2. Social media ploys. After criminals have identified people working at a given firm, cyber criminals create fake social profiles that are appealing to unsuspecting targets, exploiting security flaws in sites like Facebook. They try to 'friend' their targets in order to engineer them into giving up share sensitive data. Another common approach involves sending fake emails that appear to come from a senior manager's personal account, asking staff for copies of email lists. The stolen emails are added to spam lists.
3. Denial of service. This form of attack usually takes the form of a flood of messages sent to the web servers of a victim, such as a bank or government body. However, any company can be a victim and the attackers can range from state agents to angry former employees or clients. Most cyber-attack methods seen online are used by a very wide range of people; a Russian spy and an angry customer from London may well employ identical techniques against you.