Cyber crime is at an all-time high. While organisations are trying to counter cyber attacks, criminal hackers are becoming more innovative and their attacks more sophisticated.
What is a cyber attack?
Cyber attacks are deliberate and malicious attempts to breach the information or information systems of individuals or organisations. The six most common types of cyber attack are:
- Malware – malicious software used to breach information systems by exploiting network vulnerabilities. This usually happens when users click links and attachments that install harmful software. There are different types of malware, including spyware, ransomware, viruses and worms.
- Phishing– a social engineering attack – and the most common type of cyber attack – entailing fraudulent communications appearing to come from a trusted source. Such attempts to steal sensitive information or trick people into installing malware often come via email.
- MITM (man in the middle)– also known as an eavesdropping attack. The attacker intercepts and relays messages between two parties that believe they are interacting with each other. Once the attacker is in the conversation, they can filter, manipulate and steal sensitive information.
- DDoS (distributed denial-of-service)– bombard an organisation’s central server with simultaneous data requests. Multiple compromised systems are used to generate these data requests. A DDoS attack aims to stop the server from fulfilling legitimate requests, providing a situation for criminal hackers to extort the victim for money.
- SQL (Structured Query Language) injection– SQL is used in programming and is designed to manage data in relational database management systems. During SQL injections, criminal hackers insert malicious code into the server that uses SQL, which makes the server reveal sensitive information.
- Zero-day exploit– when a network vulnerability is announced, there is a window of time before a patch or solution is issued. Within that timeframe, cyber attackers will try to exploit that vulnerability.
Cyber attack prevention
To help prevent these cyber attacks, organisations should implement an ISMS (information security management system). ISO 27001 is the international standard that describes best practice for an ISMS. Achieving certification to ISO 27001 demonstrates to existing and potential customers that an organisation has defined and put in place best-practice information security measures and processes.
How vsRisk™ helps organisations prepare for ISO 27001 certification.
You could invest time, effort and money in designing and deploying – or have a consultant design and deploy – a manual risk assessment methodology. Or save yourself a lot of time (80%) and money by deploying our risk assessment software tool, vsRisk, instead.
- vsRisk, out of the box, provides a robust ISO 27001-compliant risk assessment methodology, and dependably delivers each of our recommended five steps to a successful risk assessment. You don’t need to spend any time on developing your own risk assessment methodology or costly trial and error – you can immediately get to work on the actual risk assessment, which means you get actionable results much sooner.
- You’ll find that you spend more time maintaining your risk assessment than you did setting it up, so it makes sense to lock in future efficiencies from the outset. vsRisk’s robust methodology means that upcoming risk reviews and further risk assessments can be performed quickly, consistently and cost-effectively.
- vsRisk has nearly ten years of development invested in it. It incorporates feedback and experience from hundreds of ISO 27001 risk assessments, and is supported by an ongoing investment and user support programme that regularly brings useful functionality and features to help you continually improve your ISMS.
Suitable for organisations of all sizes, vsRisk is a leading information security risk assessment tool that delivers fast, accurate, auditable and hassle-free risk assessments year after year.
Download our white paper, which describes the five key steps to completing a successful ISO 27001 risk assessment that will form the centre of your ISMS.
For more information on vsRisk and to sign up for a demo, please click here.