Beginner’s Guide to Cyber Security

The threat is real. The growing media hype surrounding Cyber Security hacks is not
unfounded, the number and regularity of security breaches is increasing year on year with
90% of large organisations in the UK and 74% of SME’s, according to the 2015 Information
Security Breaches Survey, reporting some form of security breach. Unfortunately, the
statistics demonstrate that the threat is not dissipating and companies are at risk on a daily
basis with un-targeted and targeted attacks meaning anyone can become a victim.

 £1.46m – £3.14m - average cost of a cyber-attack to a large organisation

 £75k - £311k - average cost of a cyber-attack to an SME
 14 - The median number of breaches suffered by large organisations in a year
 4 - The median number of breaches suffered by SME’s

Source: Information Security Breaches Survey 2015, PWC

The technicality and complexity of cyber security often means that improper measures of
security are put in place. This guide aims to provide a greater understanding into the types
of cyber security threats present to organisations, an understanding of the key areas of
vulnerability in the organisation and a recommendations of what solutions to implement to
help reduce the chances of a breach.

Contents

1.0 What is Cyber Security

2.0 How do Cyber Security Attacks Occur?

3.0 Types of Cyber Security Attack

3.1 Phishing

3.1.1 Types of Phishing Attack

3.2 Malware
3.2.1 Types of Malware

4.0 How to Protect yourself from Cyber Security Threats

What is Cyber Security?

Cyber security is in essence the practices, processes & technologies that are designed to
protect data, networks, data, software, programs and computers from breaches, attacks,
damage and access by unauthorized users.

How do Cyber Security Attacks Occur?

In order to gain access to systems, networks and devices cyber attackers exploit
vulnerabilities in a company’s security armoury. There are three common types of
vulnerability as defined by the UK Government (2015) that a company can be exposed to:

 Flaws in software, network and device design – these are unintentional errors in
design that are exploited by attackers. Ensure that proper patch management is in
place so that you proactively update software and applications. Updates are brought
out to counter the influence of hackers within the system.
 Features – Features are elements of software that are intended to enhance user
experience but can be manipulated by attackers to breach a system
 User error – Regardless of how well designed security systems and policies that are
in place within a company all of these can easily be undone due to user error. User
error is still a critical flaw in any cyber security system which is why policies and
training must be in place to ensure that employees are aware of, can identify and
know how to respond to the presence of a cyber attack.
 User error related security breaches continue to rise:

75% of large organisations suffered user error related breach in last year – up 58% from last
year
31% of small organisations suffered user error related breach in last year – up 22% from last
year

Types of Cyber Security Attack

In order to make the right decision on the proper protection your business needs then you
must have a key understanding of the threats out there on the market as each threat has
unique properties. In this section of the guide, we will give you a greater understanding of
the most common cyber security threats putting you at risk:

Phishing

Phishing is one of the most common weapons at a cyber attackers arsenal. Phishing is an un-
targeted tactic and is the process of tricking a victim (whether an organisation’s staff or
customers) into imparting confidential information such as passwords and account details to
a third party via email, websites and instant messaging that masquerades as a trusted
entity. Phishing attacks commonly rely on social engineering to be successful manipulating
people into actions rather than hacking the system.

The lure is most typically sent via email and a modern day phishing attack can target large-
scale email addresses around the world that are obtained through security faults in retail
websites. There are a multitude of attack tactics used by phishers ranging from man-in-the-
middle attacks and key loggers, to complete re-creation of a corporate website, these
attempts are often very sophisticated which means customers can easily be fooled into
submitting personal, financial and password data.

Phishing emails can also contain attachments or links within the message that install
malware, spyware or Trojans on the user’s device, which collect a user’s credentials locally,
and are transmitted to the phisher.

Types of Phishing Attack

There are a considerable number of variations of phishing attack which are utilised by
cybercriminals, the following are a sample of the types of tactics utilised by attackers:

 Email Phishing – Is the mass distribution of messages which contain requests for
users’ to disclose some form of confidential information including verifying account
information or updating payment details.
 Spear Phishing - Spear phishing is a targeted form of phishing which takes the
principles of phishing sending emails masquerading as a legitimate entity but are
targeted to specific users or organisations.
 Man in the middle phishing (MITM) – This form of phishing technique is where
attackers position themselves in between the end user and a legitimate organisation
to record the confidential information being passed through. MITM can be one of
 the most difficult forms of phishing attack to detect as victims
transactions/interactions with the organisation are still submitted.
 Keyloggers and Screenloggers – Utilise forms of malware that monitor and feedback
keyboard input in order to fraudulently gain access to passwords and other
confidential information.
 Pharming – Also known as ‘phishing without a lure’ is a practice whereby malicious
code is installed on a user’s server which directs users to fraudulent websites
without their knowledge. This can be done by corrupting a user’s host file which will
take a user to the corrupted website even if they type in the correct web address. A
particularly sinister version of pharming is known as DNS (Domain Name System)
poisoning where users are directed to fraudulent websites without the need for
corruption of the personal host file.
 Malware Phishing – Is the process of download malware on a users’ device either
through an attachment in an email, a downloadable web file or exploiting software
vulnerabilities.

Malware

Malware is a term that encapsulates all types of software that are created with the
capabilities of corrupting and damaging a computer, network or device with malicious
intent. As an umbrella term malware contains a swathe of dangerous software that you can
potentially be at risk to. At its core, malware is designed to go undetected, hiding not only
users but detection mechanisms as well.

Incidents involving malware cyber attacks continue to plague both large and small
organisations in 2015 with nearly three-quarters of large organisations subject to malware
targeting and three-fifths of SME’s which was a 36% increase in the number of attacks on
small businesses on the previous years’ figures.

Types of Malware

Here we will explore some of the different types of malware present in the cyber security
environment:

 Viruses – A virus is a form of malware that replicates itself inside a users system to
the point where it can corrupt the system of destroy data.
 Worms – Like a virus, worms are a self-replicating computer program that penetrate
a users’ operating system with the intent of spreading malicious code. Worms utilize
networks to send copies of the original code to other computers, causing harm by
consuming bandwidth or possibly deleting files or sending documents via email.
 Trojan Horses – A Trojan horse is a destructive form of malware that masquerades
itself as a useful application performing one or more destructive tasks once
activated, such as stealing identity or financial data.
 Rootkits – A rootkit is a software or group of software that is designed to mask the
fact that your operating system has been corrupted. They enable malware such as
worms and viruses to infect your system by cloaking them as useful files to your
antivirus software. They are extremely difficult to detect due to the fact they corrupt
your system before it starts.
 Backdoors or Trapdoors - A hidden bypass to a program's security area, a backdoor
or trapdoor may be created by a programmer to expedite troubleshooting or for
some other innocuous purpose. But once discovered, the technique may be used by
an attacker to damage, destroy or steal data.
 Spyware – Is a form of malware that is installed on to a users’ computer aimed to
capture confidential information such as passwords, banking and credit card details.
Spyware is another form of malware hidden from the user in order to garner
valuable data.
 Botnets – Botnets are a network series of private, internet connected devices that
are infected with malware and controlled without a users’ knowledge. These devices
are then controlled to distribute phishing attacks, send spam and undertake DDoS
attacks.
 Distributed Denial of Service (DDoS) – A DDoS is a form of attack whereby a target
network, server or website is overloaded due to a number of devices (usually
malware infected) being made to hit those areas.
 Ransomware – Is a type of malware that encrypts files and blocks elements of your
PC or network with a threat to pay money, complete surveys, or perform other
actions those capabilities are released.
 Advanced Persistent Threat (APT) – Are covert attacks used with the purpose of
stealing data from a network or organisation. APTs are an attack to the network
which give an unauthorized person access to the network where they can stay
undetected for a long period of time.
How to Protect yourself from Cyber Security Threats
Now that you have an understanding of what cyber security attacks are and the types of
tactics that are used to exploit people and organisations, the key question is how do you
protect yourself? What is evidenced from the growing trend of attacks is that businesses can
no longer take a back foot or take the stance that it won’t be them to be affected, they must
invest in proper protection and processes to keep their confidential data and assets secure.

We will explore the basic measures that you should implement to secure your business but
if you are suffering from more sophisticated and targeted attacks, consulting with a data
security specialist is advised.

1. Establish Network Perimeter Defences – This is your first line of defence for
protecting your business from external threats. Our recommended solution includes
the implementation of Firewalls and Internet Gateways.
2. Purchase Malware Protection – This should include client anti-virus. Client anti-virus
and malware is in some ways the last line of defence for your business against a
cyber-security breach.
3. Ensure Continuous and Rigorous Patch Management- this should be for all devices
not just windows or client devices, but also all network devices.
4. Secure Configuration – networks and devices that use the default standard
configuration are often easy prey for hackers. Ensure that you change default
passwords, remove unnecessary user accounts and disable unapproved default
connections on desktop PCs and laptops as a starting point. Limiting data
permissions is also a good tactic that will limit the extent of damage meaning that
only a subset of data is affected.
5. Undertake User Training & Education – As mentioned previously in the guide, user
error is one of the key reasons why networks are breached. As a result, User
education needs to be top of the list and implementing internal (HR) policies and
procedures is one of the best defences.
6. Security Monitoring
7. Undertake a Security Risk Assessment
8. Have a Breach response policy in place and use penetration testing with 3rd party
testing to verify your secure configuration
9. Physical building security and visitor protocols – This one may not seem a key means
of protecting yourself but cyber security attackers can use social engineering tactics
to manipulate staff and get around secure network access.
10. Move scanning to the cloud (email in particular) – if it is scanned on premise, it’s
already in your network.