Understanding Cyberattacks

Visit BSI's Experts Corner: Home for insights from BSI’s practice directors and industry experts on Environmental, Health, Safety, Security, and Sustainability.

September 29, 2022 - As advancements in digital technology have revolutionized businesses across all sectors, this progress has also introduced new risks relating to cybercrime. In recent times, cyberattacks across the globe have crippled large multinational organizations and even governments. This trend doesn’t appear to be going away, emphasizing the need for organizational cybersecurity initiatives that everyone, not just cybersecurity experts, can understand.

The top five cyber-attacks businesses should be concerned about are malware, phishing, Man-in-the-Middle (MITM) attacks, Denial-of-Service (DoS) attacks, and Internet of Things (IoT) attacks.

  • Malware, viruses, worms, trojans, and spyware have lasting effects on systems and personal data. However, the one we hear about the most is ransomware. It’s consistently in the news and has taken down pipelines, factories, and caused massive supply chain disruptions. Ransomware essentially holds data hostage and won’t release it without some sort of payment to the attacker. It’s hazardous and potentially life threatening, and we’ve only recently realized just how disruptive it can be on infrastructure, hospitals, and businesses.
  • Phishing scams attack people’s careers and can destroy their professional reputation, business standing, and even personal lives. Data is stolen and then manipulated to blackmail a person or business.
  • Man-in-the-Middle (MITM) attacks may sound a bit like science fiction but are extremely prevalent. A “pineapple” device, or rogue Wi-Fi device, is launched and mimics a public Wi-Fi access point. Anyone can unknowingly connect to the device, granting hackers access to their data. Anyone is at risk the moment they connect to available Wi-Fi from airports to cafes, to libraries. The only way to mitigate this risk is by using a Virtual Private Network (VPN) when connecting to a public network.
  • Denial-of-Service (DoS) attacks lead to website crashes from server overloads or traffic floods. This can occur when a new product launches on a website and the server is flooded with requests to the point of system overload, grinding bandwidth to a halt. The systems cannot process or fulfill legitimate requests because of all the attacker’s traffic to the site. This can lead to sales losses, upset customers, and irreparable damage to brand reputation.
  • Perhaps the most worrisome attack is via Internet of Things (IoT). These attacks can specially target devices used in infrastructure such as smart locks and security systems. If a device is exploited, an attacker can gain access to the network and control the devices. Smart technology such as thermostats, cameras, and door locks can be exploited. It is crucial to understand how to protect your business with additional security messages such as two-factor authentication.

Some of the most common mistakes organizations make are not prioritizing cyber risk prevention or recognizing what attack vectors are specific to their environment. Often companies cannot answer the following questions:

  1. Who has access to our critical data?
  2. What is our critical data?
  3. Where is our critical data stored?
  4. When are changes made to or around our critical data?
  5. How is our data managed and secured?

It’s essential to ask these questions regularly and not just because of an audit. This will avoid the knee-jerk reaction or panic to find these answers when a breach occurs rather than a proactive action.

Organizations have a huge responsibility to ensure their employees, clients, and products or services are well protected from cyberattacks. Educating your workforce on the different types of threats they can face will help mitigate future risks and disruptions. Be an advocate and share best practices regularly. Security awareness isn’t a once-a-year compliance training, it should be part of your workplace culture.

This article was originally published Authority Magazine on April 17, 2022 under the title: Cyber Defense: BSI’s Kristin Demoranville On The 5 Things Every American Business Leader Should Do to Shield Themselves From A Cyberattack The content has been updated for this blog. Refer to the full article for Kristen Demoranville’s complete insights on this topic.

You can also read more of Kristin’s input in VMblog Expert Interview: BSI Provides Insight and Analysis on Cybersecurity Vulnerabilities and Emerging Trends, originally posted on June 28, 2022 for more on this important topic.

For more insight on EHS topics that should be at the top of your organization’s list visit BSI’s Experts Corner.