Blog Articles

What kinds of cyberattacks are the most common?

Due to the varied nature of computing and Internet uses, hacking, cyberthreats and other malicious attacks cover a wide swath of virtual territory. There are differences in the code used to gain entry, the programming tactics used to access valuable information, the intent of the hackers and the data they're targeting. Other, more technical considerations, such as operating systems, server structure, firewalls and other protective measures also can play a part.

However, despite the many variables that exist in cyber security attacks, there are a few approaches used by hackers far more frequently than others. In fact, 92 percent of 100,000 security incidents analyzed by Verizon revealed nine distinct frameworks. Additionally, a total of three strategies are used in the majority of data breaches.

"There are a few approaches used by hackers far more frequently than others."


What attack patterns are the most common?
According to Verizon's report, the three most prolific cyberattack structures seen among businesses in 2013 were smash-and-grab incidents at the point of sale, physical ATM tampering and manipulation, and assured penetration technique breaches. These are instances wherein an individual or group pushes a system from the outside, attempting to find and document vulnerabilities for future exploitation.

While the issues with ATM tampering and the point of sale are certainly important considerations, they mostly apply to financial institutions and consumer-facing companies. The assured penetration technique breaches are more common across all types of business because they don't rely on a specific physical, accessible piece of equipment to succeed.

Long-term insight into different hacks
Beyond these three categories identified as the leading frameworks of 2013, Verizon also cited nine types of incidents that have made up an overwhelming portion of all cyberattacks since 2003. The categories include some equipment- or industry-specific issues such as credit and debit card skimming, but also encompass broader concerns. Problems such as attacks on business Web apps, insider misuse, crimeware - programs designed specifically to aid in the commission of crimes - and cyberespionage are all commonplace.

Based on the latest data available for the report, Web app attacks and cyberespionage are on the rise. These problems can affect any business, no matter their specific target market or operational structure.

One other area to note is the issue of miscellaneous errors. This covers a wide variety of mistakes made by staff who are in charge of sensitive data or who have to use sensitive data as a function of their job. CGMA Magazine, an industry publication for management accountants, pointed out that preventatively fixing problems related to miscellaneous errors - such as acquiring data-loss prevention software and educating staff on safe disposal of sensitive information - is important as part of a broader overall strategy to prevent breaches.

The protections businesses need
Just as the source, tools and methods used in cybercrime vary greatly, so do the results of such attacks. While the most popularly reported and discussed incidents have involved consumer information accessed through a business database, there are plenty of instances where the organization itself is the target. In the end, no matter the particulars of an attack, the result is always negative. Companies that aren't taking the right steps in terms of cyber defense are leaving themselves vulnerable to many undesirable outcomes. Using a platform such as NC4 Mission Center allows businesses to maintain integrity and availability of data while protecting against unauthorized access and exploitation of that same information.


Back to Cyber Security | Back to All Categories