Common Cyber Attacks: Reducing the Impact
GCHQ - Common Cyber Attacks: Reducing The Impact
Your organisation’s computer systems - and the information they hold - can be compromised in many ways. It may be through malicious or accidental actions, or simply through the failure of software or electronic components. And whilst you need to consider all of these potential risks, it is malicious attack from the Internet that is hitting the headlines and damaging organisations.
This report has been produced by CESG (the Information Security Arm of GCHQ) with CERT-UK, and is aimed at all organisations who are vulnerable to attack from the Internet. The paper helps CEOs, boards, business owners and managers to understand what a common cyber attack looks like. Using real case studies where the attackers used readily available off-the-shelf tools and techniques, it provides a rationale for establishing basic security controls and processes (such as those set out in the Cyber Essentials Scheme). Understanding these attacks can help you manage the most common cyber risks faced by your organisation.
More specifically, this paper covers:
- The threat landscape - the types of attackers, their motivations and their technical capabilities.
- Vulnerabilities - what are they, and how are they exploited?
- Cyber attacks, stages and patterns - what is the ‘typical’ structure of a cyber attack?
- Reducing the impact of an attack - what controls are needed to reduce the impact of common cyber attacks?
- Case studies - real world examples that demonstrate how cyber attacks have caused financial and reputational damage to major UK businesses.