- What is the ideal web session timeout? - 15/05/2023
- Why is it important for companies to plan for internal threats? - 09/02/2023
- How pentesting differs in various operating systems? - 09/02/2023
Cyber security risk is a risk that could potentially harm the confidentiality, integrity and availability of the data through an attack either on asset, network or an application.
Most common cyber security risks are as below-
Ransomware: The ransomware attack has been active for a while. It has a potential to do great volumes of damage to an organization. The attack involves encrypting data on the machine. The data is held hostage until some price demanded by an attacker is paid. A lot of organizations have gone bankrupt and had to shut down their businesses.
Phishing: It is a kind of a social engineering attack which involves persuading someone to click on a malicious link to steal credentials and data. These attacks are very well crafted and can be spread through email attachments and links.
Awareness plays an important role here. It is important to verify the source of a message, email before downloading or clicking on anything.
Man in the middle attack: This kind of attack involves hijacking an active communication between two systems or two entities. Once hijacked, an attacker can either steal the information that is being shared or he can modify/alter the content affecting its integrity.
Some of the ways to prevent would be to encrypt the data in transit by using stronger encryption algorithm, enforce https and making sure that only private network is used for communication and exchange of data.
SQL injection: Since database has its own language, this attack makes use of carefully crafted SQL queries to interact with backend database and fetch data from it. It is crucial to filter the data that is being injected into input fields so as to make it avoid interact with the database.
DDOS attack: This attack attempts to overwhelm the target with constant flow of requests either from one or different sources. The end goal is to make target slow and unavailable to people using it.