October is Cyber Security Awareness Month and Laurie Doyle explains why, with 2.1 million malicious cyber campaigns reported in 2022, it’s more important than ever to know how to protect yourself online.
Cyber security is the means by which individuals and organisations reduce the risk of being affected by cyber-crime.
Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets, and computers), and the services we access online - both at home and work - from theft or damage. It's also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online.
The power of three
There are numerous types of cyber-attacks, from Denial-of-service (DoS), which is when an attacker aims to overwhelm a computer, network, or service with the goal of making it unavailable to users, to code injection, when an attacker introduces malicious code into an application.
These attacks impact people and organisations every day, with the cost of cybercrime in the UK alone estimated to be £27 billion.
I want to highlight three of the most common cyber-attacks to watch out for.
Phishing is one of the most common forms of cyber-attack. It involves an attacker trying to trick you into providing them with sensitive information, clicking on a link which downloads malware onto your device, or accessing a fake website where they can steal your credentials.
To avoid falling victim to these attacks, it’s important to be aware of what to look out for. Phishing is most often done via email and can use the appearance of a legitimate organisation or an urgent deadline to pressure you into doing what they ask.
The National Protective Security Authority (NPSA) has created useful resources for their phishing awareness campaign 'Don’t Take the Bait!’. The campaign is based on the principle that if you can increase awareness of the scam techniques which are often deployed, employees will be more likely to spot an attack.
Malware is an umbrella term for types of malicious software that attackers can use to steal your data and damage or take control of your devices. Some common examples of malware include viruses, ransomware, and Trojan horses. Examples you may not have come across as frequently include spyware, ads, and worms.
To protect yourself from malware, the National Cyber Security Centre (NCSC) recommends the following steps:
- use up-to-date antivirus and anti-malware programmes;
- create regular backups of your data and install security updates as soon as they become available;
- if your work device does get infected, immediately disconnect it from wired or wireless networks and follow your organisation’s incident reporting process.
Passwords are one of the most straightforward ways to protect our information. Unfortunately, attackers can use numerous methods to discover passwords and weak ones can be cracked in seconds.
Methods attackers use include brute-force attacks, where they use a computer programme to repeatedly try to guess the password, and password spraying, where they use a list of common passwords to try and hack into account.
To make sure you’re keeping your accounts secure, NCSC recommends creating longer, more unusual passwords using three random words. These should avoid common passwords that can be easily guessed (such as ‘ABC123’ or ‘password’), significant dates, or family and pet names, as much of this information can be found on your social media profile.
You should also avoid using the same password across multiple accounts, so that if one is compromised, it doesn’t allow attackers to access all your information.
In last year’s National Cyber Security Centre Annual Review, Sir Jeremy Fleming, Director of GCHQ, said: “We must be able to trust the systems that connect us, that enrich our lives economically and socially. And that means that cyber security matters to everyone”.
What I have shared here are just a few tips on how to avoid falling victim to three of the most common types of cyber-attack, which can help build the trust that Sir Jeremy describes, along with the associated benefits.
There is plenty more information available online too. Check out the NCSC website, where you can learn more on the types of attack which could affect you or your organisation.
Laurie Doyle is a Junior Security Analyst in the Defra Security Academy, and a co-chair of the Defra Digital Data and Technology Shadow Executive Board.
We’re always on the look-out for great talent. If you are interested in a career in the Defra Security team, please visit our recruitment hub for more information about the current roles on offer.