Businesses used to be able to easily understand the threats they faced: financial liquidity, changing customer behaviour, and staff morale. However, while these threats will always exist – and still pose a significant threat to businesses to this day – cyber threats are now a factor for virtually every business. The two attacks described in this article, DoS and Phishing, are not new: however, they are still important to understand and mitigate against for all businesses.
Denial of Service attack (DoS)
A denial of service attack, or a distributed denial of service attack, is the name given to an attack which overwhelms a computer system. The most common form of DoS attack is through a coordinated effort to disrupt the service of a website, by instructing automated bots – sometimes referred to as bot nets – to target web hosting servers with repeated requests. This leads to the hosting servers becoming overwhelmed and failing for all users who are legitimately trying to access the website.
The threat of these attacks can best be mitigated through a dedicated IT support team which can respond in real time to DoS attacks. IT professionals can blacklist the threat coordinators and bots from accessing the servers, limiting any impact on the website.
Phishing attacks are among the most common cyber attacks businesses face in the modern age. They work for one very simple reason: they rely on human beings as the last line of defence.
In a phishing attack, a cybercriminal will attempt to fraudulently gain access to a computer system using social engineering or electronic manipulation. One particularly common method involves a criminal spoofing an email address, making it appear legitimate to the recipient. The email would usually include a link to a website which prompts the receiver to enter sensitive data, such as their username and password. Once the criminal has the sensitive data, the damage they can cause to a business system is immeasurable.
The best preventative against these attacks is education around cyber threats and how email spoofing works. This can be delivered most effectively through a dedicated IT support team, who will have the knowledge to share with colleagues best practices and what steps to take if they suspect a phishing attack is taking place.