What is an Attack-Vector?

Today is the start of Cyber Awareness Month. The goal is to ensure that all individuals and organisations have the information and tools they need to be safer and more secure online.

An attack-vector is a technique used to obtain unauthorised access to a system or network. It is important to be aware of the different methods used by hackers and know how to prevent exploitation in order to keep yourself and your business safe online.

Below we have a list of common attack-vectors and what you can do to stay secure.

Examples of the most common attack-vectors:

Phishing: is where a cybercriminal sends an electronic message to trick you into doing something insecure.

Tips for staying secure:

• Don't enter email address or passwords into links of an email. Visit the webpage via your web browser.

• Avoid opening attachments from recipients you don't know.

• Businesses can conduct staff awareness training and phishing simulations.

Weak Passwords: are the perfect recipe for data breaches. Easy to guess or default passwords create an easy way to gain foothold on a system or web service.

Tips for staying secure:

• Change default password when setting up a device

• Create unique & complex passwords

• Use a password manager.

• Businesses can educate their staff on the risk of weak passwords and password reuse.

Compromised username/password. Re-using username and password combinations creates an immense risk to user accounts. This is because when your email address and password combination are involved in a data breach, a hacker can try this combination against multiple services in an attempt to gain access to better information.

Tips for staying secure:

• Avoid reusing passwords by using a password manager

• Enable 2FA where possible.

Did you know: according to haveibeenpwned there are 11.5bn accounts involved in data breaches. These are just the one's that we are aware of!

Software Vulnerabilities: Updates to your devices and applications add new features but also fix security flaws. Hackers attempt to exploit these flaws to perform unwanted tasks on your networks and devices.

Tips for staying secure:

• Update your devices regularly

• Switch on automatic updates, where possible

• Businesses should conduct vulnerability assessments on their network, at least quarterly.

Malicious Insiders: Users with access to sensitive data and networks can cause extensive damage whether by misuse or malicious intent.

Tips for staying secure:

• Businesses should monitor data and network access, especially those of disgruntled employees.

• Services such as Microsoft 365 allow data classification and governance to dictate rules for handling important data.

Third-Party Vendors: "We're only as strong as our weakest link". Sometimes it may be difficult for a hacker to target a specific company or individual. However, if they could attack a trusted supplier, client, colleague or friend then this may give them room to pivot their attack.

Tips for staying secure:

• Cyber Essentials is a great way for businesses to understand and implement basic security controls. This will provide assurance to their customers that they take cyber security seriously.

• Businesses should consider adopting a zero trust approach