What are the most common cyber risks and how to protect yourself


Houston, we have a problem.«Who doesn’t know the words of Jack Swigert, pilot of the Apollo 13 lunar mission? It was April 17, 1970, and just a year after Armstrong’s landing on the moon, but the Apollo 13 mission still seems like science fiction, very advanced technology. Something that yes, happened, but which is not perceived as real.

When it comes to IT risk, or digital risk, or Cyber ​​Riskthe trap is always the same: deluding ourselves that it is something that yes, exists, but in some way that does not concern us, as if it had nothing to do with our everyday life. Nothing could be more wrong. Ransomware, Phishing, Spear phishing and Social Engineering these are just some of the dangers we run every day, especially since our life depends on a smartphone, we work on the PC and pay for everything with a credit card.

Cyber ​​Risk is a phenomenon that affects everyone, without exception: from the little boy playing on the PC locked in his bedroom, to the owner of a large company. Here are the most common IT risks that you need to be on your guard against.

The most common cyber risks: intentional and unintentional

It is called Cyber ​​Risk (or IT Risk) of «any risk of financial loss, destruction or even simply damage to the reputation of a brand, company or commercial entity that is attributable to a malfunction of the IT system» (words from the Institute of Risk Management).

What are we talking about when we talk about Cyber ​​Risk?

Cyber ​​risk can manifest itself in different forms. More in detail, it can manifest itself in two main ways: in the form of IT RISK, when it derives from accidental damage to IT systems; in the form of CYBER CRIME (computer crime), when it comes to criminal activities carried out at the hands of a third party.

In the case of IT RISK, the causes of damage to an IT system can be attributed by one party to a bad use of the systemdictated more than anything by superficiality or lack of IT awareness (which is too often underestimated in offices or companies): unauthorized access to the system, accidental errors by employees or those who work there, a clumsy attempt at server maintenance, an infection, up to the simplest loss of tools useful for access; or it could be simple episodes of machinery malfunction, which could be the fault of poor maintenance of the server or, more simply, bad luck (think of a fire that destroys the machinery).

The most widespread cyber risks: cyber attacks

Obviously, the case of a CYBER CRIME, or a computer attack, is different. In this case, the damage to a server or IT infrastructure is an objective pursued by malicious individuals and it is in all respects a criminal activity.

The Cisco Annual Cyber ​​Security Report reports some of the most common cyber attacks:

  • Malware: any computer program capable of taking control (total or partial) of a device to collect private information, create malfunctions, encrypt data or even block access. These are predictable phenomena, but not too predictable: they can often arrive through a simple email, an attachment, a link or an advertising banner, or an app to install, but also with websites created specifically to infect the system. → Sometimes it can happen that the malware forces you to pay a ransom to access the device again; in this case we are talking about ransomware (from “ransom”, “ransom” in English).
  • Phishing: IT scams aimed at extorting information and personal data from victims (for example passwords or any other access code) by «masquerading» as a reliable body or authorized person. This is the very frequent case of fake counterfeit emails from banks, post offices, insurance companies and so on.

→ This is a crime that is part of the family of Social engineeringa Cyber ​​Crime technique that aims precisely at the manipulation of people/users.

  • DDOS (literally “Distributed Denial of Service”): cyber attacks capable of interrupting the continuity of a service, making some services inaccessible, sometimes temporarily, other times permanently. It usually manifests itself through the sending of a very high number of requests and/or communications.
  • The Man in the Middle (MITM or MIM): a type of cyber attack in which a third party, often via a public and unprotected WiFi network, re-transmits or alters communication between two parties who instead think they are communicating directly with each other. The objective can always be to extort sensitive data («sniffing») or, rather, to modify and/or alter the content of a web page («spoofing»), falsifying the information.
  • Today: A vulnerability of any kind on a computer security system that the developer or company responsible has not yet identified, but which is being exploited to pursue criminal and system hacking objectives. They are called «0-day» because from the time the vulnerability is discovered until someone can exploit it, the developer has «zero days» to fix the error.
  • Spam: Sending messages (email, chat, tag boards, forums, Facebook and other social media) so obsessively that they are unwanted, usually through generic, unverified or unknown addresses. Also known as «junk mail».

The most widespread cyber risks: how to defend yourself

Hoping not to run into a cyber attack, nowadays, is a bit like taking a dip in the sea and thinking you won’t get wet. At the same time it is true that, when it comes to digital technology, 100% security does not exist.

The best solution, as usual, is to rely on the intervention of expert consultants. But this does not mean that we cannot adopt daily solutions that at least help prevent a cyber attack; antivirus, security devices, controls, private and secure wifi networks, double factor authentication, the stipulation of a Cyber ​​Risk Insurance up to the use of a simple password, they are all fundamental tools in the hands of those who have to manage an IT system every day. Together, of course, with a bit of common sense and staff training, which is never a waste of time.

latest posts published

Lokky, the Italian data driven insurtech for professionals and SMEs

Lokky, the Italian data driven insurtech for professionals and SMEs

EconomyUp interviews Paolo Tanfoglio and Sauro Mostarda, Co-founder and CEO of Lokky Awarded as 'Best ...
An ally for cyber security: Load Balancing

An ally for cyber security: Load Balancing

Having a fast, high-performance and reliable website is a non-negligible aspect for those who have ...
Business Trend 2023 for SMEs, professionals and commercial activities

Business Trend 2023 for SMEs, professionals and commercial activities

The main trends of 2023 that you will need to consider in your business Digital ...
Occupational risks for pastry shops

Occupational risks for pastry shops

The pastry chef's activity involves the production of confectionery products, from the preparation of the ...
How to read a pay slip

How to read a pay slip

In collaboration with our partner F2Dwe decided to delve deeper into the elements that make ...
What are the most common cyber risks and how to protect yourself

What are the most common cyber risks and how to protect yourself

“Houston, we have a problem."Who doesn't know the words of Jack Swigert, pilot of the ...
Clinical Risk: What it is and What are the consequences

Clinical Risk: What it is and What are the consequences

In recent years, the responsibility of healthcare facilities has increased significantly and with this also ...
Commercial activities most affected by theft

Commercial activities most affected by theft

Theft, shoplifting and armed robberies are a plague for Italian traders. In Europe, Italy is ...
October is European Cyber ​​Security Month

October is European Cyber ​​Security Month

October is the European month dedicated to cybersecurity, a good opportunity to acquire new awareness ...
Estimating cyber risk: importance and difficulties encountered

Estimating cyber risk: importance and difficulties encountered

The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable ...

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *