“Houston, we have a problem.«Who doesn’t know the words of Jack Swigert, pilot of the Apollo 13 lunar mission? It was April 17, 1970, and just a year after Armstrong’s landing on the moon, but the Apollo 13 mission still seems like science fiction, very advanced technology. Something that yes, happened, but which is not perceived as real.
When it comes to IT risk, or digital risk, or Cyber Riskthe trap is always the same: deluding ourselves that it is something that yes, exists, but in some way that does not concern us, as if it had nothing to do with our everyday life. Nothing could be more wrong. Ransomware, Phishing, Spear phishing and Social Engineering these are just some of the dangers we run every day, especially since our life depends on a smartphone, we work on the PC and pay for everything with a credit card.
Cyber Risk is a phenomenon that affects everyone, without exception: from the little boy playing on the PC locked in his bedroom, to the owner of a large company. Here are the most common IT risks that you need to be on your guard against.
The most common cyber risks: intentional and unintentional
It is called Cyber Risk (or IT Risk) of «any risk of financial loss, destruction or even simply damage to the reputation of a brand, company or commercial entity that is attributable to a malfunction of the IT system» (words from the Institute of Risk Management).
What are we talking about when we talk about Cyber Risk?
Cyber risk can manifest itself in different forms. More in detail, it can manifest itself in two main ways: in the form of IT RISK, when it derives from accidental damage to IT systems; in the form of CYBER CRIME (computer crime), when it comes to criminal activities carried out at the hands of a third party.
In the case of IT RISK, the causes of damage to an IT system can be attributed by one party to a bad use of the systemdictated more than anything by superficiality or lack of IT awareness (which is too often underestimated in offices or companies): unauthorized access to the system, accidental errors by employees or those who work there, a clumsy attempt at server maintenance, an infection, up to the simplest loss of tools useful for access; or it could be simple episodes of machinery malfunction, which could be the fault of poor maintenance of the server or, more simply, bad luck (think of a fire that destroys the machinery).
The most widespread cyber risks: cyber attacks
Obviously, the case of a CYBER CRIME, or a computer attack, is different. In this case, the damage to a server or IT infrastructure is an objective pursued by malicious individuals and it is in all respects a criminal activity.
The Cisco Annual Cyber Security Report reports some of the most common cyber attacks:
- Malware: any computer program capable of taking control (total or partial) of a device to collect private information, create malfunctions, encrypt data or even block access. These are predictable phenomena, but not too predictable: they can often arrive through a simple email, an attachment, a link or an advertising banner, or an app to install, but also with websites created specifically to infect the system. → Sometimes it can happen that the malware forces you to pay a ransom to access the device again; in this case we are talking about ransomware (from “ransom”, “ransom” in English).
- Phishing: IT scams aimed at extorting information and personal data from victims (for example passwords or any other access code) by «masquerading» as a reliable body or authorized person. This is the very frequent case of fake counterfeit emails from banks, post offices, insurance companies and so on.
→ This is a crime that is part of the family of Social engineeringa Cyber Crime technique that aims precisely at the manipulation of people/users.
- DDOS (literally “Distributed Denial of Service”): cyber attacks capable of interrupting the continuity of a service, making some services inaccessible, sometimes temporarily, other times permanently. It usually manifests itself through the sending of a very high number of requests and/or communications.
- The Man in the Middle (MITM or MIM): a type of cyber attack in which a third party, often via a public and unprotected WiFi network, re-transmits or alters communication between two parties who instead think they are communicating directly with each other. The objective can always be to extort sensitive data («sniffing») or, rather, to modify and/or alter the content of a web page («spoofing»), falsifying the information.
- Today: A vulnerability of any kind on a computer security system that the developer or company responsible has not yet identified, but which is being exploited to pursue criminal and system hacking objectives. They are called «0-day» because from the time the vulnerability is discovered until someone can exploit it, the developer has «zero days» to fix the error.
- Spam: Sending messages (email, chat, tag boards, forums, Facebook and other social media) so obsessively that they are unwanted, usually through generic, unverified or unknown addresses. Also known as «junk mail».
The most widespread cyber risks: how to defend yourself
Hoping not to run into a cyber attack, nowadays, is a bit like taking a dip in the sea and thinking you won’t get wet. At the same time it is true that, when it comes to digital technology, 100% security does not exist.
The best solution, as usual, is to rely on the intervention of expert consultants. But this does not mean that we cannot adopt daily solutions that at least help prevent a cyber attack; antivirus, security devices, controls, private and secure wifi networks, double factor authentication, the stipulation of a Cyber Risk Insurance up to the use of a simple password, they are all fundamental tools in the hands of those who have to manage an IT system every day. Together, of course, with a bit of common sense and staff training, which is never a waste of time.
latest posts published
Lokky, the Italian data driven insurtech for professionals and SMEs
An ally for cyber security: Load Balancing
Business Trend 2023 for SMEs, professionals and commercial activities
Occupational risks for pastry shops
How to read a pay slip
What are the most common cyber risks and how to protect yourself
Clinical Risk: What it is and What are the consequences
Commercial activities most affected by theft
October is European Cyber Security Month
