The new year in Portugal brought to the table a new old topic: cybersecurity. Although it’s not something new, the recent attacks on Impresa group and Vodafone showed that we are all at the mercy of hackers and that we have to take precautions not to be the next victims.

Deeper research was done by our Fullstack Developer, Mauro Alberto, where after all the information collected and the analysis done, he shared all the material in a meeting with everyone at PIPECODES which was very enriching and enlightening.

An introduction to the topic of cybersecurity was then covered, followed by how hackers carry out their attacks on companies. Remote work security is also a topic that will be mentioned here, along with what whale threats are and how not to fall into their traps.

A short introduction to cybersecurity

In the world we live in today, having zero knowledge of computer security and surfing the Internet at the same time is making the day for hackers all over the world, and if they can target the company that employs you, all the better, because not only can you put yourself at risk, but you can cause irreparable damage to the company.

Computer security or cybersecurity is the protection of computer systems. It can be against theft or damage to hardware, software, or electronic data, as well as interruption or disorientation of the services they provide. The number of cyberattacks is increasing and investing in computer security is a must since it helps keep data safe from being stolen or altered and protects against viruses.

So let’s start by looking at the most common types of cyberattacks.

Types of Cyberattacks

What is a cyberattack? We can define a cyberattack as an abusive action that targets personal computing devices, computer information systems, or infrastructure computer networks with the objective of altering, stealing, or destroying information systems or data. There are several types of cyberattacks, but we will focus on malware, man-in-the-middle, phishing, and password attack.

Malware:

Malware is any software that is intentionally made to cause damage to a computer, server, or computer network. It usually appears when you download items you are not aware of. The four most common types of malware are Trojan, Adware, Spyware, and Ransomware.

Man in Middle:

It’s where the hacker manages to get between the servers and the end-user. The hacker can find out the end-users IP and intercept the communication. Accessing insecure Wi-Fi networks is a danger, and hackers also have access to existing hardware (specific antennas) that can pick up information “literally” out of the air.

Phishing:

This is a type of attack in which a hacker sends fraudulent e-mails that look like they come from a trusted source. They may either want to obtain personal information (credit cards, login credentials) or install malware on your PC.

Password Attack:

This attack happens when the hackers try to find out someone else’s pass, try to get the most used passwords (123456, qwerty), guess questions from emails. To avoid this, recent apps always ask for 8 digits with Capitals, mixed cases, and Symbols.

Image source: https://www.slanecartoon.com/

Cyberattacks on companies

As the world becomes more computerized, more of these attacks will happen. When they are made to organizations they create colossal losses, because with little effort they can create brutal losses to companies. Now let’s take a look at the most common attacks against companies:

Within attacks on companies, there is a very specific one that refers to attacks on the company’s top ranks, known as Whalling Threats.

Whalling Threats

Whalling threats is a method used by cybercriminals to disguise themselves as people in high positions in the organization and directly target people in high positions, with the aim of stealing money, sensitive information, or gaining access to their computer systems.

They usually choose the person because of his or her title, visibility, or high-level access privileges. Hackers know that people in high positions in a company are well-informed, so they are harder to fool.

That is why Whalling Attacks are known for their sophistication and their features are:

Knowing what hackers’ social engineering methods are can help prevent future attacks.

Social Engineering: Using trickery and manipulation in order to disclose personal and confidential information

In order to achieve their goals, they even create fake accounts, start linking to the target’s connections to make themselves seem more trustworthy (for example, on LinkedIn). Hackers also google the person (to see habits, interests, agenda), travel itineraries, public appearances, and even search for the target’s family.

Next, let’s look at how we can improve the shift from working in the office to working at home.

Safety in Remote Working

Due to the pandemic raging around the world, CISO (Chief information security officer) everywhere were faced with a huge challenge: How to get people out of the safety of the office and get them safely into the insecure environment of your home.

It is a challenge to get out of office security as we have many tools/controls there in the office and on the network. We don’t have the same controls in our home. So in doing this, there are factors to consider:

Having seen the types of attacks that we can be targets of, let’s now look at some tips to avoid future attacks.

No one wants to see their compromised system or protected company information (which may be the company’s or their customers’) in the hands of random hackers. To avoid this, we have to keep a few points in mind:

Image source: https://cybersecurityventures.com/

To conclude

It is said that there are those companies that have already been targets of attack and those that have not yet been. Companies usually only worry about security when something happens. It is something that is left to the background in startups. Security cannot be treated as something that happens every 2 months. It has to be something continuous.

I hope you have gotten some basics of computer security.

#PIPECODES #DigitalTransformation #Tech #Cybersecurity  #CybersecurityAwareness #Hackers #Digitalsecurity

The post Cybersecurity for beginners appeared first on PipeBlog.