There are a number of types of security breaches depending on how access has been gained to the system:
An exploit attacks a system vulnerability, such as an out of date operating system. Legacy systems which haven't been updated, for instance, in businesses where outdated and versions of Microsoft Windows that are no longer supported are being used, are particularly vulnerable to exploits.
Weak passwords can be cracked or guessed. Even now, some people are still using the password 'password', and 'pa$$word' is not much more secure.
Malware attacks, such as phishing emails can be used to gain entry. It only takes one employee to click on a link in a phishing email to allow malicious software to start spreading throughout the network.
Drive-by downloads use viruses or malware delivered through a compromised or spoofed website.
Social engineering can also be used to gain access. For instance, an intruder phones an employee claiming to be from the company's IT helpdesk and asks for the password in order to 'fix' the computer.
In the security breach examples we mentioned above, a number of different techniques were used to gain access to networks — Yahoo suffered a phishing attack, while Facebook was hacked by an exploit.
Though we've been talking about security breaches as they affect major organizations, the same security breaches apply to individuals' computers and other devices. You're probably less likely to be hacked using an exploit, but many computer users have been affected by malware, whether downloaded as part of a software package or introduced to the computer via a phishing attack. Weak passwords and use of public Wi-Fi networks can lead to internet communications being compromised.
No comments:
Post a Comment