There are many types of cyber attack, some more serious and damaging than others. Whether it’s phishing, malware, denial-of-service attacks or ransomware, all can target vulnerable systems and pose a considerable threat to your business. This article answers the question of what is a cyber attack, describes the common forms of attack that you might experience and offers advice on how you can protect against them.

What is a cyber attack?

A cyber attack is a deliberate, malicious attempt to gain access to an information system belonging to another organisation or individual. There are multiple reasons for a cyber attack: the perpetrator usually wants to benefit from the disruption through theft of money or data, or compromising a company’s network. Such attacks can lead, in turn, to crimes such as identity theft and fraud. Some cyber attacks are targeted at specific organisations; others cast a wide net with the aim of disrupting as many networks, services and people as they can.

What sort of attack could affect your business?

The most common external security threats to businesses are:


Malicious software such as viruses, worms, ransomware and spyware that targets vulnerabilities in a network. It usually gains access through a user clicking a risky link or opening an attachment in an email. Once installed, it can infect the system with harmful programs, steal sensitive data or take down the whole network.


The sending of fraudulent communications, usually email, that appear to originate from a trusted source. The intention is to compromise the victim’s device with malware, or to gain personal data such as passwords or financial details.


Excessive network traffic that floods a system with the aim of tying up bandwidth and resources to ensure that the system cannot operate as normal. An extension of this is the distributed denial-of-service (DDoS) attack, where the attack is launched by multiple compromised devices.

Not all threats are external, however. Beware of security issues caused by human error, such as accidentally distributing sensitive data outside the organisation, or employees being careless about security policies. There is also a risk from dissatisfied employees or ex-employees wishing to harm your company.

How can you protect your systems?

The most important thing is to have an effective web, email, and data security solution in place. This will protect both your organisation and your employees from accidental or malicious breaches that could cause damage to your systems. A vital component of this is up-to-date virus protection: cyber attacks evolve constantly and keeping pace with antivirus updates is a simple way to guard against them. Also, make sure you monitor the software on your network: unpatched and out-of-date programs can contain vulnerabilities for attackers to exploit.

Finally, have a solid security incident response plan in place. If an attack is successful, this will serve to reduce its impact and enable you to fix the issue and get back to normal service as soon as possible.

All organisations, regardless as to size or type, are potentially vulnerable to cyber attack because every company has assets that might be worth exploiting. In order to minimise any financial, reputational or legal impact on your business, constant awareness of possible attacks and robust measures to protect against them are crucial best practices to follow.