Cyber crime is at an all-time high. While organisationsare tryingto counter cyber attacks, criminal hackers are becomingmore innovative and their attacks more sophisticated.What isacyber attack?
Cyber attacks are deliberate and malicious attempts to breach the information or information systems of individuals or organisations. The six most common types of cyber attack are:Malware malicious software used to breach information systemsbyexploiting network vulnerabilities. This usually happens when users click links and attachments that install harmfulsoftware. There are different types of malware, including spyware, ransomware, virusesand worms. Phishing a social engineering attack and the most common type of cyber attack entailing fraudulent communications appearing to come from a trusted source. Such attempts to steal sensitive information or trick people into installing malware often come via email. MITM (man in the middle) also known as an eavesdropping attack. The attackerintercepts and relays messagesbetween two parties thatbelievethey are interacting with each other. Once the attacker is in the conversation, they can filter,manipulateand steal sensitive information. DDoS (distributeddenial-of-service) bombard an organisation’s central server with simultaneous data requests. Multiple compromised systems are used to generate these data requests. A DDoS attack aims to stop the server from fulfilling legitimate requests,providing a situation forcriminalhackers to extort the victim for money. SQL (Structured Query Language) injection SQL is used in programming andisdesigned to manage data in relational database management systems. During SQL injections,criminalhackers insert malicious code into the server that uses SQL,which makes the server reveal sensitive information. Zero-day exploit when a network vulnerability is announced, there is a window of time before a patch or solution is issued. Within that timeframe, cyber attackers will try to exploit that vulnerability. Cyber attackprevention
To help prevent thesecyber attacks, organisations should implement an ISMS (information security management system). ISO 27001 is the international standard that describes best practice for an ISMS. Achieving certification to ISO 27001 demonstrates to existing and potential customers that an organisation has defined and put in place best-practice information security measures and processes.How vsRisk
helps organisations prepare for ISO 27001 certification.
You could invest time, effort and money in designing and deploying or have a consultant design and deploy a manual risk assessment methodology. Or save yourself a lot of time (80%) and money by deploying our risk assessment software tool, vsRisk, instead.vsRisk , out of the box, provides a robust ISO 27001-compliant risk assessment methodology, and dependably delivers each of our recommended five steps to a successful risk assessment. You don’t need to spend any time on developing your own risk assessment methodology or costly trial and error you can immediately get to work on the actual risk assessment, which means you get actionable results much sooner. You’ll find that you spend more time maintaining your risk assessment than you did setting it up, so it makes sense to lock in future efficiencies from the outset. vsRisk’s robust methodology means that upcoming risk reviews and further risk assessments can be performed quickly, consistently and cost-effectively. vsRisk has nearly ten years of development invested in it. It incorporates feedback and experience from hundreds of ISO 27001 risk assessments, and is supported by an ongoing investment and user support programme that regularly brings useful functionality and features to help you continually improve your ISMS.
Suitable for organisations of all sizes, vsRisk is a leading information security risk assessment tool that delivers fast, accurate, auditable and hassle-free risk assessments year after year.
Download our white paper , which describes the five key steps to completing a successful ISO 27001 risk assessment that will form the centre of your ISMS.
For more information on vsRisk and to sign up for a demo, please click here .