What are the most common cyber attack?

Cyber crime is at an all-time high, and at the same time as organizations are trying to counter these attacks, criminal hackers are becoming more innovative with the different types of cyber attacks they are choosing to deploy.

What is a cyber attack?

Cyber attacks are deliberate and malicious. They are attempts to breach the information or information systems of individuals or organizations. The following list points out the six most common types of cyber attacks:


Malware is malicious software used to breach information systems by exploiting network vulnerabilities. This usually happens when users click links and attachments that install harmful software. There are different types of malware including spyware, ransomware, viruses, and worms. Malware can have a variety of malicious capabilities:

It can block access to the network or parts of the network

It can install other malware

It can secretly copy data from the hard drive and transmit it

It can disrupt the system and make it inoperable 

According to the NTT Security 2018 Global Threat Intelligence Report, ransomware attacks increased globally by 350% in 2017 compared to 2016. It’s therefore important that organizations prepare for such attacks. Web application penetration testing can identify vulnerabilities within an organization’s website before cyber criminals can exploit them. 


Phishing is a social engineering attack entailing fraudulent communications appearing to come from a trusted source. Attempts to steal sensitive information or trick people into installing malware often come via email.

Phishing is the leading cause of cyber attacks worldwide. As such, staff must be trained to recognize phishing emails and what to do when they receive one. Our Phishing Staff Awareness Course will prepare your employees to be alert, vigilant, and secure. 

Man-in-the-middle attack

A MITM (man-in-the-middle) attack is one where the attacker intercepts and relays messages between two parties who believe they are interacting with one another. It is also known as an eavesdropping attack, and once attackers are in the conversation, they can filter, manipulate, and steal sensitive information.

One way to protect your organization from such attacks is to encrypt data. Companies should also put in place auditing and monitoring so that they are kept aware of staff activities. Learn more about how your organization can implement effective information audits. 

Distributed denial-of-service attack

DDoS (distributed denial-of-service) attacks bombard an organization’s central server with simultaneous data requests. Multiple compromised systems are used to generate these data requests. A DDoS attack aims to stop the server from fulfilling legitimate requests, providing a situation for criminal hackers to extort the victim for money.

The timeline of a DDoS attack can vary, with 15% of attacks lasting as long as a month. Blindly implementing solutions to protect against DDoS attacks only resolves the immediate problem and leaves vulnerabilities in the system as a whole. Using a risk assessment tool takes a strategic approach to identify areas of vulnerability for DDoS attacks. 

SQL injection

SQL (Structured Query Language) is used in programming and is designed to manage data in relational database management systems. During SQL injections, criminal hackers insert malicious code into the server that uses SQL, which makes the server reveal sensitive information. 

SQL injections can be prevented by monitoring users in the application with whitelisting and blacklisting. They can also be protected against using network prevention systems such as firewalls.

Zero-day exploit

When a network vulnerability is announced, there is a window of time before a patch or solution is used to fix the issue. Within that timeframe, cyber attackers will exploit the vulnerability. 

Constant monitoring is necessary in order to protect against this form of cyber attack. Infrastructure penetration testing can identify your network’s vulnerabilities before cyber criminals do. 

Cyber attack prevention

With all the different types of cyber attacks, it’s important to implement an ISMS (information security management system). ISO 27001 is the international standard that describes best practice for an ISMS. Achieving certification to ISO 27001 demonstrates to existing and potential customers that an organization has defined and put in place best-practice information security processes.

Implementing an ISMS can be a challenge for a lot of organizations. IT Governance has helped more than 600 clients achieve ISO 27001 certification worldwide. 

Discover the most comprehensive mix of available on the market.