Skip to content

Search Marco

    7 Common Cyber Attacks (and How to Protect & Defend your Business)

    By: Mike Burgard
    October 11, 2021

    Cybersecurity is an ongoing and growing concern for businesses because cyber criminals continue to use more sophisticated tactics and disrupt organizations. As businesses become more aware of how to protect their networks, attackers find new tricks and loopholes to bypass security measures.

    Attackers are going after businesses of all sizes, with 43% of cyber warfare aimed at small businesses, and only 14% are prepared to defend themselves. (Layr). And unfortunately, according to Cybercrime Magazine, 60% of small businesses close their doors within six months of falling victim to a large-scale cyber attack.

    What is a cyber attack?

    A cyber attack is an attempt by a person or group of people to gain access to a computer information system for their own personal gain, or as a means for launching cyber warfare against a business or individual. These types of computer attacks can lead to identity theft, manipulation of data, unauthorized access to vulnerable business systems, and more. 

    To help protect your business, we’ve compiled a list of the seven most common and most vicious types of attacks in network security—as well as tips for how you can protect and defend your organization.


    1. Phishing

    During a phishing attack, a criminal pretends to be someone else in order to bait your employees into handing over company data, authorizing bank transfers, or even revealing the terrible karaoke video of you that they promised they’d deleted. More sophisticated variants like spear phishing or whaling attacks use social engineering to make the impersonation seem ultra-realistic.

    How To Protect and Defend:

    Educate your employees. Then, put phishing prevention protocols in place, such as requiring employees to verify requests for sensitive information through multiple channels, or requiring two employees to sign off on such decisions. An investment in Data Prevention Loss (DLP) software doesn’t hurt, either.

    2. Malware

    The most invasive cyber attack is malware: unintentionally downloaded viral software that impacts your system’s performance. Common types of malware include:

    • Spyware — The attacker obtains information from your hard drive.
    • Ransomware — Key components of your network are blocked, and a ransom is demanded to regain access.
    • Keyloggers — The antagonist gains access to everything you type.

    How To Protect and Defend:

    Install antivirus software and keep it up to date. Familiarize yourself with tactics to avoid malware attacks, and share this information with your staff. Work with a trusted partner such as Marco to make sure the right technologies are in place.

    3. Brute Force

    Essentially, this is an invigorating game of “extreme password guessing.” The attacker collects information on the targeted user such as hobbies, interests, pet names, etc., and then compares these against a “dictionary” of common passwords. Once the cyber villain has access to login information, they’ll use bots to input these credentials across several different web platforms. This is known as “credential stuffing." The more accounts they control, the more the attack could cost you.

    How To Protect and Defend:

    Brute force and credential stuffing attacks rely on two things: A guessable password and the same login info across several platforms. You can protect your business by not having these things. Make sure you have a strong (or better yet, randomly generated) password, and a different login for every account you create.

    4. Denial of Service (DoS)


    A DoS attacker simply seeks to interrupt whatever product or service your website offers. They’ll overwhelm your site’s bandwidth capabilities, or close off access to a URL altogether. So what’s in it for them? Reminiscent of a playground bully, sometimes the satisfaction of knowing they hurt you is good enough. It could even be a premeditated attack from an immoral internet competitor.

    How To Protect and Defend:

    Basic network security and architecture go a long way. For higher-traffic sites, though, it would be worthwhile to have a third party DoS response team on speed dial.

    5. Man in the Middle

    The hybrid between eavesdropping and ventriloquism that nobody asked for. A MitM attack is when a cyber attacker is able to intercept a conversation between two trusting parties—usually an employee and client. The two parties believe they’re communicating as normal, but the criminal manipulates messages in order to gain access to private information.

    How To Protect and Defend:

    Strong encryption mechanisms (established by security experts) will prevent most MitM attacks. To combat the overachievers who still manage to make it through, try implementing tamper-detecting software, so that if a digital peeping Tom enters your conversation, you’ll know before it’s too late.

    6. Structured Query Language (SQL) Injection

    SQL injection is a type of cyber attack where the antagonist utilizes malicious codes to cause damage to website databases. Like an older brother looking for his little sister’s diary, the goal is for the attacker to gain access to consumer information that the site intended to be private. This kind of data breach is bad news for the average joe, but the more severe impact is on the company’s reputation.

    How To Protect and Defend:

    If you don’t understand coding, hire somebody who does. Working with a trusted partner like Marco can help you identify, assess, develop, and track complex IT issues like SQL injection.

    7. Cross-Site Scripting

    Cross Site Scripting (XSS) is similar to SQL injection, but with one main difference: The website admin will be unaware that anything has happened. The attacker still uses malicious code, but it’s embedded into the site with the intention of baiting users into clicking unsafe links and caches. It’s a small-scale, sneaky way to gain access to user information without altering the site layout or raising any red flags.

    How To Protect and Defend:

    Time to call the IT department again. Cross-site scripting issues are complex and it's best handled by professionals. If your IT team isn't familiar with cross-site scripting, we recommend partnering with a Managed IT specialist like Marco. Much like you can train a dog to sit, you can use code to train your website to recognize valid input data from users. Additionally, you can ensure that your browser interprets user queries the way that you intended.

    Prepare for Battle

    Cyber attacks are inevitable, but there are simple steps you can take to help prevent them from occurring. Working with an integrated business IT team at Marco can help create a plan to prevent, detect and respond to a cyber attack, as well as help to recover from one.

    Through a recurring assessment and review, Marco's IdentifyIT solution provides an ongoing, data-driven view of your IT risk. IdentifyIT leverages a specially designed set of industry tools and Marco's technical expertise to help you:

    • Identify your vulnerabilities.
    • Assess and prioritize possible actions.
    • Develop a roadmap to a more secure future.
    • Track your progress over time.

    It's all built on the National Institute of Standards and Technology Cyber Security Framework. With IdentifyIT, Marco serves as your guide to continually assess and improve the security of your IT environment.

    Learn more about a Risk, Security or Vulnerability assessment Get Started Today

    Topics: Small Businesses, Security, Network Security, Business Resiliency, #BeCyberSmart