menu close
  • Back

Cyber attacks continue to be on the rise, affecting even more businesses and entities in 2022 than in any year previous. As we look ahead into the new year, the attacks aren’t slowing down. Learn about the various ways a cyber attack could threaten your business, along with strategies to stay safe into 2024 and beyond.

What is a cyber attack?

A cyber attack is any form of intentional and malicious digital intrusion or breach into an organisation’s software, systems, servers, networks or websites. Another entity, be it an individual hacker, an organisation, or even a state actor, perpetrates the attack, attempting to gain access to, damage, or destroy some element of the target organisation’s digital estate.

Cyber attack vs. cyber threat

These two terms are not interchangeable: a cyber threat is a potential attack, one that hasn’t launched against your business. A cyber attack is an actual or attempted targeting.

Cyber attack statistics in 2022

Cyber attacks continue to cause significant tangible damage to ANZ businesses. In 2022, Australians have lost over $72 million to scams.

One report found some sobering statistics:

93% of company networks are vulnerable to network penetration
Scams spiked 84% year over year
Small to medium businesses were 43% of targeted entities
A ransomware attack happens every 11 seconds

In the office (be it physical or virtual), top threats were ransomware, malware, phishing and remote access attacks.

Another report found that, since the onset of the COVID-19 pandemic, cybercrime has increased by an astounding 600%. The transition to remote work has destabilised some workers and created new liabilities, such as unsecured home Wi-Fi networks and unmanaged BYOD.

How does a cyber attack hurt businesses?

Cyber attackers are a creative bunch, and the list of ways they can hurt businesses is a lengthy one. Here are just a few examples:

Cyber attacks can cause operational disruptions by taking systems offline.
They can destroy customer trust through a data breach involving customers’ private information.
In regulated industries, certain breaches can create regulatory compliance nightmares, too.
Ransomware attacks can render systems inoperable and cost businesses in the millions should they choose to pay.

How does a cyber attack work?

In general, a cyber attack works because attackers gain access to or control of some element on the target business’s network. Once attackers gain access, they can execute any number of malicious actions, from stealing data to locking systems in demand of payment to disabling and damaging systems.

IT Security Checklist

Transform Your Cyber Defense: Prioritised Actions for Staying Ahead of Threats.


10 Common cyber attack methods

The specific methods and outcomes of cyber attacks can vary widely. Most attacks and threats fall into the following 10 categories.

1. Malware

A broad term that includes numerous kinds of malicious software. Malware finds a way into your company’s network or connected systems, often from a user clicking a malicious link or opening a malicious attachment. Once active, malware can execute a number of attacks, such as logging and stealing data in a data breach (spyware) or causing the system to fail entirely.

2. Ransomware

An especially dangerous and problematic subset of malware, ransomware attacks lock a business (or even a government agency or piece of critical infrastructure) out of infected systems and demand payment to regain access. Attackers may threaten to leak or sell confidential data if not paid. Businesses may be unable to function normally until systems are restored. Disaster recovery procedures are one way to combat this threat: if systems are properly backed up (prior to infection), they can usually be restored.

3. Phishing

Phishing attacks originate over communications, usually email. Phishing emails mimic an important, reputable sender (perhaps even a vendor a business is using, such as Microsoft 365) and push readers to click a link and provide sensitive information (login credentials, for example). The site is a fake and the data goes to the attacker, putting IT security at risk. Phishing attacks are common in both consumer and business contexts. Either way, the attackers are looking to steal personal information and gain account access.

4. Spear-phishing

Spear-phishing is highly targeted phishing: instead of sending an email to millions pretending to be Apple or a large bank, spear-phishing attackers research specific targets within specific organisations and then use social engineering to deceive their way in. They may pretend to be a high-ranking executive asking via urgent email for employees (sometimes by name!) to do something unusual and unsafe. The best attacks are indistinguishable to the average user, but they are also hard to execute successfully.

5. Whale-phishing

Almost the reverse of spear-phishing, whale-phishing attacks target those executives directly. Attackers may use targeted ransomware to steal or lock sensitive data or proprietary information.

6. Denial of service

Denial of service (DoS) attacks send high volumes of (fake) traffic to a server or other system, eating up all available bandwidth and choking out legitimate traffic. Malware installed across numerous machines can perpetuate this at scale, called a distributed denial of service attack (DDoS attack).

7. Man in the middle

An attacker who jumps in between what should be secure traffic between two parties is executing a man-in-the-middle attack. This threat can steal data from a transaction—and neither legitimate party will know. These attacks occur after malware is installed or when users operate on insecure networks (like public Wi-Fi).

8. Zero-day exploit

Software providers regularly discover—and patch out—vulnerabilities within their software. Sometimes an exploit becomes well-known, but the developer needs time to produce a fix. Zero-day exploits attack these known vulnerabilities prior to the patch. A related vulnerability is unpatched, out-of-date systems. Zero-day exploits are difficult to catch but rare. Breaking an old, unpatched system that’s widely known to be vulnerable is much easier.

9. Brute force

What most people think of when they hear the word “hack”: a brute force attack breaks into a system via sheer strength, whether by using bots and tools to guess password combinations at superhuman speeds. Vulnerability management tools can mitigate simple brute force attacks by limiting the number of login attempts before lock out.

10. SQL injection

SQL injection attacks work by injecting malicious code into an SQL database, usually for the purpose of stealing information contained in the database. SQL injection attacks can be executed using a text input field on a public-facing website, making them particularly worrisome.

How to combat cyber attacks

Understanding the dangers involved and the methods by which you may be attacked is a starting point, but implementing effective strategies to combat cyber threats is the true goal.

Secure your business

If you haven’t given much consideration to cyber security as an organisation, the first step is to take care of common-sense security vulnerabilities and gaps. Keeping software and firmware up to date across all systems takes effort, but it doesn’t require deep IT knowledge.

Even if you’re not working with a managed IT security partner, there are basic business-oriented steps you can take right away. As a place to start, the Australian government has assembled some initial tools to help you protect your business.

Once you have those basics in place, the ASCS provides additional key guidance called the Essential Eight. These eight cyber threat mitigation strategies are a great next step in protecting your business.

Most organisations need to go deeper, though, which likely involves a managed IT partner that can modernise and keep current your business’s digital defences.

For example, setting up backup and disaster recovery solutions across your enterprise requires a bit more investment and technical know-how than many businesses have on hand. The same is true of setting up governance procedures, training your staff in cyber best practices, and many other elements of your cyber security defence strategy. The same is true of setting up governance procedures, training your staff in cyber best practices, even having a SOC as a service, and many other elements of your cyber security defence strategy.

Canon Business Services ANZ (CBS) is a full-service IT partner serving organisations of all sizes, specialising in enterprise businesses. We offer a comprehensive range of security services as a secure MSP, though also a provider of Managed Security Services, and additionally a 24/7 Security Operations Centre (SOC).

The true power of having cyber security for your business

Canon Business Services ANZ (CBS) offers comprehensive, cutting-edge cyber IT security protection, including vulnerability management, Security Information and Event Management systems (SIEM), and firewall management systems.

Don’t gamble with the threat of cyber attacks and the damage they can do to your business, your systems, and your reputation. Step into an active, cyber-secure future with CBS instead.

Ready to access industry-leading cyber security protection? Reach out to our team today.

Similar Articles


What are the advantages of Microsoft Azure

Discover the advantages of Microsoft Azure: Scalability, security, cost-efficiency, and innovation. Learn how Azure enhances operations and drives digital transformation in New Zealand.

What is Security Automation?

Learn how automated security transforms cybersecurity, making it simpler and more efficient. Protect your business data with CBS New Zealand’s expert insights now!

What are the effective Azure cost optimisation strategies

Maximize Azure efficiency for your New Zealand organisation. Reduce costs, optimize resources, and align spending with business goals using our expert strategies and tools!

What are the benefits of penetration testing?

Gain confidence in your digital security with the benefits of penetration testing. Enhance cybersecurity, identify vulnerabilities, and fortify your defences with CBS New Zealand's expert insights now!

Cybersecurity Threat Detection: Proactive strategies

Stay ahead in cybersecurity with our 2024 guide on threat detection. Learn advanced technologies & response plans to protect your business against threats with CBS New Zealand.

The key differences between CIO vs CISO in business

Uncover the distinct roles of CIO and CISO in New Zealand business: Key responsibilities, overlaps, and IT leadership evolution.

The essential drive behind healthcare IT outsourcing

Discover how IT outsourcing transforms healthcare efficiency and compliance in New Zealand.

Navigating Information Security Frameworks

Explore essential information security frameworks to safeguard your data. Protect your business data with CBS New Zealand's expert insights now!

Ultimate guide to internal penetration testing

This Internal Penetration Testing guide covers techniques, analysis, and best practices for identifying vulnerabilities & strengthening your cyber defense in New Zealand.

Level 1 support in IT

Discover the importance of Level 1 support in IT. Get insights into efficient problem-solving and customer service with CBS New Zealand's expert insights now!

RMM Meaning and its significance in IT management

Evolving technology, key benefits, and its impact on efficiency and security. protect your business data with CBS New Zealand’s expert insights now!

The Threat Intelligence Lifecycle explained

Discover how to navigate the Threat Intelligence Lifecycle in 2024. Our guide covers phases, analysis, and best practices for cybersecurity decision-making in New Zealand.