menu close
  • Back

Cyber attacks continue to be on the rise, affecting even more businesses and entities in 2022 than in any year previous. As we look ahead into the new year, the attacks aren’t slowing down. Learn about the various ways a cyber attack could threaten your business, along with strategies to stay safe into 2024 and beyond.

What is a cyber attack?

A cyber attack is any form of intentional and malicious digital intrusion or breach into an organisation’s software, systems, servers, networks or websites. Another entity, be it an individual hacker, an organisation, or even a state actor, perpetrates the attack, attempting to gain access to, damage, or destroy some element of the target organisation’s digital estate.

Cyber attack vs. cyber threat

These two terms are not interchangeable: a cyber threat is a potential attack, one that hasn’t launched against your business. A cyber attack is an actual or attempted targeting.

Cyber attack statistics in 2022

Cyber attacks continue to cause significant tangible damage to ANZ businesses. In 2022, Australians have lost over $72 million to scams.

One report found some sobering statistics:

93% of company networks are vulnerable to network penetration
Scams spiked 84% year over year
Small to medium businesses were 43% of targeted entities
A ransomware attack happens every 11 seconds

In the office (be it physical or virtual), top threats were ransomware, malware, phishing and remote access attacks.

Another report found that, since the onset of the COVID-19 pandemic, cybercrime has increased by an astounding 600%. The transition to remote work has destabilised some workers and created new liabilities, such as unsecured home Wi-Fi networks and unmanaged BYOD.

How does a cyber attack hurt businesses?

Cyber attackers are a creative bunch, and the list of ways they can hurt businesses is a lengthy one. Here are just a few examples:

Cyber attacks can cause operational disruptions by taking systems offline.
They can destroy customer trust through a data breach involving customers’ private information.
In regulated industries, certain breaches can create regulatory compliance nightmares, too.
Ransomware attacks can render systems inoperable and cost businesses in the millions should they choose to pay.

How does a cyber attack work?

In general, a cyber attack works because attackers gain access to or control of some element on the target business’s network. Once attackers gain access, they can execute any number of malicious actions, from stealing data to locking systems in demand of payment to disabling and damaging systems.

IT Security Checklist

Transform Your Cyber Defense: Prioritised Actions for Staying Ahead of Threats.


10 Common cyber attack methods

The specific methods and outcomes of cyber attacks can vary widely. Most attacks and threats fall into the following 10 categories.

1. Malware

A broad term that includes numerous kinds of malicious software. Malware finds a way into your company’s network or connected systems, often from a user clicking a malicious link or opening a malicious attachment. Once active, malware can execute a number of attacks, such as logging and stealing data in a data breach (spyware) or causing the system to fail entirely.

2. Ransomware

An especially dangerous and problematic subset of malware, ransomware attacks lock a business (or even a government agency or piece of critical infrastructure) out of infected systems and demand payment to regain access. Attackers may threaten to leak or sell confidential data if not paid. Businesses may be unable to function normally until systems are restored. Disaster recovery procedures are one way to combat this threat: if systems are properly backed up (prior to infection), they can usually be restored.

3. Phishing

Phishing attacks originate over communications, usually email. Phishing emails mimic an important, reputable sender (perhaps even a vendor a business is using, such as Microsoft 365) and push readers to click a link and provide sensitive information (login credentials, for example). The site is a fake and the data goes to the attacker, putting IT security at risk. Phishing attacks are common in both consumer and business contexts. Either way, the attackers are looking to steal personal information and gain account access.

4. Spear-phishing

Spear-phishing is highly targeted phishing: instead of sending an email to millions pretending to be Apple or a large bank, spear-phishing attackers research specific targets within specific organisations and then use social engineering to deceive their way in. They may pretend to be a high-ranking executive asking via urgent email for employees (sometimes by name!) to do something unusual and unsafe. The best attacks are indistinguishable to the average user, but they are also hard to execute successfully.

5. Whale-phishing

Almost the reverse of spear-phishing, whale-phishing attacks target those executives directly. Attackers may use targeted ransomware to steal or lock sensitive data or proprietary information.

6. Denial of service

Denial of service (DoS) attacks send high volumes of (fake) traffic to a server or other system, eating up all available bandwidth and choking out legitimate traffic. Malware installed across numerous machines can perpetuate this at scale, called a distributed denial of service attack (DDoS attack).

7. Man in the middle

An attacker who jumps in between what should be secure traffic between two parties is executing a man-in-the-middle attack. This threat can steal data from a transaction—and neither legitimate party will know. These attacks occur after malware is installed or when users operate on insecure networks (like public Wi-Fi).

8. Zero-day exploit

Software providers regularly discover—and patch out—vulnerabilities within their software. Sometimes an exploit becomes well-known, but the developer needs time to produce a fix. Zero-day exploits attack these known vulnerabilities prior to the patch. A related vulnerability is unpatched, out-of-date systems. Zero-day exploits are difficult to catch but rare. Breaking an old, unpatched system that’s widely known to be vulnerable is much easier.

9. Brute force

What most people think of when they hear the word “hack”: a brute force attack breaks into a system via sheer strength, whether by using bots and tools to guess password combinations at superhuman speeds. Vulnerability management tools can mitigate simple brute force attacks by limiting the number of login attempts before lock out.

10. SQL injection

SQL injection attacks work by injecting malicious code into an SQL database, usually for the purpose of stealing information contained in the database. SQL injection attacks can be executed using a text input field on a public-facing website, making them particularly worrisome.

How to combat cyber attacks

Understanding the dangers involved and the methods by which you may be attacked is a starting point, but implementing effective strategies to combat cyber threats is the true goal.

Secure your business

If you haven’t given much consideration to cyber security as an organisation, the first step is to take care of common-sense security vulnerabilities and gaps. Keeping software and firmware up to date across all systems takes effort, but it doesn’t require deep IT knowledge.

Even if you’re not working with a managed IT security partner, there are basic business-oriented steps you can take right away. As a place to start, the Australian government has assembled some initial tools to help you protect your business.

Once you have those basics in place, the ASCS provides additional key guidance called the Essential Eight. These eight cyber threat mitigation strategies are a great next step in protecting your business.

Most organisations need to go deeper, though, which likely involves a managed IT partner that can modernise and keep current your business’s digital defences.

For example, setting up backup and disaster recovery solutions across your enterprise requires a bit more investment and technical know-how than many businesses have on hand. The same is true of setting up governance procedures, training your staff in cyber best practices, and many other elements of your cyber security defence strategy. The same is true of setting up governance procedures, training your staff in cyber best practices, even having a SOC as a service, and many other elements of your cyber security defence strategy.

Canon Business Services ANZ (CBS) is a full-service IT partner serving organisations of all sizes, specialising in enterprise businesses. We offer a comprehensive range of security services as a secure MSP, though also a provider of Managed Security Services, and additionally a 24/7 Security Operations Centre (SOC).

The true power of having cyber security for your business

Canon Business Services ANZ (CBS) offers comprehensive, cutting-edge cyber IT security protection, including vulnerability management, Security Information and Event Management systems (SIEM), and firewall management systems.

Don’t gamble with the threat of cyber attacks and the damage they can do to your business, your systems, and your reputation. Step into an active, cyber-secure future with CBS instead.

Ready to access industry-leading cyber security protection? Reach out to our team today.

Similar Articles


The key differences between CIO vs CISO in business

Uncover the distinct roles of CIO and CISO in New Zealand business: Key responsibilities, overlaps, and IT leadership evolution.

Ultimate guide to internal penetration testing

This Internal Penetration Testing guide covers techniques, analysis, and best practices for identifying vulnerabilities & strengthening your cyber defense in New Zealand.

RMM Meaning and its significance in IT management

Evolving technology, key benefits, and its impact on efficiency and security. protect your business data with CBS New Zealand’s expert insights now!

The Threat Intelligence Lifecycle explained

Discover how to navigate the Threat Intelligence Lifecycle in 2024. Our guide covers phases, analysis, and best practices for cybersecurity decision-making in New Zealand.

Understanding Blue Teams in cybersecurity

Explore Blue Teams' pivotal role in cybersecurity: their defense strategies, Red Team collaboration, and trends with CBS New Zealand's expert insights now!

Comprehensive guide to Backup Disaster Recovery

Check our guide on Backup Disaster Recovery. Explore trends and best practices to protect your business data with CBS New Zealand’s expert insights now!

The benefits of outsourcing IT support

Discover how outsourcing IT support drives cost savings, agility, and access to global expertise for your New Zealand organisation.

Guide to end-user management

Optimise user experience with effective End-User Management. Simplify IT operations in New Zealand for better efficiency.

Enhancing incident response with event log tools

Boost incident response with event logging tools. Learn types, setup, and analysis for optimal system performance for your New Zealand operations.

The benefits of Microsoft 365

Unlock business potential with Microsoft 365 benefits – scalability, security, and seamless productivity tools for your New Zealand organisation.

A guide to Microsoft 365 security best practice

Secure Microsoft 365 effectively with best practices. From MFA to Secure Score, fortify your defenses against evolving cyber threats in New Zealand.

A comprehensive guide to Microsoft productivity tools

Unleash efficiency with Microsoft's powerful productivity tools - Power Automate, PowerApps, and more. Elevate collaboration for business productivity in New Zealand.