Understanding the What and How's of Cyber Attacks

September 3, 2023


3 min read


Understanding the What and How's of Cyber Attacks

Do you know the most common methods hackers use to crack your code? Learn about the tricks and channels that helping hackers breach security, compromise your own and your customers' data, your payment methods and much more.

Understanding the What and How of Cyber Attacks

Just like a starry night, there is no beginning or end to cybersecurity risks. There are multiple ways hackers can attack your systems today, and they are working on new ones they will use tomorrow, if not sooner. To improve your chances of avoiding an attack, you need to understand the aspects of your online systems that enable attacks the most, what devices can lead to system attacks, and how you can proactively manage your risk and stability.

To start, it’s important to note the most common device types attackers target and compromise to get what they want. Following is a list of devices that are most vulnerable as they are highly targeted by hackers for various security breach schemes.

·       Mobile devices: smartphones, tablets, e-readers

·       Laptops and PCs

·       Cloud environments: Google Cloud Platform, Azure, AWS, and others

·       Cloud apps: Email and messaging systems, CRMs, storage solutions, design tools, and no-

·       code business development apps

·       Portable storage devices: USB sticks, external hard drives, SD cards

·       IoT devices: Connected security cameras, smartwatches, hotspots, and more

As you can see, the list is comprehensive for the technologies required to operate a small business in any industry, e-commerce or in-person.

Biggest SMB enablers of attack

Like everything, some technology elements of business are easier to attack than others. Here’s a list of some easy attack vectors all SMB owners and operator should be paying attention to:

1. Compromised credentials

Attackers steal access credentials through hacked password storage accounts, shoulder surfing, key loggers, spyware, network sniffing, and more. Once they have these credentials they can use them to access critical resources or upgrade their access privileges to inflict greater damage.


2. Misconfigured access

Misconfigured cloud resources can become a huge issue contributing to risk when unmanaged. Time and time again we hear horror stories of storage folders, like Amazon S3buckets, being set up inaccurately which compromises security and exposing companies and their customers to breaches. The same can be said for public Google Drive links mistakenly configured with open internet access.

3. Email phishing and spoofing

The number one way that attackers can deliver malware such as ransomware, spyware, and so on, to organizations is through phishing emails containing malicious content. They also leverage impersonation and spoofed accounts to accomplish similar goals. A common hack is an invoice or account update request that comes in an email with a company logo, making it look like official correspondence from a given brand with whom you do business.

All staff members should be aware of these hacks and instructed to forward any questionable emails that require credentials, password information, bank or credit card information to a point person on your team to vet and manage.

These are important elements to consider in understanding why and how attackers target SMBs. However, attackers aren’t the only entity SMBs must address when managing cyber risk. Regulators have also proven to be another key stakeholder in ensuring you are properly managing. Compliance standards are not optional in many states and must be met in order to maintain an active business license. It is important to note the regulations for your industry in the state in which you headquarter your business, and any states in which you do business. You must comply to standards set forth by all states associated with your business operations and transactions, making it a bit more cumbersome than you might think.

Cyber Pop-up has experts that have been helping companies secure all devices and systems in place, and craft and execute a plan for complying with state and other regulatory requirements.

For more information about our process and expertise,, visit our About Us page to see the depth of experience we have to assure you are protected and in good standing with compliance issues.

For more insights from Dr. Christine, visit our Resources Page often, or email our team members, at