A cyberattack does not occur spontaneously for it requires some planning and preparation. These attacks make use of a variety of techniques, including methods of social engineering, and they are prepared stealthily and a long time in advance, says IT security expert Stefan Rass, associate professor at the Institute for Applied Informatics (InfAI), Alpen-Adria-Universitt Klagenfurt (AAU).A Trojan is usually smuggled into a computer as an attachment to an e-mail, Prof. Rass explains. Then, for a long period, nothing happens. Weeks or even months later, when the effects of a cyberattack become apparent, most people wont associate the events with the e-mail. Everything you need to carry out an IT infrastructure attack can be purchased from the Darknet: The supply chain works very smoothly there. It means that anybody can become an attacker; its not necessary to have a lot of technical knowledge, Rass says. As cyberattacks become more frequent, it therefore behoves public institutions and companies to improve their risk management in order to be prepared for any threats, according to Prof. Rass. Recent hacking incidents, including attacks on large-scale infrastructure organisations such as the electricity grid in the Ukraine, increase the general awareness about the issue of managing cybersecurity risk. However, as a general fact, IT security does not tend to bring a direct return on investment,” Rass notes. “Sometimes, it results in making things slower and more complicated. Security investments do not produce profits, but rather they avoid losses.

Source: Click here