Incident response
Search
Close this search box.

How to combat five of the most common cyberthreats

Zandre Janse van Vuuren identifies five of the most common cyberthreats and shares practical tips to help you defend against them.

By Zandre Janse van Vuuren | Service Delivery Manager: Cyber DFIR, BUI

As our world becomes increasingly interconnected through digital systems, the threat landscape for cyberattacks continues to expand. In 2024, global cybercrime costs soared to an estimated $9.22 trillion, with projections indicating a rise to more than $13 trillion by 2028.

These staggering figures highlight the need for robust security measures. Cyberthreats not only risk sensitive data, but can also disrupt operations and cause significant financial and reputational damage. Let’s take a closer look at five of the most common cyberthreats organisations face today, their potential impact, and actionable steps for mitigation.

1 | PHISHING

Phishing remains one of the most prevalent cyberthreats due to its simplicity and effectiveness. Attackers often exploit human error, leveraging psychological tactics such as urgency, fear, and curiosity to trick people into revealing critical information.

Common phishing techniques include posing as trusted organisations like banks or government agencies, using realistic-looking fake websites to capture login credentials, and embedding malware in email attachments.

The rise of spear phishing (i.e., highly targeted attacks against specific individuals or organisations) has further increased the threat’s sophistication and success rate. Even tech-savvy users can fall victim if vigilance lapses, making continuous awareness and training essential.

Potential impact:

  • Unauthorised access to an organisation’s accounts and systems.
  • Data breaches extending to the organisation’s network.
  • Financial losses and reputational damage.

Mitigation:

  • Implement a robust email filter to block phishing attempts from known malicious sources.
  • Teach employees how to recognise phishing emails. Cultivate good habits like checking the sender’s details, avoiding clicking on suspicious links, and reporting suspected phishing activities to the IT department.
  • Use multi-factor authentication and conditional access policies to add an extra layer of security.

2 | RANSOMWARE

With the rise of Ransomware-as-a-Service platforms, even attackers with little technical aptitude can deploy sophisticated ransomware campaigns, making this threat more pervasive than ever. These platforms provide pre-packaged ransomware tools, technical support, and even revenue-sharing models, significantly lowering the barrier to entry for cybercriminals.

Compounding the issue is the growing use of double extortion tactics, where attackers encrypt data and threaten to publicly release sensitive information unless the ransom is paid. This evolution has made ransomware one of the most concerning and financially devastating cyberthreats today, affecting organisations of all sizes across industries.

Potential impact:

  • Loss of access to critical data and services.
  • Operational downtime.
  • Financial losses from ransom payments and recovery efforts.

Mitigation:

  • Ensure regular backups of critical data and systems, abiding by the rule of three: two offline and offsite backups in different locations and one cloud-based backup.
  • Keep software and systems updated, patch vulnerabilities, and conduct regular vulnerability assessments and penetration testing.
  • Deploy endpoint detection and response tools to identify and stop ransomware early.

3 | INSIDER THREATS

While external attacks often dominate headlines, insider threats can be just as damaging and sometimes more difficult to detect. Whether malicious or negligent, insiders already have authorised access to critical systems and data, allowing them to bypass many traditional security measures.

Malicious insiders may act out of financial gain, dissatisfaction, or coercion, while negligent insiders might unintentionally expose sensitive information through careless behaviour or a lack of awareness.

The dual nature of insider threats makes them particularly challenging to manage, underscoring the importance of comprehensive monitoring and regular employee training.

Potential impact:

  • Data theft or leaking of sensitive information.
  • Compromised intellectual property.
  • Damage to internal systems.

Mitigation:

  • Restrict access to sensitive data based on job roles and responsibilities using the principle of least privilege.
  • Monitor user activity for unusual behaviour using insider threat detection tools capable of behavioural monitoring.
  • Conduct regular security awareness training for employees.

4 | MALWARE

Malware attacks are often the first step in larger, multi-stage cyberattacks, serving as a gateway for attackers to establish a foothold in a target’s system. These attacks can infiltrate systems through various vectors, including compromised downloads, malicious websites, infected USB devices, phishing emails with malicious attachments, and even unsecured IoT devices.

Once installed, malware can perform a range of harmful activities, from data exfiltration and credential harvesting to deploying additional payloads for ransomware or botnet creation. The versatility and adaptability of malware make it a cornerstone of many sophisticated cyberattack campaigns.

Potential impact:

  • System downtime.
  • Data corruption or theft.
  • Financial losses from recovery efforts.

Mitigation:

  • Install and regularly update antivirus and anti-malware software.
  • Employ network firewalls and intrusion detection/prevention systems.
  • Educate employees on safe browsing habits and the risks of downloading unknown files.

5 | DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

As businesses increasingly rely on online services, Distributed Denial of Service (DDoS) attacks have become a favoured method for disrupting operations. These attacks flood networks or servers with overwhelming traffic, rendering them inaccessible to legitimate users.

Beyond their immediate disruptive effects, DDoS attacks are often used as a smokescreen to divert attention while attackers execute more invasive activities, such as data breaches or malware deployment.

The increasing accessibility of DDoS-for-hire services has further amplified the threat, enabling attackers to launch large-scale attacks with minimal resources or technical expertise.

Potential impact:

  • Website downtime or service outages.
  • Loss of customer trust.
  • Potential financial losses.

Mitigation:

  • Use a content delivery network or DDoS protection service to absorb attack traffic.
  • Configure rate-limiting and traffic-filtering rules on your network.
  • Develop an incident response plan to address and mitigate DDoS attacks quickly.

Understanding the most common cyberthreats is crucial for safeguarding your organisation. Phishing, ransomware, insider threats, malware, and DDoS attacks each present unique challenges, but proactive measures such as employee training, robust technical defences, and regular updates to security protocols can mitigate their impact.

Cybersecurity is a continuous effort that demands vigilance, adaptation, and a culture of awareness. You can protect your business assets, maintain trust, and ensure resilience in an ever-changing threat landscape by staying informed and prepared.

BUI is a 2025 Data Privacy Week Champion

The 2025 Data Privacy Week awareness campaign aims to educate and empower individuals to take control of their personal data.

BUI is proud to announce its commitment to the 2025 Data Privacy Week campaign. As a Data Privacy Week Champion, BUI recognises and supports the principle that all organisations share the responsibility of being conscientious stewards of personal information.

Data Privacy Week is an annual awareness initiative that takes place from 27-31 January. The goal is twofold: to help individuals understand that they have the power to manage their data and to help organisations appreciate why it’s necessary to respect the user data they collect, process, and store.

This year’s theme is Take control of your data – and it’s a timely reminder for everyone as the world becomes more digitally connected, notes BUI Group Governance and Compliance Manager Dhiren Boodhia. “Data Privacy Week highlights the fact that trust is built on transparency. Individuals want to know that their personal information is respected and protected by those who have access to it,” says Boodhia. “As privacy laws and public expectations continue to evolve, organisations should strive to go beyond mere compliance to create a culture of accountability around data privacy and security.”

How vigilant are you about your data privacy?

Your digital activities generate huge amounts of data: websites, apps and online services collect information about your behaviours, your interests, and your purchases. Often, this includes personal data like your identity number and home address. It can even include data about your physical self: think about how smart devices can save health and fitness records as you exercise.

While you cannot control how each byte of data about yourself and your family is shared and processed, you are not helpless! In many cases, you can control how you share your data with a few simple steps. Remember, your personal data is precious and you deserve to be selective about who you share it with. Here are three simple steps to help you manage your data privacy, according to guidelines from the National Cybersecurity Alliance:

1. Know the trade-off between privacy and convenience

Nowadays, when you download a new app, create a new online account, or join a new social media platform, you’ll often be asked for access to your personal information before you can even use it! This data might include your geographic location, contacts, and photos.

For these businesses, personal information about you is tremendously valuable – and you should think about whether the service you get in return is worth the data you must hand over, even if the service is free. Make informed decisions about sharing your data with businesses or third-party service providers… Ask yourself:

  • Is the service, app, or game worth the amount or type of personal data wanted in return?
  • Is the data requested even relevant for the service, app, or game?
  • Can you control your data privacy and still use the service, app, or game?
  • If you haven’t used the service, app, or game in several months, is it worth keeping around knowing that it might be collecting and sharing your data?

2. Adjust privacy settings to your comfort level

For every app, account, or device, check the privacy and security settings. These should be easy to find in the relevant Settings section and should take a few moments to change. Set them to your comfort level for personal information sharing. In general, it’s wise to share less data, not more.

You don’t have to do this for every account at once: start small and over time you’ll make a habit of adjusting all your settings to your comfort level. The National Cybersecurity Alliance has several free resources, including the Manage Your Privacy Settings page, to help you find and check the settings of social media accounts, apps, and more.

3. Protect your data

Data privacy and data security go hand-in-hand. Along with managing your data privacy settings, remember these four tips to safeguard your information:

  • Create long, strong, unique passwords for each account and device, and consider using a password manager to store each password securely.
  • Turn on multi-factor authentication wherever it is permitted. This helps keep your data safe even if your password is compromised.
  • Turn on automatic device, software and browser updates, or make sure you install updates as soon as they are available.
  • Learn how to identify phishing messages, which can be sent as emails, texts, or direct messages.

During Data Privacy Week this January, we’ll be sharing useful tips and resources to help you become more aware about data privacy at work, at home, and on the move. Follow us on Facebook and LinkedIn so you never miss a post, and join the conversation by using the #DataPrivacyWeek hashtag online.

About Data Privacy Week

Data Privacy Week began as Data Privacy Day in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the 28 January 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. The National Cybersecurity Alliance, the United States’ leading non-profit, public-private partnership promoting cybersecurity and privacy education and awareness, leads the effort in North America each year. For more information, visit www.staysafeonline.org/data-privacy-week/.

About the National Cybersecurity Alliance

The National Cybersecurity Alliance (NCA) is a non-profit organisation on a mission to create a more secure, interconnected world. The NCA advocates for the safe use of all technology and educates everyone on how best to protect themselves, their families, and their organisations from cybercrime. The NCA creates strong partnerships between governments and corporations to amplify its message and to foster a greater digital good. For more information, visit www.staysafeonline.org.

Your guide to a comprehensive Incident Response Plan

In Part 2 of our spotlight series on incident response, Zandre Janse van Vuuren explains how to create a comprehensive Incident Response Plan for your organisation.

By Zandre Janse van Vuuren | Service Delivery Manager: Cyber DFIR, BUI

In Part 1, we highlighted the importance of having an Incident Response Plan (IRP) to minimise damage, reduce recovery time, and secure sensitive data during a cybersecurity incident. Now, let’s dive into how to create an effective IRP for your organisation, with practical, step-by-step guidelines you can follow.

Step 1: Define your objectives and scope

The foundation of any effective IRP begins with setting clear objectives and defining the scope. Objectives help align your incident response efforts with your organisation’s goals, risk tolerance, and regulatory requirements. Typical objectives include:

  • minimising data loss;
  • ensuring business continuity;
  • reducing recovery time;
  • and protecting your business reputation.

The scope defines the types of incidents the IRP covers and may vary depending on industry standards or regulatory guidelines. For instance, a healthcare provider may need a specific scope for protecting patient data, while a financial institution may focus on transaction security and fraud prevention. By establishing scope early on, you can ensure that your IRP is comprehensive yet focused.

Step 2: Identify key stakeholders and roles

An IRP functions best when it has a well-structured team with clear roles and responsibilities. The team may include internal stakeholders, like IT and management, and external stakeholders, such as legal consultants or third-party security experts.

Each member of your incident response team should have a clearly defined role to prevent delays and confusion during an incident. Roles may include:

  • Incident Manager: Oversees the incident response process and co-ordinates with other teams.
  • Technical Lead: Directs containment, eradication, and recovery tasks.
  • Communication Officer: Manages internal and external communications.
  • Legal Advisor: Ensures compliance with legal obligations during and after an incident.

Designating these roles upfront helps the team respond more efficiently and cohesively during an incident.

Step 3: Establish incident categories and prioritisation

Incidents can range widely in scope and severity, from minor phishing attempts to full-blown data breaches. To streamline response efforts, you must categorise potential incidents and assign impact levels to each. Incident categories could include:

  • Network attacks: Attempts to compromise network infrastructure, such as Distributed Denial-of-Service (DDoS) attacks.
  • Phishing and social engineering: Attacks targeting individuals for unauthorised access.
  • Data breaches: Incidents where sensitive data is exposed or stolen.

Each category should have multiple impact levels (e.g., low, medium, high) based on criteria like the number of affected systems, potential data loss, and the severity of business impact. This prioritisation ensures critical incidents receive immediate attention, while lower-priority events are handled appropriately without over-allocating resources.

Step 4: Develop detection and notification protocols

Timely detection and reporting are crucial for an effective IRP. Make sure you implement security tools and monitoring systems that can detect unusual activities or potential threats. There’s a wide range of endpoint protection platforms, network monitoring tools, and intrusion detection systems available for business and enterprise organisations.

Once an incident is detected, a notification protocol outlines how and when incidents should be reported internally and externally.

  • Internal reporting should be rapid, with team members knowing whom to notify immediately.
  • External reporting may be required for regulatory compliance and could include notifying partners, customers, or the authorities depending on the type of incident.

Make sure you clearly define the people or parties to be notified, the method of notification, and the relevant timeframe.

Step 5: Outline incident containment and eradication steps

Containment and eradication are central to limiting an incident’s impact and preventing further damage. Document your procedures for both short-term and long-term containment and eradication.

  • Short-term containment may involve disconnecting affected devices from the network or blocking malicious traffic.
  • Long-term containment might include applying patches, implementing segmentation, or reconfiguring permissions.
  • Eradication focuses on eliminating the incident’s root cause and could involve removing malware, resetting compromised credentials, or closing exploited vulnerabilities.

Both containment and eradication should be documented in detail, tailored to specific incident types, and tested to confirm that they are feasible and effective.

Step 6: Create recovery and remediation procedures

Once the incident is contained and eradicated, recovery efforts aim to return systems to regular operation safely and reliably. The recovery phase may involve restoring affected systems, verifying data integrity, and assessing system functionality. A critical part of this step is to monitor your systems for any indication that the incident may recur, ensuring any residual threats are eliminated.

Remediation actions may also include taking preventative steps, such as reinforcing security controls, updating policies, or providing additional employee training. Documentation is essential here, as lessons learned in recovery and remediation will help improve your IRP over time.

Step 7: Build a communication strategy

Communication during an incident is essential to inform all stakeholders, control potential reputational damage, and fulfil legal obligations. Your communication strategy should differentiate between internal communications, which provide regular updates to relevant staff, and external communications, which may include notifying customers, partners, regulatory bodies, and the media.

Effective communication strategies often use predefined templates and include guidelines for customising messaging based on the nature and impact of the incident. Designate a spokesperson from your communications or public relations team to ensure consistency and accuracy in your external messages.

Step 8: Plan for post-incident review and continuous improvement

Every incident provides a learning opportunity. The post-incident review process aims to evaluate the IRP’s performance, identify areas for improvement, and ensure that lessons are incorporated into the IRP for future incidents.

This step typically includes:

  • Documentation: Detail the incident timeline, response actions, and decision points.
  • Evaluation: Analyse what went well and what didn’t, identifying any gaps in response.
  • Update procedures: Adjust protocols, tools, and policies to address any identified weaknesses.

A robust post-incident review process strengthens the IRP and demonstrates a commitment to continuous improvement, which is critical for fostering a proactive security culture and maintaining regulatory compliance.

Bonus tip! The success of any IRP is closely tied to the response team’s performance during high-pressure situations – and that’s why it’s important to cultivate the right mindset. If you and your teammates can maintain your composure, think objectively, and work in unison, then you’ll be ready when it matters most.

  • Stay calm under pressure: Panic can lead to mistakes and misinterpretations during critical moments. Breathe, focus, and assess the situation calmly before you act. Rely on your IR training and processes to guide you.
  • Stay objective and avoid assumptions: Jumping to conclusions or making assumptions can lead to missteps and wasted resources. Base your decisions on verified data; cross-check evidence; and don’t let personal biases influence your actions.
  • Focus on collaboration, not isolation: Incident response is a team effort: isolating yourself or hoarding information can slow the overall response time and hinder your progress. Communicate openly, delegate tasks, and leverage others’ expertise if necessary.

With a comprehensive IRP and a teamwork mindset, your organisation will be better equipped to navigate security incidents. Download our checklist to guide you in creating your IRP.

Get in touch with our experts today

contact us

© 2023 BUI. Your cloud and security partner for an evolving world.