Types of Cyber-attacks Cyber security risks can be even more challenging if the organization has resorted to remote working and hence has less control over employees’ activities and device security. A cyber attack can cost organizations billions and severely damage its reputation. Those organizations will likely lose sensitive data and face huge fines. The different types of cyber-attacks include: Malware: It is a kind of malicious software that can use any file or software to harm a computer user, such as worms, viruses, Trojans and spyware. Social engineering: Users are tricked into breaking security procedures and the attackers gain sensitive, protected information. Phishing: Fraudulent emails and text messages resembling those from reputable sources are sent at random to steal sensitive information such as credit cards. Spear Phishing: It is a form of phishing attack but it has a particular (intended) target user or organization. Ransomware: It is another type of malware in which the system is locked by an attacker through encryption that they would not decrypt and unlock until the ransom is paid. Other common attacks include insider threats, distributed denial of service, advanced persistent threats, man-in-the-middle attacks, botnets, vishing, business email compromise, SQL injection attacks and zero-day exploits. Effective training of the employees will enable them to understand the significance of cyber security. Regular cyber security risk assessment to evaluate risks and checking if the existing security controls are appropriate and if not, making mid-course corrections, will protect the company from cyber-attacks