Indirect attacks are an increasingly prevalent and dangerous type of cyber attack. Though the name might imply that such a breach might be less significant, it's critical that businesses—and IT professionals—are aware of the potential damage.
What is an indirect attack in cyber security?
As the name suggests, direct cyber security attacks directly target data. Because many businesses have advanced security measures in place that can deflect, if not prevent, direct attacks, cyber criminals sometimes attack indirectly -- going after parts of the infrastructure that aren't subject to as much security scrutiny.
An indirect attack in cyber security cyber attack might not appear serious at first. It might be a brief system failure in disguise or a compromise in the software controlling server cooling equipment. But during indirect attacks, cyber criminals layer tactics to steal, disrupt or destroy data through intermediary sources. It’s like a stepping stone on the path to a successful cybercrime.
The business impact from an indirect attack can mainly be measured in cost. When companies budget for cyber security, they usually focus on the data and the things that directly protect it—in terms of firewalls, anti-malware and training materials for employees. When considering indirect attacks, the radius to protect should extend to include the operations infrastructure and diagnostic analysis.
What is the risk in failing to distinguish between attacks?
Failure to identify an indirect attack in cyber security could lead to long-term equipment damage, such as in the breach of the data center cooling system. You could encounter speed-to-market challenges if your intellectual property lands in the wrong hands during what you assumed was a system failure, causing security to temporarily shut off so that the system could be repaired.