Has your computer ever been hacked or infected with the virus? If it has, then you know that this is not only annoying, but it's also costing a lot of money and time. And if it hasn't, let me ask you, are you sure? Not only individuals, but also companies, public institutions and even governments are victims of cyber crime. And for those, the consequences can be even more severe. In spring 2017, a program called WannaCry infiltrated companies and organizations in 150 countries. It locked access to the files on any infected computer and asked the user to pay a certain amount of money to get the unlocking keys. This is what we call a ransomware. Among its victims was NHS, the National Health Service in the UK. For many British patients, this meant that their consultation or surgery was cancelled and they were sent back home. On a larger scale, the economic losses from this cyber attack were estimated to be around US $4 billion. This is only one example of a cyber security breach. In reality, there is a variety of approaches that attackers use to affect computers and even servers. Let's have a look at the most common ones. We will start with a relatively low tech attack called phishing. This is a fake email, text message, or website created to look like they're from a legitimate source. Some have the purpose of acquiring information, so they will ask you to enter your credit card details or confirm your password. Others will install malware on your computer once you open an attachment. And there are some that pretend to be emails from your boss or your friend asking you to transfer a certain amount of money. This is a very easy to build attack. I remember that in college, after my very first HTML course, one of my classmate sent an email that appeared to be coming from the university head. You'd never fall for this, right? Don't be so sure. A study from a German university found that actually 78% of tested people claimed to be aware of the risk of an unknown email. However, 45% of participants will still click a link in such an email. Interestingly, when they are asked only half of those confirm that they have clicked through. But this is a different story. Another type of attack is what we call malware. It's a software downloaded either from a phishing e-mail or by clicking on a link from an advertising website or even directly from a USB stick. Such software is designed to get access in an unauthorized way to your system. It can alter, delete or steal information from your device. It can also potentially spread to other users on your home or company network. There are multiple subcategories under this wide umbrella of malware: viruses, spyware or ransomware like the WannaCry example. It is obvious that this does not only harm individuals, but is more likely to affect companies which have valuable data to protect. A third type is known by its acronym DDoS for distributed denial of service. In this attack a server is targeted by an overwhelming amount of requests with the goal of ultimately shutting it down. This would cause any website hosted on that server or any system relying on it to become non-operational. This is a relatively more sophisticated attack because it usually involves the hacker having access to many infected devices then directing them to send the request simultaneously to a single targeted server. I only said relatively more sophisticated because if you remember our discussion in the IOT video, the number of connected cameras, meters, cars is increasing and many of them are not protected well enough. This is how a massive coordinated attack crippled one of the Internet service providers here in Singapore in 2016. This is the kind of thing that can do a lot of harm to a country. If you are asking yourself, how can someone crack that many devices, many of which come with a password? Then you should hear about the brutal-force attack. This is done by a software that tests millions of different combinations of letters and numbers to crack the password and therefore get access to the device. But not only this, similar programs can be used to crack encrypted messages or financial data. The last type of attack we will describe is probably the most obvious, the physical breach. In the simplest case the intruder walks in during a lunch break, sits on an unlocked computer, installs a malware, steals data or sends an email, then walks away. Simple but incredibly dangerous. And these are just selected examples. The types of attack and the targets are fragmented, change over time, and they are usually used in combinations. It is difficult to rely on a robust counting of incidents. Many organizations consolidate and share the number of attacks they have been able to identify. But of course we don't know what we don't know. In any case, the consistent conclusion across the reports published in the last couple of years is that the attacks are growing in numbers. Dell estimated that the global number of malware attacks nearly doubled between 2015 and 2016. Symantec detected that the number of attacks against their honeypots increased by 80% during 2016. Those attacks are increasingly targeting the end user devices as their entry point instead of the server. What we call end user device can be your laptop, your mobile phone or your connected object like the one we have described in the IOT video. If you are wondering which industries are most impacted, I would say all, although financial services and public sector are usually in the list of the most targeted ones. This also has to do with what motivates the attackers. In a report by Verizon, 70 to 80% of attackers are motivated by financial gain, 10 to 20% are acts of espionage, only a very small fraction is promoting an ideology or perpetrated by a hacker having fun in his garage.