Forms of attack
Introduction
Attacks on computer systems and data can be divided into two groups. These are physical attacks and electronic attacks.
Physical attacks
These involve someone attacking a computer system and the data it holds in person. Employees in an organisation are seen as the weak point in whatever security systems are in place so organisations engineer a range of measures to try and reduce the likelihood of these kinds of attacks occurring. For example, employees can be issued with Pass Cards. These have to be swiped, sometimes in conjunction with having to enter a Personal Identification Number (PIN) to open certain doors to rooms holding equipment or to access a computer system. Biometric scans can be used as an alternative to Pass Cards, which can be lost, damaged or stolen. Biometric scanning involves scanning a unique part of a person, who wants to get access to a particular area or access a resource, typically their fingerprint or retina. The scan is then compared to a database of the biometric data of employees, who have been through an authorisation process.
Electronic attacks
These kinds of attack involve a program that tries to access a secure system. Typically, these involve some kind of malware such as a virus or Trojan horse, for example, or through an SQL injection or brute force attack. The attack can be carried out remotely from any part of the world. You don't need to be in an organisation to attempt to access its data. They typically involve methods to hide where the attack is coming from, the IP address of the attacker.