A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include computer viruses, data breaches, Denial of Service (DoS) attacks and other attack vectors.
Cyber threats also refer to the possibility of a successful cyber attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property or any other form of sensitive data. Cyber threats can come from within an organization by trusted users or from remote locations by unknown parties.
Where do cyber threats come from?
Cyber threats come from numerous threat actors including:
National cyber warfare programs provide emerging cyber threats ranging from propaganda, website defacement, espionage, disruption of key infrastructure to loss of life. Government-sponsored programs are increasingly sophisticated and pose advanced threats when compared to other threat actors. Their developing capabilities could cause widespread, long-term damages to the national security of many countries including the United States. Hostile nation-states pose the highest risk due to their ability to effectively employ technology and tools against the most difficult targets like classified networks and critical infrastructure like electricity grids and gas control valves.
Terrorist groups are increasingly using cyber attacks to damage national interests. They are less developed in cyber attacks and have a lower propensity to pursue cyber means than nation-states. It is likely that terrorist groups will present substantial cyber threats as more technically competent generations join their ranks.
Corporate spies and organized crime organizations
Corporate spies and organized crime organizations pose a risk due to their ability to conduct industrial espionage to steal trade secrets or large-scale monetary theft. Generally, these parties are interested in profit based activities, either making a profit or disrupting a business's ability to make a profit by attacking key infrastructure of competitors, stealing trade secrets, or gaining access and blackmail material.
Hacktivists activities range across political ideals and issues. Most hacktivist groups are concerned with spreading propaganda rather than damaging infrastructure or disrupting services. Their goal is to support their political agenda rather than cause maximum damage to an organization.
Disgruntled insiders are a common source of cyber crime. Insiders often don't need a high degree of computer knowledge to expose sensitive data because they may be authorized to access the data. Insider threats also include third-party vendors and employees who may accidentally introduce malware into systems or may log into a secure S3 bucket, download its contents and share it online resulting in a data breach. Check your S3 permissions or someone else will.
Malicious intruders could take advantage of a zero-day exploit to gain unauthorized access to data. Hackers may break into information systems for a challenge or bragging rights. In the past, this required a high level of skill. Today, automated attack scripts and protocols can be downloaded from the Internet, making sophisticated attacks simple.
Natural disasters represent a cyber threat because they can disrupt your key infrastructure just like a cyber attack could.
Accidental actions of authorized users
An authorized user may forget to correctly configure S3 security, causing a potential data leak. Some of the biggest data breaches have been caused by poor configuration rather than hackers or disgruntled insiders.
What are examples of cyber threats?
Common cyber threats include:
Malware is software that does malicious tasks on a device or network such as corrupting data or taking control of a system.
Spyware is a form of malware that hides on a device providing real-time information sharing to its host, enabling them to steal data like bank details and passwords.
Distributed denial of service (DDoS) attacks
Distributed denial of service attacks aim to disrupt a computer network by flooding the network with superfluous requests to overload the system and prevent legitimate requests being fulfilled.
A zero-day exploit is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching the flaw.
Advanced persistent threats
An advanced persistent threat is when an unauthorized user gains access to a system or network and remains there without being detected for an extended period of time.
A trojan creates a backdoor in your system, allowing the attacker to gain control of your computer or access confidential information.
A wiper attack is a form of malware whose intention is to wipe the hard drive of the computer it infects.
Intellectual property theft
Intellectual property theft is stealing or using someone else's intellectual property without permission.
Theft of money
Cyber attacks may gain access to credit card numbers or bank accounts to steal money.
Data manipulation is a form of cyber attack that doesn't steal data but aims to change the data to make it harder for an organization to operate.
Data destruction is when a cyber attacker attempts to delete data.
Man-in-the-middle attack (MITM attack)
A MITM attack is when an attack relays and possibly alters the communication between two parties who believe they are communicating with each other.
A drive-by download attack is a download that happens without a person's knowledge often installing a computer virus, spyware or malware.
Malvertising is the use of online advertising to spread malware.
Rogue software is malware that is disguised as real software.
Unpatched software is software that has a known security weakness that has been fixed in a later release but not yet updated.
Data centre disrupted by natural disaster
The data centre your software is housed on could be disrupted by a natural disaster like flooding.
Why is it necessary to protect against cyber threats?
Cybersecurity risks pervade every organization and aren't always under direct control of your IT security team. Increasing global connectivity, usage of cloud services, and outsourcing means a much larger attack vector than in the past. Third-party risk and fourth-party risk is on the rise, making third-party risk management, vendor risk management and cyber security risk management all the more important for reducing the risk of third-party data breaches.
Pair this with business leaders making technology-related risk decisions everyday, in every department, without even knowing it. Imagine your CMO trials a new email marketing tool that has poor security practices, this could be a huge security risk that could expose your customers' personally identifiable information (PII) causing identity theft. Whether you work in the public or private sector, information security cannot be left to your Chief Information Security Officer (CISO), it must be an organizational wide initiative.
How to protect against and identify cyber threats
A good place to start to understand how to protect your organization from cyber threats is with the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (NIST Cybersecurity Framework) and a cyber threat intelligence exercise.
Cyber threat intelligence is what cyber threat information becomes once it is collected, evaluated and analyzed. Cyber threat intelligence provides a better understanding of cyber threats and allows you to identify similarities and differences between different types of cyber threats in an accurate and timely manner.
Cyber threat intelligence is developed in an cyclical process referred to as the intelligence cycle. In the intelligence cycle, data collection is planned, implemented and evaluated to produce a report that is then disseminated and revaluated in the context of any new information.
The process is a cycle because during the gathering or evaluation process you may identify gaps, unanswered questions or be prompted to collect new requirements and restart the intelligence cycle.
Analysis hinges on the triad of actors, intent and capability with consideration of their tactics, techniques and procedures (TTPs), motivations and access to intended targets.
By studying the triad of actors, it becomes possible to make informed strategic, operation and tactical assessments:
Strategic assessments Inform decision makers on broad and long-term issues, as well as providing timely warnings of threats. Strategic cyber threat intelligence forms a view of the intent and capabilities of malicious cyber attackers and what cyber threats they could pose.
Operational assessments target potential incidents related to events, investigations or activities and provide guidance about how to respond to them. For example, what to do when a computer is infected with malware.
Tactical assessments are real-time assessments of events, investigations and activities that provide day-to-day support.
Properly applied cyber threat intelligence provides insights into cyber threats and promotes a faster more targeted response. It can assist decision makers in determining acceptable cybersecurity risks, controls and budget constraints in equipment and staffing, and support incident response and post-incident response activities.
by Abi Tyas Tunggal