Table of Contents
Reading Time: 6 minutes
4. CYBER THREAT DEFINITION
Cyber threats are defined by the National Institute of Standards and Technology (NIST) as “Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service”. It comes in different forms as I explain next.
5. TYPES OF CYBER THREATS
Keeping up with new technologies, security trends and cyber threats is a challenging task for organisations and cyber security professionals all over the world, although extremely important in order to be ahead of criminals and ensure information, data, systems, programs and other forms of assets are protected from malicious events. Cyber threats take many forms, which include the following, but it is not limited to:
5.1 Cyber Crime
This type of threat includes single actors or groups targeting systems and critical infrastructures for financial gain or to cause disruption.
5.2 Cyber Attack
It is an attack launched by cyber criminals using one or more devices against a single or multiple computers or networks. Once successful it can disable systems, steal data, or use a vulnerable asset as a launch point for other attacks. A variety of threats have been used by cyber criminals to launch their attacks, including malware, phishing, ransomware, denial of service, among other methods, which I will be displaying and discussing below.
5.3 Cyber Terrorism
This type of threat refers to unlawful attacks against electronic systems to intimidate a government or its people and cause panic or fear.
It is a computer program able to copy itself and infect devices without permission or knowledge of the user. It might corrupt or delete data on a device, use e-mail programs to spread itself to other devices, or even delete everything on a hard disk.
It is a program that secretly records actions from a user on his/her device without his/her knowledge, so that cyber criminals can make use of this information (e.g., credit card details, etc.).
5.6 Advertising Supported Software (Adware)
It is a software that displays unwanted advertisements on a user device normally in a form of pop-ups. It is also able to change the user browser’s homepage, add spyware and just bombard the user’s device with advertisements.
It is a form of software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. This includes a virus, worm, trojan horse, spyware, some forms of adware or other code-based entity that infects an asset.
5.8 Trojan Horse
It is a computer program that appears to be harmless, however it has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. Cyber criminals trick users into uploading trojan horses on their devices for whatever their purposes are.
It is another form of malware which criminals encrypt an organisation or individual’s data and demand payment (normally through cryptocurrency) to restore the access. Ransomware has become one of the biggest concerns of C-levels from different industries these days, where organisations’ critical data has become unavailable to staff and shared with unauthorised parties when there is no payment.
5.10 Social Engineering
It is the act of tricking an individual into revealing sensitive information, obtaining unauthorized access, or committing fraud by alluring such individual to gain his/her confidence and trust.
It is a technique used by criminals for attempting to collect sensitive data, such as bank account details, credential details, through a fraudulent request in email or on a web site, in which the criminals masquerade themselves as legitimate business or reputable people.
5.12 Spear Phishing
It is a form of phishing attack that has a highly target user, organisation or business.
5.13 Insider Threats
Are security breaches or losses caused by employees, third parties or customers. Insider threats can be either malicious or negligent in nature.
5.14 Distributed Denial-of-Service (DDoS)
It is a form of threat where attackers make use of a great number of hosts (which are mostly infected) with the intention to disrupt the traffic of a targeted system, such as a server, website or other network resource. Such thing occurs by flooding the target with messages, connection requests or packets, which will slow down the target or make it unavailable, preventing legitimate connections through its use.
5.15 Advanced Persistent Threats (APTs)
APTs are prolonged attacks involving sophisticated levels of expertise and significant resources in which a malicious actor infiltrates into a network and remains undetected for long periods of time with the intention to steal companies’ data, adapting to protect itself from an organisation’s efforts to resist to it, and with the determination to maintain the level of interaction needed to execute its objectives.
5.16 Man-in-the-Middle (MITM)
It is a threat where the attacker positions himself/herself in between the user and the system so that he/she can intercept and alter data transmitted between them.
5.17 Zero-Day Exploits
It is a form of attack that exploits a previously unknown hardware, firmware, or software vulnerability.
Vishing is a form of scam (e.g., phone call or voicemail) that appears to be from a trusted source, but in fact it isn’t. The main purpose of the attack is to steal someone’s identity or money via phone calls or voicemails.
Smishing is a form of scam (e.g., SMS text or direct-chat message) that appears to be from a trusted source, but in fact it isn’t. The main purpose of the attack is to steal someone’s identity or money via SMS messages or direct-chat messages.
Botnet is the combination of the word robot and network. Malicious actors have been using trojan viruses to breach the security of several users’ devices, take control of them, and organize all the infected devices into a network of “bots” that can be managed remotely by the criminal to launch attacks.
6. CHALLENGES FACED BY ORGANISATIONS TO IMPLEMENT CYBER SECURITY
Implementing cyber security can be very challenging for organisations, especially for those which have minimum support (or none) from the board, poor cyber security culture, lack of security policy, standards, guidelines, baselines, processes and controls, and a shortage of skilled cyber security professionals to oversee the activities within the organisation. On top of that we have the evolving nature of security risks associated with immense cyber threats knocking on organisations’ “doors” constantly. Furthermore, cyber security defences are expensive and having the proper budget to afford them in conjunction with training for the cyber team is a paramount.
Although the effort from governments and private bodies to enforce their regulations, legislation and standards, keeping up with frequent changes and attacks, as well as implementing controls and updating practices to protect against the attacks, can be extremely difficult.
In addition to that, with more data being collected and sent to different locations (inter-state or off-shore), due to the use of cloud, the likelihood of cyber criminals getting access to and stealing Personally Identifiable Information (PII) has become a new concern for C-levels and cyber security professionals within organisations.
Cyber security programs, once approved by the board and stablished in the organisation, should also address end-user education, as employees may accidently bring malicious code into the workplace on their devices (BYOD) and put the environment at risk. Regular cyber security awareness campaign will guide employees in keeping their workplace protected from cyber threats.
Cyber Security Enthusiastic and founder of the WeCyberYou! platform.
Edson is a Cyber Security enthusiast who has been working in the Cyber Security space for over 20 years, assisting organisations from different industries, such as Consulting, Financial, Education, Telecommunication, and State and Federal Government, in Australia and Brazil, to protect their environments and reputations from internal and external cyber threats.
He holds a degree in System Analysis, a postgraduate degree in Cyber Security and the CISSP and CISM certifications.
He is currently working as a Senior Information Security Manager in Australia assisting private and public organisations to protect their environments and reputations from malicious code and actors.