Cyber Security Threats
Cyber Security Threats Defined
Cyber security threats are any unauthorized access to systems or data that lead to unintended disclosure, changes or destruction of data, interruptions to service or other activities that bring harm to a computing environment. Cyber threats can come from internal or external sources and can include doing harm or having the potential to do harm.
Types of Cyber Security Threats
Cyber security types of threats continue to grow daily as hackers look for new ways to thwart threat protection programs. As a result of many common cyber security threats, security experts need to continually learn about new types of threats and how to avoid them.
One of the most common cyber security threats is the use of malware or malicious software. Malware is designed to gain entry to a computing environment and then create harm in several different ways, from data theft to data destruction (or leak) and by preventing the use of entire computing environments. Malware uses several different cyber security attack scenarios to gain access and do damage:
- Adware is a type of malware that gains access through advertising and pop-ups, often via websites called click-bait, because the pop-ups appear as part of an interesting article whose entire purpose is to display ads that cause a user to click on them, then installing the adware on their computer, where it can then start its attack.
- Trojans are units of code that are disguised within software that appears legitimate, like data file converters, utility programs, and other useful software that people search for on the Internet. In this case, once the program is downloaded, the trojan is free to spread and take down entire systems or destroy the system on which it is installed.
- Viruses are named as they behave like a human virus: replicating and spreading and doing significant damage along the way. Combining a trojan with a virus can take down an entire computing environment.
- Spyware is a type of malicious software that records keystrokes and is commonly used to steal passwords or credit card data.
- Ransomware is a particularly dangerous cyber threat. It takes over computer systems, or sometimes the entire computer operation of an organization and disables them until the company pays a stated sum to the cybercriminal running the attack.
- SQL Injection is a type of malicious software that gains access to databases to steal data.
Cyber security attack scenarios also involve social engineering. This is a practice where hackers use human behaviour to gain access to a data centre or computing system. One common cyber threat with social engineering is to gain access by pretending to be a maintenance worker or posing as a known vendor’s staff member on a legitimate business call.
Another common cyber security threat that falls under social engineering is tough to prevent because it is so easy to make an innocent mistake that causes damage. This is phishing, which uses emails with links that introduce malicious software when clicked.
Spearfishing is a variation of phishing that is aimed strategically. The creator identifies users with access to critical systems, like accounting departments or executives, to make the attack even more deadly.
Another communication based cyber threat is the man-in-the-middle attack which attacks communications between two individuals and then uses it to gain access to data. For example, on an unsecured network, a man-in-the-middle attack can steal credit card or personal information transmitted as part of an email confirmation.
Cyber security attack scenarios can also be more technical in nature:
Botnets are malicious software that takes control of the environment and executes repetitive transactions overloading a system and destroying performance. These are also common cyber threats to IoT devices with weak security systems.
Denial of service attacks are external attacks on networks and websites by overwhelming them traffic, typically used to take down service entirely. Machine-based or Artificial Intelligence attacks are generally a type of denial-of-service attack that used technology to learn from attempts to repel the attack, changing the attack vector slightly. They basically force the monitoring and intrusion detection software to keep adjusting to new patterns of attack.
Leave IT to us
Our industry-leading solutions and services will allow you to focus on what matters most – your business.
Cyber Threat Sources
The problem with cyber threats is that as the Internet and cloud computing continue to grow, they have made the world smaller. Global cyber security issues have led to the passage of the Global Data Protection Regulation or GDPR, which requires organizations to take cyber security attacks more seriously. It has worked as the impact of fines and payoffs for ransomware attacks rise.
There are three primary sources for cyber security threats:
- Cyber terrorism generally includes attacks aimed at governments using electronic means to bring down the government or disrupt the country. These can be performed by internal actors who disagree with current polities and commonly by other countries. Cyber security attacks on public transportation systems, technology at water processing plants, reservoirs, or public power plants are all considered cyber terrorism. Governments are now beginning to use cyber terrorism to interfere with elections and replace spying. Why use a spy to get information from another government when you can just steal the source data?
- Cyber-attack is a more general attack term, often an attempt to breach systems for the theft of data. Most often, the data stolen is personal information like credit card and PII data that can be used for identity theft but can also include intellectual property that could be sold to competitors.
- Cybercrime is the term used for cyber security attacks committed by individual hackers for financial gain, from breaching systems to steal and sell data or ransomware attacks.
These sources for attacks, combined with cyber security threat types, make up the cyber security threat landscape. This landscape can be documented by an organization, combining knowledge of their system architecture, use of cloud technologies and known threat types to build a strategy for addressing cyber security attacks.
IAM – Control Types
As global cyber security threats continue to grow, they get more sophisticated. In 2020, cybercriminals began using highly coordinated, multi-step attack methods to gain entry to systems and steal data. They even used fake vaccine sign-up sites to steal personal information. As cyber threats and attacks become more coordinated, it’s essential to have a cyber defense strategy based on industry best practices.
Create a Cyber Defense Strategy
The creation of a cyber defense strategy is the first step to take when seeking to implement cyber security best practices, as the strategy enables the organization to align common security best practices to their needs. Strategy creation begins with stakeholders, and a successful strategy at this level needs active participation from the C-suite. Without executive buy-in, the funding and staffing needed for success will not be available. With a vision and stakeholders, the broad strokes of the strategy can then be created.
Understand Your Cyber Security Threat Landscape
As the organization looks to implement threat protection, it’s essential to understand the cyber security threats they face and which ones are most likely in their organization. This starts by laying out the potential threats and their sources and then identifying methods and tools needed to thwart them.
NIST1 maintains and publishes a cyber threat database. This can be used in conjunction with the cyber security threat landscape to build a cyber security threat practice for defending the organization. This enables the security team to:
- Understand threat sources
- Understanding threat types
- Knowing specific threats to mitigate, including the newest
When technology is taken out of this, understanding the landscape enable the organization to know which threats are more likely. For example, a business that uses IoT devices in logistics needs to protect these devices, while organizations with large-scale email usage may be more interested in tools that enable phishing emails to be removed from users’ mailboxes.
Build a Cyber Security Threat Program
Once these two steps are done, it’s possible to get more tactical with the work being performed:
Build a Cyber Security Threat Program
ensure that there are training programs aimed at the end-users, training them in social engineering and how it is used and activities they should avoid.
Train the IT staff
enable interested IT staff to build their cyber security skill sets as it may be easier to train existing staff than to find experts in the field.
Implement Strong Passwords and Security Programs and Identity Access Management (IAM) Software to Secure Services both Internally and Externally
With IAM, the human capital management (HR) systems pass employee and role information to the IAM to control who has access and their access level. More importantly, they enable the resolution of password issues by the end-user that include positively identifying themselves and multi-factor authentication, both of which are critical to securing systems at the user access level.
Secure Vulnerable Passwords
Many attacks use out of box admin passwords to gain entry to infrastructure, applications and databases. Make certain all admin passwords have been changed or replaced with service accounts and ensure service account passwords have appropriate controls around them and are changed frequently.
Secure Networks, Applications and Infrastructure with Automation
Implement vulnerability management software suites. These perform several functions, enabling staff to focus on mitigation. They scan all infrastructure, applications, databases etc., then compare the results against the NIST listing of known threats. They then open remediation tasks to appropriate personnel. When integrated into a service management suite, these products also leverage the CMDB to open prioritized remediation tasks, helping staff address the most critical issues first.
Install Endpoint Monitoring
Network endpoints and user devices all need to be continually monitored against attack or infection with operational runbooks available to staff that enable them to address attacks rapidly when they occur, containing and eradicating them quickly and effectively.
While following known cyber security threat management best practices will undoubtedly help the organization, they do not replace good overall governance. Several areas to consider include:
- Incident management and security incident management that enable rapid response
- Change management, ensuring new vulnerabilities aren’t introduced during deployment
- Configuration and access management that enable effective use of security vulnerability software
- Monitoring and event management for early detection of intrusion attempts
- Security Information Management to set the context for cyber security programs
These areas and others help shore up the general IT processes and ensure that daily practices are performed while constantly keeping cyber security threats present in people’s thoughts.
CG Technologies can work with you to assess your IT networks for vulnerabilities and offers a range of network security and ransomware protection services. Contact us to learn more.
NIST: National Institute of Standards and Technology maintains both a framework for security management and a database of all known threats.
Leave IT to us
With over 25 years of experience delivering exceptional services to 100’s of companies in the greater Toronto Area (GTA), CG Technologies are confident we can deliver the same benefits to your organization – keeping you secure, delivering reliable and trusted IT solutions and expertise. Our industry leading strategic IT consulting and IT solutions will allow you to focus on what matters most – your business.