From infiltrations on infrastructure and data breaches to spear phishing and brute force. Online threats are varied and they don’t discriminate organizations from individuals when looking for a target.
You’ve likely heard the term “cyber threat” thrown around in the media. But what exactly are these cyber threats?
A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber-attacks include threats like computer viruses, data breaches, and Denial of Service (DoS) attacks. However, to truly understand this concept, let’s go a bit further into the background of cybersecurity.
What are Cyber Threats?
In the 1950s, the word “cyber” referred to cybernetics – the science of understanding the control and movement of machines and animals. This was followed by “cyber” standing for “computerized.”
The 1990s brought around a new cyber-related term. The word “cyberspace” emerged to define an invented physical space that some people wanted to believe existed behind the electronic activities of computing devices.
Modern Cyber Threats
Today, the term is almost exclusively used to describe information security matters. Because it’s hard to visualize how digital signals traveling across a wire can represent an attack, we’ve taken to visualizing the digital phenomenon as a physical one.
A cyber attack is an attack that is mounted against us (meaning our digital devices) by means of cyberspace. Cyberspace, a virtual space that doesn’t exist, has become the metaphor to help us understand digital weaponry that intends to harm us.
What is real, however, is the intent of the attacker as well as the potential impact. While many cyberattacks are mere nuisances, some are quite serious, even potentially threatening human lives.
Why do we have to protect from cybersecurity threats?
Cyber threats are a big deal. Cyber attacks can cause electrical blackouts, failure of military equipment, and breaches of national security secrets. They can result in the theft of valuable, sensitive data like medical records. They can disrupt phone and computer networks or paralyze systems, making data unavailable. It’s not an exaggeration to say that cyber threats may affect the functioning of life as we know it.
The threats are growing more serious, too. Gartner explains, “Cybersecurity risks pervade every organization and aren’t always under IT’s direct control. Business leaders are forging ahead with their digital business initiatives, and those leaders are making technology-related risk choices every day. Increased cyber risk is real — but so are the data security solutions.”
The US government is taking cyber threats seriously but appears to be moving too slowly to mitigate them. The White House’s Office of Management and Budget revealed that of the 96 federal agencies it assessed, 74 percent were either “At-Risk” or “High Risk” for cyber attacks. They needed immediate security improvements.
The US government has experienced numerous crippling data breaches in the last few years. Examples include the massive breach of the Federal Office of Personnel Management and the theft of secret US Naval codes. Both attacks have been attributed to Chinese state intelligence agencies.
Types of Cybersecurity Threats
Cybersecurity threats come in three broad categories of intent. Attackers are after financial gain or disruption espionage (including corporate espionage – the theft of patents or state espionage).
Virtually every cyber threat falls into one of these three modes. In terms of attack techniques, malicious actors have an abundance of options.
Malware
Software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system.
Phishing
An email-borne attack that involves tricking the email recipient into disclosing confidential information or downloading malware by clicking on a hyperlink in the message.
Spear Phishing
A more sophisticated form of phishing where the attacker learns about the victim and impersonates someone he or she knows and trusts.
“Man in the Middle” (MitM) attack
Where an attacker establishes a position between the sender and recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and recipient believe they are communicating directly with one another. A MitM attack might be used in the military to confuse an enemy.
Trojans
Named after the Trojan Horse of ancient Greek history, the Trojan is a type of malware that enters a target system looking like one thing, e.g. a standard piece of software, but then lets out the malicious code once inside the host system.
Ransomware
An attack that involves encrypting data on the target system and demanding a ransom in exchange for letting the user have access to the data again. These attacks range from low-level nuisances to serious incidents like the locking down of the entire city of Atlanta’s municipal government data in 2018.
Denial of Service attack or Distributed Denial of Service Attack (DDoS)
Where an attacker takes over many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand.
Attacks on IoT Devices
IoT devices like industrial sensors are vulnerable to multiple types of cyber threats. These include hackers taking over the device to make it part of a DDoS attack and unauthorized access to data being collected by the device. Given their numbers, geographic distribution, and frequently out-of-date operating systems, IoT devices are a prime target for malicious actors.
Data Breaches
A data breach is a theft of data by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass an institution (e.g. Edward Snowden or the DNC hack), and espionage.
Malware on Mobile Apps
Mobile devices are vulnerable to malware attacks just like other computing hardware. Attackers may embed malware in app downloads, mobile websites, or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts, and more.
Emerging Cybersecurity Threats
Cyber threats are never static. There are millions being created every year. Most threats follow the standard structures described above. However, they are becoming more and more potent.
For example, there is a new generation of “zero-day” threats that are able to surprise defenses because they carry no detectable digital signatures.
Another worrisome trend is the continuing “improvement” of what experts call “Advanced Persistent Threats” (APTs). As Business Insider describes APTs, “It’s the best way to define the hackers who burrow into networks and maintain ‘persistence’ — a connection that can’t be stopped simply by software updates or rebooting a computer.”
The notorious Sony Pictures hack is an example of an APT, where a nation-state actor lurked inside the company’s network for months, evading detection while exfiltrating enormous amounts of data.
Sources of Cybersecurity Threats
Cyber threats come from a variety of places, people, and contexts. Malicious actors include:
- Individuals that create attack vectors using their own software tools
- Criminal organizations that are run like corporations, with large numbers of employees developing attack vectors and executing attacks
- Nation-states
- Terrorists
- Industrial spies
- Organized crime groups
- Unhappy insiders
- Hackers
- Business competitors
Nation-states are the sources of many of the most serious attacks. There are several different versions of nation-state cyber threats. Some are basic espionage— trying to learn another country’s national secrets. Others are aimed at disruption.
For example, Chris Painter of the U.S. Department of State commented in a Brookings Institution article that China and North Korea “have frequently exercised their cyber power to achieve their strategic goals around the globe.”
He noted, though, “Their motivations and objectives differ: While North Korea primarily aims to develop capabilities for revenue generation and destructive capabilities for potential conflicts outside North Korea, China mainly utilizes its cyber means for espionage and intellectual property theft. “Naming and shaming” has been an effective tool against China because of its government’s concerns on the potential blowback on its soft power.”
These are the so-called “cyber weapons” that might be used to shut off electricity in enemy territory during a war. In some countries, the boundaries between criminal organizations and national intelligence are blurred, with the criminals doing the actual work of cyber espionage.
Many cyber threats are bought and sold on the “dark web,” a disorganized but widespread criminal segment of the Internet. In this online bazaar, aspiring hackers can buy ransomware, malware, credentials for breached systems, and more. The dark web serves as a multiplier for threats, with one hacker being able to sell his or her creation over and over.
Cyber Defense Best Practices for Businesses
Enterprise best practices for defense from cyber threats include basic but extremely important countermeasures like patching systems. When a tech vendor discovers (or is informed of) a security flaw in their product, they typically write code that fixes or “patches” the problem.
For example, if Microsoft finds that a hacker can gain root access to Windows Server through a code exploit, the company will issue a patch and distribute it to all owners of Windows Server licenses. They, among many others, do this at least once a month. Many attacks would fail if IT departments applied all security patches on a timely basis.
Best Tools for Enterprise Cyber Defense
A host of new technologies and services are coming onto the market that make it easier to mount a robust defense against cyber threats.
Outsourced security services
There are many companies extremely skilled in security, with specific experience in enterprise security. You can read more about outsourcing your security and best practices in this Techtarget article.
Threat Detection Tools
Threat detection tools, also known as XDR (extended detection response), are an essential part of a company's cybersecurity tech stack. This is considered a level one or first response option to send up a flare whenever something suspicious is found within the company network.
Crowdsourced attack simulation/vulnerability testing tools
There are some excellent, well-vetted companies that offer crowdsourced security services. These teams are professional white hat hackers that can find your company’s vulnerabilities and report them to your security team. Two excellent companies that offer that are Bugcrowd and Hackerone.
Point solutions for device management
There are some excellent solutions for device management. Of course, at Prey, we believe ours is the best. It solves various pain points in device management across all organization sizes. With services ranging from device tracking software to remote wipe to disk encryption. Prey is the one-stop-shop security solution.
Cyber Defense for Individuals
For individuals, the best practices are simple. The good news is that in most cases, some pretty big security organizations stand between the consumer and the hacker, e.g. the SecOps team at Verizon or AT&T. There are still preventative measures you should take to help ensure your information’s safety:
- Password hygiene. Big security organizations cannot protect consumers against phishing or hackers who can guess passwords like “1234.” Common sense and password hygiene can go a long way to protect consumers from cyber threats.
- Anti-virus software. Subscribe to anti-virus software and keep your system up to date with automated, scheduled scans.
- Caution against phishing attacks. Be careful about opening file attachments. Phishing and spear-phishing emails are emails that look real but are not. if you pay attention. For instance, if you get an email that says “past due invoice” with a PDF attachment, don’t open it unless you are 100% sure you know who sent it. If you double-check, you’ll probably see it comes from an unusual email.
Takeaways
It can be a scary time for businesses and consumers who are worried about cyber threats. The threats certainly exist, and they’re getting increasingly potent and frequent. The attackers are varied, with many worrisome imbalances between attackers and their targets.
BUT DON’T BE AFRAID!
Even if a company is targeted by a powerful nation-state, it is still possible to protect critical digital assets. It takes planning and commitment of resources, but a good security operations team or a proactive individual can stay on top of most of the most serious cyber threats.
Hugh Taylor is a Certified Information Security Manager (CISM) who has written about cybersecurity, compliance, and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google, and Advanced Micro Devices. He has served in executive roles at Microsoft, IBM, and several venture-backed technology startups. Hugh is the author of multiple books about business, security, and technology