What is a cyber threat?

What is a cyber threat?

A cyber threat is anything that poses a risk to your electronic communication networks. Commonly, cyber threats are narrowed down to malicious acts that seek to damage or steal data or restrict the ability of a business to perform its operations.

These threats can originate from several sources, ranging from nation-states, hacktivists, or opportunists, and can take many forms such as malware, vulnerability exploitation, or phishing attacks.

Cyber threats can be mitigated by implementing an effective cyber security strategy.

Where do cyber threats originate?

Cyber threats can originate from several sources, including but not limited to:

Hostile nation states

As the world continues to rely more heavily on technology, international conflicts are now no longer always fought physically, but also digitally. Government backed programs target the systems or key infrastructure of a foreign nation such as classified Government systems, electricity grids and gas systems.  They have also been known to target commercial organisations that may supply key services to the population of the target nation, so that maximum disruption is caused to areas such as public health, transport, or general way of life activities.  

Hostile nations are often seen as the greatest threat due to their ability to effectively resource and successfully target what are often considered the most protected systems and through the exploitation of these, they can develop the capability to cause widespread damage and disruption to civilian way of life, with low risk of detection, low chance of prosecution and no risk to their own personnel.

Terrorist groups

Aimed at disrupting the life of civilians, terrorist groups can use cyber threats to achieve their objective. Whilst terrorist groups are less likely to use cyber threats than nation states, as a more technically savvy generation joins the ranks it is likely that this means of attack will become more frequent.

Corporate spies and criminal organisations

Aiming at making a profit, or gaining an edge on the competition, these groups are likely to target organisations to steal trade secrets or to profit from the attack. Blackmail or ransom tactics are often deployed in these situations.

Hacktivists

Hacktivists are groups with political ideals. They often are only concerned with spreading propaganda and political messages rather than causing maximum damage.

Insiders

Whilst we immediately think of a disgruntled employee who may wish to leak information or cause damage to the organisation. It is quite often well-meaning employees that can cause risk to the organisation by being poorly educated about the cyber threats they may face during their day-to-day tasks. Well-meaning employees mistakenly clicking on a phishing email or being duped by a bogus invoice poses a greater risk to the organisation than a single disgruntled employee.  That being the case, during times of economic uncertainty or downturns, insider risk has been known to increase as employees potentially face difficult personal financial choices and take risks and actions against an employer that they wouldn’t normally consider, whether of their own volition or under pressure from outsiders who know that they could be leveraged and exploited.  

Hackers

Malicious intruders often take advantage of zero-day attacks, known vulnerabilities or common network misconfiguration to gain entry into a network or system. Hackers gain entry for a challenge, bragging rights and sometimes for monetary gain. With advancement of hacking technology, these attacks often require a low level of skill and can be carried out in large volumes.

Accidents

Incorrectly configuring systems can cause a significant cyber threat to your organisation. Accidental data leaks through poor configuration are common and should not be overlooked.

Examples of cyber threats

Malware

Malware is (malicious) software that has been specifically designed to execute a malicious task on a network.

Spyware

Spyware is a hidden malware, that sits on a device and shares real-time information such as keystrokes or user behaviour and traffic, enabling the attacker to record usernames, passwords and confidential information that can be exploited to gain a deeper hold within the organisation.

Phishing attacks

Phishing attempts are when an attacker attempts to encourage a user to take specific actions like click on a link, pay a spoof invoice, or share sensitive data, such as validating user account and password credentials. Often executed through email and impersonation.

Distributed Denial of Service (DDoS) attacks

Distributed Denial of Service attacks are when multiple connected online devices, collectively known as a botnet, are co-ordinated and used to overwhelm a target website or system with ‘fake’ requests so that genuine requests are prevented from being fulfilled.

Ransomware

Ransomware is a type of malware that locks users out of a system until a ransom is paid. It has quickly become one of the most common cyber threats due to its lucrative rewards and ease of deployment.

Zero-day exploits

A zero-day exploit is an exploitation of a vulnerability within software or hardware, before the target is aware of the vulnerability.

Advanced persistent threats

Advanced persistent attacks are when unauthorised access is gained to a system and remains there undetected for an extended period of time.

Supply chain attacks

Supply chain attacks are when the attacker compromises a third-party vendor in the supply chain to gain access to the upstream target organisation.

Trojans

A trojan creates an opening in your system to allow attackers to gain control.

Poor network configuration

Improper configuration of a network can leave holes for attackers to gain entry, or where further compounded by poor segregation allow an attacker to move laterally across an organisation once the first entry point has been made.

Known vulnerabilities

If software/hardware providers are aware of a vulnerability within its product/service, then the attackers almost definitely know about that same vulnerability. Patching known vulnerabilities is something a lot of organisations neglect to do leaving an easy way into the network.

Further reading:

What is cyber insurance and do you really need it?

Five signs that your organisation has been hacked

Tackling the cyber threat in Healthcare

Cyber Security for Healthcare

Cyber attack disrupts New Zealand’s stock exchange