In early July IBM Security and the Ponemon Institute released a new report titled “Cost of a Data Breach Study” In this study it was reported that that the global average cost of a data breach and the average cost for lost or stolen information both increased. The former is up 6.4 percent to £2.94 million while the latter increased by 4.8 percent year over year to $112.57. This shows that cyber attack on enterprises continue to rise. In particular over the last two years there has been a continual stream of concerning data security breaches.
One of the ways that organisations can defend against attacks is to ensure staff understand and are educated about the cyber threat landscape.
Understanding Threats to your Business
Getting the right technology, services, and security professionals is only a part of tackling the cyber security problem. It is also important that companies get a clear understanding of the cyber threat landscape. This means knowing where these types of attacks can come from and in turn, who is leading the attack (whether it be an individual or group). Often, knowing the answer to these types of questions leads to an understanding of the motive and makes countering the attacks easier. So, in this article, I wanted to highlight the areas of the cyber threat landscape that enterprises should be aware of.
Nation State: This kind of hacking is often government versus government. It is often functionally indistinguishable from cyber terrorism, but the defining trait is that the attack is officially sanctioned by a country’s government. These attacks can involve not only hacking but the use of more traditional spying as well.
Insider Threat: This is one area where many businesses least expect a threat to come from: inside the business itself. A report from A10 Networks revealed that employee negligence is a major cause of cyber attacks. Employees unknowingly allowing hackers into the business through unauthorised apps. And, on the very rare occasion, a disgruntled employee could try and bring the business down in revenge, so it is always important to investigate who could have access because there is every chance that the threat could come from the inside.
Individual Attackers: When you think of the stereotypical hacker most thoughts turn to a hooded youth sitting alone in their room. This is the individual attacker and their motives are often more one of curiosity and learning. They want to see if they can hack a system rather than attempt anything malicious. This is the most neutral cyber threat.
Industrial Espionage: Sometimes an unrelated group and other times a rival business, cyber threats that deal with industrial espionage have the motive of creating problems for your business. The most common reason for industrial espionage is to discover the secrets of a rival business, often through spying. However, it could also involve destroying valuable data or, with some IoT devices, physically breaking the technology. Anything that can push a business over a competitor.
Cybercriminals: Much like the individual attackers, cybercriminals are an all-encompassing cyber threat. Almost all hackers are criminals in some way and the motives can vary from demanding money, to setting up crypto-mining, to damaging company property. Whatever they do it won’t be a good thing.
Phishing and Ransomware: These are some of the most common types of attacks you’ll find cyber criminals performing. These attacks are motivated purely by financials and exist to either scam a business out of money or hold valuable company data at ransom. Sometimes this can be a distraction to hide something more nefarious. Therefore, organisations need to make sure they are prepared for any escalation.
Ethical Hackers: An ethical hacker is the opposite of a cybercriminal, as the term ‘ethical’ implies. These types of threats are often undertaken for the sake of a company, and often have been paid for by the business to see if it can hack into its own servers. These hackers test the security resilience of a business and locate areas that are vulnerable, before an ‘unethical’ hacker comes along.
Hacktivists: A hacktivist is a sub-set of cybercriminals whose motives are more ideological. As the name references, a hacktivist is essentially a cyber activist. They are using hacking purely to push an agenda, whether political, religious, or otherwise, rather than a financial motive. A hacktivist attack can be something as simple as changing the text on a company website to a more nefarious act that interferes with the day to day running of the business.
Cyber Terrorism: While hacktivists don’t always cause damage, a cyber-terrorist will. Just like real terrorism, cyber terrorism exists to bring terror to your business, country and customers. Examples include the attacks on the NHS last year which aimed to bring systems down in hospitals and cause chaos and fear.
By understanding all the different types of attacks in the cyber threat landscape it can help you build your cyber defence by identifying a motive and being able to trace what kind of opponent your business is facing, as well as if this is an attack aimed primarily at an individual, an organisation or a national-level threat where the solution would be to work with other companies to stop the attack as a team.
RiverSafe is a cyber security and analytics company offering a range of services and capabilities that help customers understand and respond to security threats across their digital enterprise. To learn more please check the RiverSafe website.