There are many ways that attackers can uncover vulnerabilities and exploit systems. Cyber threats can be classified into different categories. This allows organizations to assess the likelihood of a threat occurring and understand the monetary impact of a threat so that they can prioritize their security efforts.
No Awareness of Security
Users must be aware of and understand an organization’s sensitive data, security policies and procedures, technologies, and countermeasures that are implemented in order to protect information and information systems.
Poorly Enforced Security Policies
All users must be aware of and understand an organization’s security policies, as well as the consequences of non-compliance.
Data Theft
Data stolen by users can pose a significant financial threat to organizations, both in terms of the resulting damage to their reputation and the legal liability associated with the disclosure of sensitive information.
Unauthorized Downloads and Media
Many network and device infections and attacks can be traced back to users who have downloaded unauthorized emails, photos, music, games, apps, or videos to their computers, networks, or storage devices. The use of unauthorized media such as external hard disks and USB drives also poses a threat.
Unauthorized VPNs
VPNs can hide the theft of unauthorized information because the encryption normally used to protect confidentiality can stop a network administrator from tracking data transmission (unless they have permission to do so).
Unauthorized Websites
Accessing unauthorized websites can pose a risk to a user’s data and devices, as well as the organization itself. Often, these websites prompt users to download scripts or plugins that contain malicious code or adware. Some of these sites can even take over user devices like cameras and applications.
Destruction of Systems, Applications or Data
The accidental or deliberate destruction or sabotage of systems, applications, and data poses a serious risk to all organizations. Activists, disgruntled employees, or industry competitors may attempt to delete data and destroy or misconfigure devices to make organizational data and information systems unavailable.
Always keep in mind that there are no technical solutions, controls, or countermeasures that will make information systems any more secure than the behaviors and processes of the people who use these systems.
Threats to Devices
Laptops, PC, Mac
- Any devices left powered on and unattended pose the risk of someone gaining unauthorized access to network resources.
- Downloading files, photos, music, or videos from unreliable sources could lead to the execution of malicious code on devices.
- Cybercriminals often exploit security vulnerabilities within software installed on an organization’s devices to launch an attack.
- An organization’s information security teams must try to keep up to date with the daily discovery of new viruses, worms, and other malware that pose a threat to their devices.
USB, Memory Stick
- Users who insert unauthorized USB drives, CDs, or DVDs run the risk of introducing malware, or compromising data stored on their device.
- Policies are in place to protect an organization’s IT infrastructure. A user can face serious consequences for purposefully violating such policies.
- Using outdated hardware or software makes an organization’s systems and data more vulnerable to attack.
Threats to LAN
The local area network (LAN) is a collection of devices, typically in the same geographic area, connected by cables (wired) or airwaves (wireless).
Because users can access an organization’s systems, applications, and data from the LAN domain, it is critical that it has strong security and stringent access controls.
Threats to Cloud
The private cloud domain includes any private servers, resources, and IT infrastructure available to members of a single organization via the internet. While many organizations feel that their data is safer in a private cloud, this domain still poses significant security threats, including:
- Unauthorized network probing and port scanning
- Unauthorized access to resources
- Router, firewall or network device operating system or software vulnerabilities
- Router, firewall or network device configuration errors
- Remote users accessing an organization’s infrastructure and downloading sensitive data
Threat Intelligence and Research Sources
The United States Computer Emergency Readiness Team (US-CERT) and the U.S. Department of Homeland Security sponsor a database of common vulnerabilities and exposures (CVE). These CVEs have been widely adopted as a way to describe and reference known vulnerabilities.
Each CVE entry contains a standard identifier number, a brief description of the security vulnerability, and any important references to related vulnerability reports. The CVE list is maintained by a not-for-profit, the MITRE Corporation, on its public website.
This refers to encrypted web content that is not indexed by conventional search engines and requires specific software, authorization, or configurations to access. Expert researchers monitor the dark web for new threat intelligence.
IOCs such as malware signatures or malicious domain names provide evidence of security breaches and details about them.
Automated Indicator Sharing (AIS), a Cybersecurity and Infrastructure Security Agency (CISA) capability, enables the real-time exchange of cybersecurity threat indicators using a standardized and structured language. Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Intelligence Information (TAXII) are standards used in AIS.
Follow Knocktotalk Blog & Social Media to stay up to date with Technology.
Written By – Ahmed Azeem (CEO and Founder: Res Opera DigiSolutions)
