Common types of security threats
What keeps a CEO up at night? It could be any number of things, but in recent years, the debilitating impact of cybersecurity threats are growing in concern. The fact is, no business – regardless of size, location or industry – is invincible. And with cyberattacks becoming increasingly extensive and sophisticated, the problem is becoming complicated.
While the motivations behind cyberattacks vary greatly, the impact can be paralyzing for business, its customers and community. In fact, we’ve recently seen attacks on critical public infrastructure such as hospitals and airports.
A few common types of cybersecurity threats remain pervasive:
Phishing email attacks are untargeted, mass emails sent to many recipients that are meant to acquire sensitive information (e.g. password, username or bank details). With this information, a hacker can perform a data breach. It’s difficult to spot a phishing email because it’s disguised as a trustworthy entity that prompts a recipient to visit a malicious website. Spear-phishing is a more targeted form of cyber An email is designed to look like it’s been sent from a person the recipient knows or trusts. Senior management or privileged account owners are often the target of spear-phishing attacks.
Insider security threats
An emerging method common in many recent data breaches, internal security threats, are orchestrated by your own employees. Insider threats can be unintentional (an employee who falls victim to a phishing attack) or malicious (a disgruntled employee deliberately extracting data). Regardless, a data breach from the inside is especially difficult to detect.
Denial of service (DoS)
These cyberattacks occur when a hacker floods a website with more traffic than it can handle. As a result, legitimate users are denied access to the services, resulting in costly downtime of employees or users. Distributed denial of service (DDoS) attacks utilize a botnet – a group of compromised computers or IoT devices. Botnets can look like legitimate traffic, making it difficult to distinguish normal from malicious traffic.
Among the most common security threats, malware refers to multiple forms of harmful software executed when a user mistakenly downloads it. Some of the most recent cybersecurity breaches involved malware, including the ransomware attacks WannaCry and Petya/NotPetya. Traditional malware such as viruses, Trojans and backdoors also remain persistent.
Privileged accounts can be compromised when credentials are misused or reused. A hacker can use what appears to be a legitimate web application to retrieve the credentials from an unknowing employee. Subsequently, the hacker gains access to sensitive information and can either breach or lock data (ransomware) for financial benefit. Especially damaging, it’s tempting for employees to use the same password across systems. Reusing credentials on multiple systems makes it easy for the hacker to move around in your infrastructure.