Cyber Threats Types
and Cyber Defence
Best Practices
Following from my previous article on: (Phishing: Definition, Types of Attacks, and Examples), it is perplexedly to know that there are businesses, companies, and corporations who are not taking seriously cyber threats i.e. online threats that are varied, and they do not discriminate organisations from individuals when looking for a target.
Cyber threats are a big deal. Cyberattacks can cause electrical blackouts, failure of military equipment, and breaches of national security secrets. They can result in the theft of valuable, sensitive data like medical records. They can disrupt phone and computer networks or paralyse systems, making data unavailable. In today’s age of technology and society’s reliance on it, it is not an exaggeration to say that cyber threats may affect the functioning of life as we know it.
There are at least 10 types of Cybersecurity Threats:
1. Malware
Software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system.
2. Phishing
An email-borne attack involves tricking the email recipient into disclosing confidential information or downloading malware by clicking on a hyperlink in the message.
3. Spear Phishing
This is a more sophisticated form of phishing, where the attacker learns about the victim and impersonates someone he or she knows and trusts.
4. “Man in the Middle” (MitM) attack
Where an attacker establishes a position between the sender and recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and recipient believe they are communicating directly with one another. A MitM attack might be used in the military to confuse an enemy.
5. Trojan
Named after the Trojan Horse of ancient Greek history, the Trojan is a type of malware that enters a target system looking like one thing, e.g. a standard piece of software, but then lets out the malicious code once inside the host system.
6. Ransomware
An attack that involves encrypting data on the target system and demanding a ransom in exchange for letting the user have access to the data again. These attacks range from low-level nuisances to serious incidents like the locking down of the entire city of Atlanta’s municipal government data in 2018.
7. Denial of Service attack or Distributed Denial of Service Attack (DDoS)
Where an attacker takes over many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand.
8. Attack on IoT Devices
IoT devices like industrial sensors are vulnerable to multiple types of cyber threats. These include hackers taking over the device to make it part of a DDoS attack and unauthorised access to data being collected by the device. Given their numbers, geographic distribution, and frequently out-of-date operating systems, IoT devices are a prime target for malicious actors.
9. Data Breaches
A data breach is a theft of data by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass an institution (e.g. Edward Snowden or the DNC hack), and espionage.
10. Malware on Mobile Apps
Mobile devices are vulnerable to malware attacks, just like other computing hardware. Attackers may embed malware in app downloads, mobile websites, or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts, and more.
Cyber threats are never static. There are millions being created every year. Most threats follow the standard structures described above. However, they are becoming more and more potent. For example, there is a new generation of zero-day threats that are able to surprise defences because they carry no detectable digital signatures.
Another worrisome trend is the continuing improvement of what experts call Advanced Persistent Threats (APTs). As Business Insider describes APTs, “It’s the best way to define the hackers who burrow into networks and maintain persistence, a connection that can’t be stopped simply by software updates or rebooting a computer.”
The notorious Sony Pictures hack is an example of an APT, where a nation-state actor lurked inside the company’s network for months, evading detection while exfiltrating enormous amounts of data.
Cyber Defence Best Practices for Businesses
Enterprise best practices for defence from cyber threats include basic but extremely important countermeasures like patching systems. When a tech vendor discovers (or is informed of) a security flaw in their product, they typically write code that fixes or patches the problem. Many attacks would fail if IT departments applied all security patches on a timely basis.
Cyber Defence Tools for Enterprise:
- Outsourced security services
- Threat Detection Tools
- Crowdsourced attack simulation/vulnerability testing tools
- Point solutions for device management
Cyber Defence for Individuals
For individuals, the best practices are simple:
- Password hygiene – Big security organisations cannot protect consumers against phishing or hackers who can guess passwords like “1234.” Common sense and password hygiene can go a long way to protect consumers from cyber threats.
- Anti-virus software – Subscribe to anti-virus software and keep your system up to date with automated, scheduled scans.
- Caution against phishing attacks – Be careful about opening file attachments. Phishing and spear-phishing emails are emails that look real but are not. If you pay attention. For instance, if you get an email that says “past due invoice” with a PDF attachment, don’t open it unless you are 100% sure you know who sent it. If you double-check, you’ll probably see it comes from an unusual email.
In conclusion, this is directed blatantly at businesses, companies, and corporations… do not be complacent that you will not be attacked or hacked. Rest assured your individual employees (no exceptions, even senior/top management are gullibly foolish to be duped) will be the culprits being fooled into clicking malicious links and/or your organisation’s network security protection is weak or non-existent because it is treated with the lowest priority.
Do not be like the homeowner who demolished his old house, built a 1 million dollar new mansion but scrooged on further spending additional 20K dollars on a sophisticated home protection monitoring system and instead forked out on a 100 dollar battery-operated home alarm unit. Yes, you guessed right, his newly built mansion was burgled a few months after the family moved into their new home. Another guess what, the owner then splurged 30K dollars on a proper home alarm system, not after he lost and incurred nearly 300K dollars of home ransacked damages and loss of home contents (valuables etc). Business owners, the aftermath of a cyberattack on your organisations will cost you million$.
Catch When Expert Meets Expert by Eugene Chung articles every bi-weekly Tuesday. Don’t forget to subscribe to stay connected. You are also encouraged to ask questions and seek advice from him.
Share this post
Related Posts
Cybersecurity: Achieving the ‘Hole-in-One’ of Digital Defence
- 07 Nov 2023
- By:Bernadetta Septarini
- Category: When Experts Meet Experts (WEME)
Discover the connection between cybersecurity and sports with Tony Smith, Regional VP at WithSecure. Let’s achieve the ‘Hole-in-One’ of Digital Defense.
Beware of Scare Software aka Scareware
- 21 Nov 2022
- By:Eugene Chung
- Category: When Experts Meet Experts (WEME)
What is Scare Software or Scareware? Learn more about this Social Engineering technique that aimed to scare the victim with ArmourZero mentor Eugene Chung.
Job Hunting Tips for IT Graduates
- 14 Nov 2022
- By:Ts. Saiful Bakhtiar Osman
- Category: When Experts Meet Experts (WEME)
The job market is tough and competitive. Learn some tips on how to do job hunting for IT graduates from ArmourZero’s mentor and expert Ts. Saiful Bakhtiar.
Tips to Successfully Sell a Credible Cybersecurity Solution
- 07 Nov 2022
- By:Eugene Chung
- Category: When Experts Meet Experts (WEME)
How do Cybersecurity sales convince prospects to trust their services and/or products? Learn more about it from ArmourZero’s mentor and expert Eugene Chung.