The Cyber Threat Landscape

Understanding Threats to your Business

The Mirai Botnet attack of 2016 shook the business world and in 2017 we saw an influx of attacks aimed both at the private and public sectors. These ranged from large-scale government-focused attacks to smaller-scale takedowns, like the National Lottery website in September. With all these attacks it is no surprise then that digital security has seen a rise in prominence among business plans for 2018, with a Gartner report from October 2017 showing that 71% of respondents had already started to invest in digital security in preparation for 2018.
Getting the right technology, services, and security professionals is only a part of tackling the cybersecurity problem. It is also important that companies get a clear understanding of the cyber threat landscape. This means knowing where these types of attacks can come from and in turn, who is leading the attack (whether it be an individual or group). Often, knowing the answer to these types of questions leads to an understanding of the motive and makes countering the attacks easier. So, in this blog, we wanted to highlight the areas of the cyber threat landscape that enterprises should be aware of.

Nation State: This kind of hacking is often government versus government. It is often functionally indistinguishable from cyber terrorism but the defining trait is that the attack is officially sanctioned by a country’s government. These attacks can involve not only hacking but the use of more traditional spying as well.

Insider Threat: the final part of the cyber threat landscape is where many businesses least expect it: from inside the business itself. A recent report from A10 Networks revealed that employee negligence is a major cause of cyber attacks. Employees unknowingly allowing hackers into the business through unauthorised apps. And, on the very rare occasion, a disgruntled employee could try and bring the business down in revenge, so it is always important to investigate who could have access because there is every chance that the threat could come from the inside.

Individual Attackers: When you think of the stereotypical hacker most thoughts turn to a hooded youth sitting alone in their room. This is the individual attacker and their motives are often more one of curiosity and learning. They want to see if they can hack a system rather than attempt anything malicious. This is the most neutral cyber threat.

Industrial Espionage: Sometimes an unrelated group and other times a rival business, cyber threats that deal with industrial espionage have the motive of creating problems for your business. The most common reason for industrial espionage is to discover the secrets of a rival business, often through spying. However, it could also involve destroying valuable data or, with some IoT devices, physically breaking the technology. Anything that can push a business over a competitor.

Cybercriminals: Much like the individual attackers, cybercriminals are a an all-encompassing cyber threat. Almost all hackers are criminals in some way and the motives can vary from demanding money, to setting up crypto-mining, to damaging company property. Whatever they do it won’t be a good thing.

Phishing and Ransomware: These are some of the most common types of attacks you’ll find cyber criminals performing. These attacks are motivated purely by financials and exist to either scam a business out of money or hold valuable company data at ransom. Sometimes this can be a distraction to hide something more nefarious. Therefore organisations need to make sure they are prepared for any escalation.

Ethical Hackers: An ethical hacker is the opposite of a cybercriminal, as the term ‘ethical’ implies. These types of threats are often undertaken for the sake of a company, and often have been paid for by the business to see if it can hack into its own servers. These hackers test the security resilience of a business and locate areas that are vulnerable, before an ‘unethical’ hacker comes along.

Hacktivists: A hacktivist is a sub-set of cybercriminals whose motives are more ideological. As the name references, a hacktivist is essentially a cyber activist. They are using hacking purely to push an agenda, whether political, religious, or otherwise, rather than a financial motive. A hacktivist attack can be something as simple as changing the text on a company website to a more nefarious act that interferes with the day to day running of the business.

Cyber Terrorism: While hacktivists don’t always cause damage, a cyber-terrorist will. Just like real terrorism, cyber terrorism exists to bring terror to your business, country and customers. Examples include the attacks on the NHS last year which aimed to bring systems down in hospitals and cause chaos and fear.

By understanding these possibilities in the cyber threat landscape it can help you built your cyber defense by identifying a motive and being able to trace what kind of opponent your business is facing, as well as if this is an attack aimed primarily at yourself or a national-level threat where the solution would be to work with other companies to stop the attack as a team.

Written by Bradley Walsh, Security Consultant