What Are Cyber Threats?

There’s an old saying: You can’t stop progress. And as we move ever further into the information age, this tired old truism becomes even more relevant. New technological advances pave the way for other advances, creating an exponential increase in our capacity to create, share, and contain digital information. Unfortunately, progress isn’t limited to the law abiding; cybercriminals, terrorists, hackers, and other threat actors are evolving just as quickly, creating a landscape of cyber threats.

But what exactly are cyber threats? Where do they come from? And what techniques are they using to gain access to sensitive data?

Cyber Threats: Definition

At their most basic, cyber threats (also called cybersecurity threats) are any malicious attempt to gain unauthorized access into a digital system to steal, damage, alter, or disrupt proprietary digital information. Cyber threats go hand in hand with cyber attacks; the two terms are often used synonymously to describe the various methods and threat actors that target valuable data. That said, there is a key difference: Cyber threats encompass any possibility of attack, rather than only referring to the attack itself.

Where Do Cyber Threats Come From?

Just as there are many kinds of cyber threats, there are also many different threat actors responsible for cyber attacks and data breaches. These include (but are not necessarily limited to) the following:

• Authorized Users
  Not all cyber threats originate outside of the targeted organization. In fact, a significant percentage of data breaches are the result of internal actors. This may include disgruntled employees purposefully using their credentials to expose sensitive data, or data breaches may simply be the result of human error. Either way, internal threats are often more difficult to defend against — the inside threat actors may have full authorization to access sensitive data, effectively bypassing security measures.
• Hackers and Hacktivists
  A “hacker” is simply a person with an interest in or talent for manipulating systems. There are ethical hackers who test if a system is secure, hobbyists that like the challenge, and criminal hackers who have malicious intent. A hacktivist is a person or group of people that have a specific agenda they wish to promote, and will mount cyber attacks with the goal of drawing attention to their cause.
• Criminal Organizations
  Whether to steal corporate secrets, access valuable customer and company data, or cause damage to reputations and infrastructure, criminal organizations are generally most interested in making profit. These threat actors pose a major threat due to their resources.
• Terrorists and Hostile Nation States
  Similar to hacktivists, cyber terrorists are interested in pushing an agenda. Their methods, however, are often very different. They may attack anything from business to critical national services, all with the goal of creating disruption and destruction. Hostile nation states may have similar goals to cyber terrorists, but their scope and capabilities are much greater. Their ability to deploy coordinated, technologically advanced attacks against even the most secure targets makes them a threat on a global scale.

Common Cybersecurity Threats and Attacks

To achieve their goals, cyber threat actors use a variety of techniques. These may include the following:

• Malware
  Malware is software designed to maliciously attack a system. Malware is something of a catch-all term, and may take the form of viruses, worms, trojans, or any other kind of malicious software.
• Viruses
  Computer viruses are malware that is attached to a program or file. It requires human interaction to infect a computer, often through downloads, links, and email attachments.
• Phishing
  Phishing scams use email, telephone, text and other messages to contact their targets. Threat actors pose as legitimate institutions, with the goal of convincing their targets to share sensitive data or credentials. Phishing scams usually throw a wide net, going after a large number of low-yield targets.
• Spear Phishing
  Similar to phishing, but much more targeted, spear phishing scams focus on a single individual or organization. These attacks are generally more complicated and make use of detailed research into their designated targets.
• Spyware
  Spyware is a form of malware that is designed to infiltrate a computer network and remain undetected while it observes and reports on digital activity. Spyware is especially effective at capturing internet usage data, passwords, and bank details.
• Wiper Attacks
  Another form of malware, wiper attacks use special software to damage or wipe the target’s hard drive. Wiper attacks are usually motivated by a desire to cause damage. That said, they may be used in conjunction with other cyber attacks to erase evidence of data theft.
• Ransomware
  Ransomware attacks infiltrate computer networks and encrypt sensitive or essential data. The threat actor then demands payment (or ransom) to restore access.
• Zero-Day Exploits
  Zero-day exploits take advantage of security flaws in software and computer systems before they can be patched. Because many providers rely on user feedback to identify potential weaknesses, early versions of software may unintentionally include exploitable security issues that threat actors can take advantage of.
• Man-in-the-Middle (MitM) Attacks
  The internet, and every machine or device connected to it, relies on the ability to send and receive information nearly instantaneously across long distances. Man-in-the-middle attacks attempt to eavesdrop on sensitive information while it is in transit. The information can then be copied, changed, rerouted, or otherwise compromised.
• Distributed Denial-of-Service (DDoS) Attacks
  Distributed denial-of-service attacks are designed to make online services unavailable by overwhelming them with traffic. Crude but powerful, DDoS attacks have been used to cripple the online capabilities of targeted organizations for lengths of time stretching from minutes to weeks.

Reducing Threat Risk in Your Network

From stealing sensitive information to damaging vital network infrastructure and beyond, it’s easy to see the potential danger inherent in cyber threats. As such, protecting your network should be a top priority. Organizations should consider adopting a cybersecurity framework such as that from the National Institute of Standards and Technology (NIST). The framework is easy to follow and can help businesses shore up possible weaknesses in the face of emerging cyber threats. Other suggestions include familiarizing yourself with adversary tactics and techniques documented in the MITRE ATT&CK framework, and moving towards a Zero Trust security architecture to reduce the risk threats pose in your network.

However, as cyber threats continue to evolve, it is becoming increasingly apparent that the most effective defense may not actually be a defense, but rather an improved response. Immediately identifying threats that breach network defenses allows organizations to move quickly to minimize possible damage. Network control, visibility, and fast response are the key. Learn how Gigamon ThreatINSIGHT^™ Guided-SaaS network detection and response (NDR) removes burdensome distractions that otherwise prohibit teams from focusing on identifying adversary activity across the MITRE ATT&CK framework.

Cybersecurity threats are constantly evolving, but by understanding what’s at stake, who the threat actors are, what forms cyber attacks may take, and how you can position your organization to minimize potential damage, you can be ready for whatever comes your way.

Further Reading:

• Threat Detection Methodologies
• Network Detection and Response | Forrester Network Analysis and Visibility Report