Your IT team likely throws around many different scary-sounding words when they’re discussing security threats. It’s easy to be confused about how each kind of threat is different and what risk they pose to a business. This handy glossary of IT Security Threats will break it all down for you.
First, let’s define a cybersecurity threat: Any potential danger or risk to computer systems, networks, or data. These threats can be malicious cyberattacks from a hacker or malware, but they could also be insider threats from an unhappy employee or even a natural disaster. We tend to focus on the malicious actors, but accidents and natural disasters can be equally threatening to your business’ IT and operations.
For this glossary, we’re taking an expansive view of cyber threats, defining 17 of them, and explaining why the risk should be taken seriously.
Who are the actors or events that cause cybersecurity threats:
- Hackers are individuals or groups who use their technical knowledge and skills to gain unauthorized access to computer systems, networks, or data. They may exploit vulnerabilities in software, misconfigurations in systems, or social engineering techniques to infiltrate and compromise targets. They pose significant risks to businesses by disrupting operations, stealing valuable data, damaging reputations, and creating legal liabilities.
- Insider threats refer to the risk posed by individuals within an organization who have authorized access to computer systems, networks, or data and may misuse that access to cause harm intentionally or unintentionally. Insider threats can come from current or former employees, contractors, or business partners. They can do the same damage as a hacker but even more quickly because they already have access to the network.
- Natural Disasters are a threat to the integrity of IT systems because they can knock out power and connectivity to a network, which could lead to data loss or corruption. Further, disasters like fires or hurricanes can destroy the network hardware which results in downtime and data loss. While businesses cannot prevent natural disasters, they can be prepared to weather them and invest in the right backups for their network so their data and connectivity can be restored quickly.
When considering the insider or outsider threats to computer networks, the biggest threats used to be:
- Worm: A type of malicious computer program that spreads copies of itself to other computers, usually over a network. “Computer worms” would enter a network either through exploiting a vulnerability in software or through social engineering. They are designed to replicate without human interaction. The worm is coded to perform a specific malicious activity like copying data or creating a backdoor for remote access.
- Virus: A type of malicious program that is attached to files. It is spread when a person downloads an infected file or inserts a USB that has an infected program. Once a file or program is opened by a human, the virus can replicate across a device or network, destroying files and corrupting data.
While less prevalent today because the manufacturers of both hardware and software have gotten better at detecting and preventing worms and viruses from infecting their devices or programs. The good news is that antivirus solutions, which are very cheap nowadays, are extremely effective at preventing these kinds of threats. The bad news is threats have evolved significantly to evade detection.
Today, malware, which comes in many different shapes, poses the biggest threat to businesses. Malware is malicious software designed to infiltrate or damage a computer system without the owner's consent. Some of the most common malware threats today are:
- Trojan Horse: Malware that appears to perform a desirable function for the user, like running a software update, but instead facilitates unauthorized access to the user's computer system. The fact these kinds of software appear legitimate to a user or even a device’s security system is the real threat. They can quickly spread in a network before anyone is aware of the threat they actually pose.
- Ransomware: Malware that encrypts files and data, frequently locking up an entire network and demanding payment to restore access. This kind of malware can spread through email attachments, malicious websites, and software vulnerabilities.
- Spyware: Spyware secretly collects information about a user's activities, such as browsing habits, keystrokes, or login credentials, and sends it to a remote server controlled by the attacker. Spyware can be used for surveillance, identity theft, or targeted advertising.
- Rootkit: A type of malware designed to gain unauthorized access to a computer system and remain undetected. Once installed, hackers can have full remote access to a computer. They are a significant threat to businesses because many traditional cybersecurity tools won’t pick up on the threat, and they operate so far in the background that a computer user is unlikely to notice either.
Now that you understand who creates cyber threats and what tools they use to damage a network let’s define some different styles of cyberattacks to be on the lookout for:
- Phishing: A fraudulent attempt to obtain sensitive information, such as usernames, passwords, and credit card details, by disguising as a trustworthy entity in an electronic communication. This is the most common cyber attack today, and you probably experience it on a weekly basis. It can be a fraudulent email requesting a password reset or an email from a vendor requesting that you update your account information. These fraudulent sites then collect and record your credentials to use later to access your account.
- Spoofing: The act of disguising communication from an unknown source as being from a known, trusted source. Again, this is a super common way attackers try to gain access to a network or steal valuable data. For example, some criminals will create a fake email address that appears to be almost the same as the email address of one of your vendors. They then email your business asking that you update your records with new bank information. The next time you pay your vendor, you actually wire money to the criminals.
- Social Engineering: Both phishing and spoofing are types of social engineering. They are types of deception used to manipulate individuals into divulging confidential information or take specific actions that then lead to fraudulent outcomes. Unfortunately, while cybersecurity tools are very good at detecting and eliminating malicious software, they cannot prevent humans from mistakenly clicking a link or replying to an email. The only way to stop social engineering attacks is by educating employees on cybersecurity and training them on what to watch for.
- SQL Injection: A type of attack that allows an attacker to execute malicious SQL statements to control a web application's database server and steal data.
- Zero-day exploit A cyberattack that targets a previously unknown vulnerability in software before the software developers have had an opportunity to patch it.
- Denial of Service (DoS): An attack that prevents legitimate users from accessing a service, network, or system by overwhelming it with a flood of bogus requests.
- Man-in-the-Middle (MitM) Attack: An attack where a malicious actor intercepts and possibly alters communication between two parties without their knowledge.
- Brute Force Attack: A trial-and-error method used to obtain information such as a user password or personal identification number (PIN).
All these cybersecurity threats are scary. Businesses can suffer significant damage – financial and reputational – when a cyberattack succeeds, or a natural disaster occurs. The good news is it’s not hard to prepare your business to face and stop these kinds of threats. The basics are ensuring regular offsite backups of your data, enforcing Multi-Factor Authentication to prevent fraudulent logins to applications, putting in place endpoint detection (EDR or MDR) software to scan and eliminate malware on devices, having a firewall to filter your web traffic, deploying email spam filtering to lessen the chances of phishing or spoofing attacks, and finally training your team on the cyber threats they face and how to report anything suspicious.
We’ll define all these cybersecurity tools and practices in a later blog, but if you want to learn more, email us at hello@lktechnologies.com.