There are many different information security threats that organizations face today. The threat of information security breaches should not be underestimated. Every day hackers steal data from thousands of people and disrupt normal business activities. Every organization has information security threats and vulnerabilities, no matter how well prepared they think they are. But what is a threat to information security? Until you understand this, you’re unlikely to be able to put the necessary protection measures in place. This article will explore the threats and vulnerabilities to information security, including taking a look at what are the main cyber threats of 2021 and some of the top 25 cyber security threats.
What is an information security threat?
A threat is defined as “the possibility that something unwanted will happen.” Hence threats in information security are anything that could result in something unwanted happening to data. Data in this context also includes information, which arises when context is added to data to give it meaning. Information security isn’t just concerned with data held in IT systems; it also includes data held in physical forms, such as filing cabinets, correspondence, written memos, and display boards. Hence what is an information security threat differs from what is a threat to cyber security. Cyber security is only concerned with technology-based threats.
As an example, one information security threat that as also a cybersecurity threat is a hacker gaining unauthorized access into an IT system to steal someone’s password. A threat that is specific to information security is a potential thief looking over the shoulder of an employee as they type in their password.
What are the 3 threats to information security?
Information security is concerned with three principles about data, known as the CIA triad:
- Confidentiality
- Integrity
- Availability
Any one of the threats to information security can affect one, two, or all of these data principles.
Confidentiality requires that data can only be accessed by people with authorization. So threats to confidentiality are anything to do with trying to get at the data, to view it, or steal it. An example is a vulnerability that allows a hacker to steal passwords. This example of information security threats is probably the one that ordinary citizens worry about the most.
Integrity is about keeping the data in its intended state. Threats to confidentiality also apply to integrity, as once a hacker gets access to the data, they might be able to change it. An authorized user making an accidental amendment to data is also an example of this threat to information security.
Availability is concerned with ensuring that people who are authorized to access the data can do so when they want to. Threats to this principle are different from the other two and include threats that deny people access to systems. An example is a denial of service attack that stops a website from responding to users. This type of information security threat can severely harm an organization’s ability to carry out its normal business activities.
What are the different types of security threats?
Which specific type of threat information security needs to deal with will vary between organizations. As we saw earlier, the information security threats will affect the CIA of data, but the specific nature will be different according to:
- The type of business carried out.
- The sensitivity of the data.
- The commercial value of the data.
- The public profile of the organization.
- The systems and technologies used.
- Where the organization operates.
For example, an organization based on a small island in the pacific that uses no IT systems will have different threats to information security from a government organization with responsibility for defense that uses secure communications technologies.
What are the different types of information security threats can simplistically be split into two categories:
- Technology-based threats are usually referred to as cyber security threats.
- Non-technology based threats, mostly human-based threats such as careless employees.
There are many more threats to information security that involve technology than ones that don’t. This is because of the reliance that just about every one of today’s organizations places on IT.
What are the biggest threats to information security?
The answer to the question “What are the biggest threats to information security?” changes over time, as new ways to hack into systems are devised and exploited and new technologies are introduced. For example, the Internet of Things (IoT) has introduced a new type of threat to information security through connecting home appliances to the internet.
The highlight is that people and their behaviors are the biggest threat to information security. They have been ever since data was first stored, and this will always be the case. This comes from two perspectives:
- The data owner and those responsible for looking after it must acknowledge that there are threats to the security of the information, then take sufficient care to protect it.
- There will always be people who want to steal data and information for their own gains. No matter what protections are put in place, ways around them will be found by determined individuals.
Apart from people, the biggest threats are cyber based. We will now take a look at what are the top 25 cyber security threats, highlighting what the top 5 cyber threats commonly seen in organizations are.
What are the main threats of 2021?
The main threats for 2021 are likely to be very similar to this list of what are the top 5 cyber threats that were experienced last year by many organizations.
- Social engineering threats: these cyber security threats use the psychology of individuals to trick them into giving away confidential and sensitive data, often using social media platforms as the vehicle. The cyber criminals use techniques to mislead and trick people into giving them information such as passwords, date of birth, and bank details. For example, answering what seems like an innocent social media quiz asking for a first pet’s name, first school, and mother’s name can give hackers the information they need to unlock online accounts, including bank accounts.
- Ransomware attacks: These are where the hacker holds the data and IT systems hostage until a ransom is paid. The attacks are spread through phishing emails, downloads, infected websites, or infected USB sticks. Targets range from individuals to large government organizations.
- Internet of things threats: Many of the Internet of Things’ devices have immature or non-existent security measures installed. This includes domestic appliances such as TVs, audio systems and lights, automobiles, and even home security systems. The attacker can easily gain access to these and use them to steal important information such as passwords and personal information. This is one of the fastest-growing cyber security threats.
- Patch management: Failing to keep your systems and applications up-to-date with the latest patches leaves you open to known threats. Using outdated software versions is one of the most common vulnerabilities exploited by hackers. This isn’t a new issue; it was one of the earliest cyber security threats.
- Phishing emails: These are emails that seem to be genuine but come from hackers. This is one of the cyber security threats that use the same vulnerability as the social engineering threats, tricking users into believing the email is genuine to get them to divulge confidential information, for example, by linking to a site that looks like the user’s bank and asking them to confirm all of their banking information, username, and password.
What are the top 25 cyber security threats?
All cyber attacks are intentional and malicious attempts to breach the security of an organization or its systems. The motives for these attacks include theft of information, financial gain, espionage, and sabotage. The most common of the top 25 cyber security threats tend to be of these types:
- Distributed denial of service (DDoS).
- Social engineering.
- Man in the Middle (MitM).
- Malware and spyware.
- Password attacks.
Distributed denial of service: The objective is to hit the availability of the target system to deny access for users. DDoS attacks are where hackers compromise a large number of computers and use them to launch a coordinated attack against the target system, flooding it with incoming messages.
DDoS attacks are sometimes used to create confusion while more subtle attacks are made to steal data. Methods used for DDoS attacks include:
- Ping of death attack: This sends pings to the target system using faulty packets which cause the target system to crash or freeze.
- Botnets: systems infected with malware that is controlled by the hacker are used to carry out the attack. Some botnets include millions of devices that can launch very large-scale attacks.
- Smurf attack: These use Internet Control Message Protocol (ICMP) echo requests that are sent to the victim’s computer’s IP address using an automated process at scale.
- Teardrop attack: These cause the length and fragmentation offset fields in IP packets to overlap. The target system can crash when it fails to reconstruct the packets.
- TCP SYN flood attack: The target system is flooded with connection requests. This fills the connection queue and stops legitimate connections.
Social engineering attacks: These work by fooling users into divulging confidential and sensitive information. Social engineering attacks include:
- Phishing: Attackers send emails that seem to come from legitimate sources. The email asks the user to do something like click on a link or an attachment. This leads then to a fake malicious website where they enter confidential information or download an infected file, which can then take over the user’s systems.
- Spear phishing: A specific variant of phishing where attackers specifically target users with security privileges or influence, including system administrators and senior executives.
- Homograph attack: The attacker creates a fake website with a very similar web address to a legitimate website and the same look and feel. Users don’t realize and enter confidential information or purchase non-existent goods and services.
Man in the Middle (MitM): In a MitM attack, the attackers place themselves between the user and the target server. They can then steal credentials and data. MitM attacks include:
- Replay attack: The attacker eavesdrops on network communications and later pretends to be the user by replaying captured messages.
- Session hijacking: The attacker hijacks a session between a network server and a client, then substitutes its IP address for the client’s IP address. The server believes it is corresponding with the client and continues the session.
- IP spoofing: The attacker forges the IP address of a trusted host, providing it with access to the target system.
- Eavesdropping attack: Attackers use network security issues to access the information sent between the client and the server.
Malware / Spyware attacks: There are many ways hackers use to infect the user’s systems with malware and spyware, including phishing attacks and attacking vulnerabilities in browsers and operating systems. Malware can do a range of illegal activities. These include stealing data, spreading to infect other devices in the network, and launching attacks on other systems and networks. Types of malware and spyware include:
- Wiper malware: This form of malware overwrites files or even the entire file system.
- Ransomware: These lock systems and prevents access until a ransom is paid.
- Trojan virus: These look like legitimate files and can be used to create a backdoor to provide a secret entry for hackers and to launch attacks.
- Fake PC optimization security software: Users run this from a search result believing it to be genuine optimization or anti-virus software. It pretends to scan then displays fake warnings. The user then buys the fake software, giving their financial information to the hacker, and often installing malware.
- Malvertising: Fake online advertising that contains malicious code which infects a user’s computer when users access the ad.
- Drive-by downloads: Attackers hack legitimate websites and insert malicious scripts into code on a page. When a user visits the page, the malware is downloaded onto their computer, either directly or using a redirect to a malicious site. Many of this type of attack relies on vulnerabilities in browsers and operating systems.
Password attacks: There are a number of different ways that a cyber criminal can use to steal user passwords. Passwords attacks include:
- Brute-force guessing: the attacker uses a software tool that generates and tries out a very large number of passwords. Some of the tools use intelligence to compose the passwords using data related to the user stolen using social engineering, such as family and pet names.
- Stolen password database: Having gained access to the system using a different hacking method, the attacker takes a copy of the password file and uses hackling tools to decrypt it.
- Dictionary attack: The attacker tries to gain access using a dictionary of commonly used passwords.
Summary
Today’s IT systems are complex involving many different components from many different vendors all working together. Putting systems in the cloud might seem to simplify matters, but as far as information security is concerned, it makes it even more complex. Dealing with the top 25 threats to cyber security is challenging enough if you are in full control of everything, but outsourcing systems to cloud vendors doesn’t outsource your responsibilities for information security. Just assuming that your cloud vendors will be good at dealing with cyber security threats is a risky approach.
Using the cloud also increases your vulnerability to cyber attack using the internet, which means that you face global threats to cyber security on a massive scale. This requires well thought out approach to information security and funding to ensure that you have adequately resourced information security and cybersecurity teams, supported by tools for threat prevention, detection, and mitigation. Your business’s ongoing viability is highly dependent on what approach you take to address the top 25 cyber security threats.