As modern life becomes more digitized, cyber security threats have increased dramatically. Hackers stole half a billion personal records in 2018 alone, according to the 2018 End-of-Year Data Breach Report from the Identity Theft Resource Center. In a recent Ponemon Institute report conducted on behalf of IBM, an estimated 54% of companies said that they’ve experienced a cyber attack in the last year. Despite this, many businesses are still unprepared to respond to cyber security threats. The Ponemon study found that 77% of organizations don’t have a cyber security incident response plan. By understanding the many types of cyber threats and implementing innovative solutions to mitigate their impact, cyber security experts can help to change these trends.
What Are Cyber Security Threats?
A cyber security threat is an attempt to gain access to a device or network to steal data or manipulate digital systems. Cyberattacks can come from many different sources, including foreign governments that want to interfere in U.S. elections, political activists (“hacktivists”) spreading a political agenda and individual hackers who use cyber attacks to make money. Cyber threats are becoming increasingly common and can result in huge losses for businesses. In fact, a report published by IBM found malicious data breaches — like malware and ransomware attacks — cost companies an average of $4.45 million. For companies who suffered breaches of more than one million records, the cost of recovery rose to nearly $42 million.
Types of Cyber Threats
Cyber threats can take many forms, from spyware and phishing to botnet attacks and distributed-denial-of-service (DDoS) attacks. Three of the most common types of cyber security threats are malware, ransomware and cyber interference operations. Each of these forms of cyber attacks have different targets, modalities of execution and consequences. Understanding these differences is key to preventing attacks and creating an effective cyber security plan.
Malicious software (malware) is designed to infiltrate a computer and gain access to stored data. Typically, malware gains access to a computer when someone unknowingly downloads a corrupted file. Once downloaded, malware can cause significant damage, operating for a long period of time without being detected.
Malware comes in many forms:
- Viruses. Viruses cause damage by attaching themselves to computer files. They spread rapidly, deleting files and damaging a system’s basic functionality.
- Trojans. Disguised as legitimate software, trojans open back doors in a computer’s security system to make it easier for other malware to be installed.
- Spyware. Constantly running in the background, spyware tracks a computer user’s online behavior, recording passwords, credit card numbers and other private information.
- Adware. Adware is most commonly recognized in the form of pop-ups, but more broadly, adware is any type of malicious software that undermines computer security to inundate users with ads.
- Botnets. Botnets are networks of computers operating together toward a common hacking goal. They can be used to steal data, send spam and gain access to a device and its network.
Malware can have serious consequences. Last year, The Washington Post reported evidence of foreign governments using malware to target voters in U.S. swing states. In this instance, trojan programs could have allowed hackers full control over a voter’s computer — a serious problem in areas that allow online voting. In addition, the Post found strong evidence that politicians were using adware to collect voters’ private information.
As attacks like these become increasingly common, cyber security teams need to proactively address potential cyber threats:
- Promote organizational awareness. Many people don’t know what malware is or what its potential impacts are. Increasing organizational awareness of cyber security threats can help limit the likelihood of malware breaching a company’s system.
- Provide security training. Empowering individuals throughout an organization to adopt better security practices is an important component of any cyber security plan. Running classes on identifying suspicious email or keeping software up to date can help prevent security vulnerabilities.
- Implement cyber security best practices. Cyber security teams are on the front line of cyber security attacks, so it’s vital that teams implement effective security tools and protocols, including instating password policies, configuring firewalls, installing antivirus software and creating an emergency response plan.
Ransomware denies access to a computer system or device until a sum of money is paid. In general, ransomware works by encrypting computer files, making them inaccessible to anyone other than the attacker. Typically spread through phishing emails or infected websites, ransomware is a widespread problem with potentially devastating effects — victims not only suffer financial losses from paying the ransom, but also are at risk of permanently losing their private data and files.
Ransomware can be particularly damaging when used against public services like government agencies, hospitals and other sources of vital infrastructure. Take, for example, the massive ransomware attack of 2017 that targeted hospitals in dozens of countries. The attack made it impossible for hospitals to access their computer networks — and the databases and patient records stored on them — forcing hospitals to turn patients away. The attack on the Ada County Highway District computer systems in Idaho in early 2019 is another example; ransomware compromised the county’s database, making it inaccessible for more than 30 hours and putting citizens’ private information at risk.
Recovering from a ransomware attack can be a challenging process. Luckily, cyber security experts can implement many strategies to mitigate the impact:
- Conduct risk analysis and vulnerability testing. Conducting a thorough risk analysis of an organization’s system vulnerabilities is a vital first step in any cyber security plan. Once weaknesses are identified, patches can be put in place and areas of priority for system updates can be identified.
- Implement cyber security best practices. All cyber security teams should make sure to align infrastructure and processes with best practices: restricting software install privileges, enabling strong spam filters, authenticating inbound email and configuring firewalls to block known malicious IP addresses, to name a few.
- Develop an emergency response strategy. While prevention is the best strategy, every organization should have an incident response plan ready to put into action if there’s a ransomware attack. In addition, organizations should consider how they can sustain business operations with limited access to computer systems.
Cyber Interference Operations
Cyber interference is an event in which an organization tries to attack and exploit an organization’s computers or information networks. Typically, hackers use cyber interference operations to spread misinformation, targeting divisive topics like elections. The goal of these attacks is to create discord and increase unrest. To do this, attackers need to find ways to amplify their voices, often turning to social media to spread misinformation through fake accounts. Because there’s no process for validating information sources on social media, it provides the ideal space to present extreme arguments as legitimate news.
Cyber interference’s potential impacts can be massive, as demonstrated by Russia’s interference in the 2016 U.S. presidential election. Experts are predicting more cyber interference attacks as the 2020 presidential election approaches. Recently, the U.S. Treasury sanctioned two Russian nationals who the Russian government tasked with spreading disinformation and false news.
Cyber interference operations have the potential to undermine democracy and national security; therefore, it’s imperative that intelligence agencies and cyber security experts find ways to safeguard against these attacks:
- Ensure robust security protocols are in place. To prevent cyber attacks, organizations need to invest in proper equipment and implement effective protocols. When implementing changes, cyber security teams should evaluate their organizations’ unique needs and identify potential vulnerabilities that foreign entities can exploit.
- Recruit a team of cyber security experts. Cyber security strategies require constant attention, revision and improvement. It’s vital for businesses to build highly qualified teams of cyber security experts who can identify and address threats effectively, especially during highly sensitive times like the 2020 presidential race.
- Demonstrate cyber resilience. Cyber resilience refers to an organization’s ability to respond to and recover from a cyber attack. To build cyber resilience, security teams should be well trained and adaptable: Running through potential security scenarios to refine the response strategy is just as important as developing a breadth of knowledge that allows for on-the-spot problem-solving. To effectively prevent cyber interference, security teams need to be current on the latest foreign intelligence and be ready to react as quickly as possible.
Learn More About Defending Against Cyber Attacks
Preventing cyber security threats is a vital part of business in the digital era. Virginia Commonwealth University’s graduate Cybersecurity Certificate provides a solid foundation in cybersecurity concepts and helps students gain the knowledge and technical skills necessary to assess and mitigate cybersecurity risks. Students interested in advancing their careers in the cybersecurity industry should consider Virginia Commonwealth University’s Master of Arts in Homeland Security and Emergency Preparedness — the nation’s first program of its kind. Classes like Cyber Security Law and Policy prepare students for any unpredictable challenge that comes their way.