On Monday, Nov. 24, 2014, Sony Pictures Entertainment’s headquarters in Culver City, California, suffered one of the most destructive cyberattacks recorded in history. A hacker organization, identified as “Guardians of Peace,” leaked a trove of confidential data from Sony Pictures to a dark web hacker community.
Data ranged from personal information on Sony Pictures employees, executive salaries, copies of unreleased films, scripts for certain films and other sensitive information. The hackers demanded Sony to withdraw their film “The Interview” and even threatened terrorist attacks.
It took Sony a few challenging years to recover from that blow. Not only did Sony learn its lessons the hard way, but the event also taught everybody that anyone can be a target (big or small) and about the importance of cybersecurity.
What Is Cybersecurity?
According to Cisco, “Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.” These digital attacks usually aim to steal data, compromise it, change its integrity or destroy it. Other attacks might be aimed at spying or interrupting business processes or continuity.
For the United States’ National Initiative for Cybersecurity Careers & Studies (NICCS), cybersecurity is not only a “practice,” but an activity or process, ability or capability, or a state where information systems are protected from damage, unauthorized access or exploitation.
Achieving a full state of cybersecurity is nearly impossible because it is always a moving target. A good strategy should be capable of mitigating risks at different layers, from data, applications, computers, networks and even physical security. Accordingly, cybersecurity is not only achieved through technology but with a combination of processes, trained people and systems.
Per the Cybersecurity Strategy CS5L Capability Maturity Model CMM, the steps to ensure a cybersecurity strategy are:
- Network VPN hardware layer: Protect network security and entry points. IDS and IPS (Intrusion Detection and Prevention Systems) and network segmentation.
- Firewall: Guard access and protect inbound outbound traffic.
- Employee security: Train people to make them aware of social engineering and phishing tactics.
- Internal defense: Defense on servers and workstations such as Internal firewalls, antivirus, Malware protection. Also audits to access controls.
- Forensics: Information technology security teams performing digital forensics for real-time situation awareness and mitigation strategies.
- Compliance regulations: Regulations that ensure security. Required according to industry.
What Can (or Should) Cybersecurity Do?
As mentioned before, cybersecurity aims to protect against damage, unauthorized use, modification or exploitation of networks, systems, applications and data.
Cybersecurity should protect or defend against cyber attacks, threats, vulnerabilities and risks that damage, modify or exploit assets.
Let’s define these:
|Cyberattack:||A deliberate offensive and unauthorized action against a target. It can be either active or passive but will always have an intention or motive behind it.|
|Cyber threat:||A probability that an attack may occur, a warning, a possibility of a downturn of events. For example, a security violation that may exploit a vulnerability. It is either intentional or accidental but ends up compromising, damaging or destroying an asset.|
|Vulnerability:||A weakness or gap in cybersecurity that might be exploited (against your will) by threats or attacks. Vulnerabilities make your network or systems susceptible to certain issues or circumstances.|
|Cyber risk:||The intersection between threats, vulnerabilities and assets. A risk is the result of a threat exploiting a vulnerability in an asset.|
Putting It All Together: A Visual Example
To make a clear distinction between these concepts, let’s see a visual example.
Let’s use the following diagram of a Distributed Denial of Service (DDoS) attack. The DDoS is a type of cyberattack initiated by a threat actor (the alien in the diagram) which uses a botnet (an army of bots or zombies) to flood a victim with endless and massive service requests.
A DDoS is a significant cyber threat for companies with web assets. Any company with a website or web app can be the target of a DDoS attack at any moment. A website’s company might be vulnerable to DDoS if they don’t have the necessary protection such as WAFs (Web Application Firewalls) and CDNs (Content Delivery Networks).
How Can Cybersecurity Defend Against Attacks, Threats, Vulnerabilities & Risks?
Most cybersecurity strategies can’t provide full protection—they can only mitigate risks and reduce the probability of threats. For instance, a Layer 7 DDoS attack with a massive amount of traffic from geographically distributed sources is nearly impossible to stop. But deploying a CDN with scrubbing data centers to clean the junk traffic and L7 WAFs to filter further will help mitigate the risk.
This is important:Before diving deeper into types of cyberattacks, threats and risks, it’s important to catch a sense of what’s behind an attacker’s intentions. What’s their motivation, what assets could they be after and what are their methods?
Know Your Enemy
Most of the time, would-be-attackers have emotional motivations against the target (competition, political party, employer or neighbor). They want to bring down their network, spy on their activities or interfere with their data. But these motivations can turn darker, as hackers/attackers might begin to use their skills to make money.
Other types of attackers or hackers might want to make a political or social point or prove their skills and knowledge to their community. There are other levels of motivations as well—for example, companies that hire attackers to bring down or spy on their competition, or even state-backed hackers that are trained and paid for cyber warfare, as in the case of the Sony hack.
Cyber Attackers and Their Different Colored Hats
These are the ones with bad intentions—the cybercriminals. Either emotionally or financially motivated, these criminals are there to inflict damage.
They don’t want to harm but will violate laws and ethical standards, such as hacking a network or system without permission, for curiosity or monetary reasons. If they find a vulnerability, they are likely to report it to the owner (sometimes asking for a reward).
They are usually paid to audit an organization’s security measures. White hat or ethical hackers are given a certain degree of authorization, and they are rewarded for identifying vulnerabilities and risks. The pen testers are similar, as they are also given authorization but with certain access, specific target and timeframe.
Other types: The script kiddies with amateur skills but the potential for harm. The hacktivists, the Robin Hood of hackers, who fight for a cause. And the dangerous insiders that lurk inside the organization with authorization and access to certain resources.
How Cybersecurity Defends Against Cyber Attacks and Cyber Threats
As seen in the previous section, establishing a fully successful cybersecurity measurement is quite challenging, especially due to the larger attack surface and digital footprint. Nowadays, attackers have more access to sophisticated tools, zero-day information, and even artificial intelligence-based software. But that is not all; now, they don’t even need to be experts in scripting and networking. With easier access to the dark web, anyone can pay for a Botnet-as-a-Service, find zero-day vulnerabilities and even hire a DDoS service.
To do damage, bring down a network, spy or mess with data, cyberattacks follow a similar pattern.
Hackers/attackers would first perform reconnaissance. They gather intelligence, evidence and enough information about the target. Then, they proceed to scan and enumerate the target. They would probably already know vulnerabilities, network topology and IP subnets, so they proceed to gain access to the enumerated targets.
Professional hackers want to ensure they have a way back, so they maintain access by installing backdoors and elevating privileges. The final phase of an attack is when they cover tracks to avoid being identified by security professionals. They delete logs, audits, historic data, change credentials and more information.
Common Types of Cyber Attacks, Threats, Risks and Vulnerabilities
The following is a short list of some (not limited to) popular types of cyber threats and attacks. Their attack surface, vector, actor and purpose will greatly vary, widening the range of possible types of attacks and data breaches.
- Attacks that do damage: Attacks made for no other reason than to do damage include Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS) attacks, and data destruction attacks, such as SQL injection. A DDoS attack is not concerned about gaining and maintaining access, so they would only use phases one and two to perform the attack.
- Interception or eavesdropping attacks: Attacks where an unauthorized agent gains access to an asset (network, traffic flow, system, etc.). These attacks aim to steal data or compromise its integrity. Examples include Man-In-The-Middle (MITM), replay attack and evil twin attacks.
- Impersonation: This type of attack aims to deceive someone (usually an employee) by pretending to be someone else. Attackers used advanced social engineering, including phishing, pretexting or baiting, to gain access to networks and systems.
- Attacks to gain access: These types of attacks work when there is no proper firewall, IDS or IPS protection, or when passwords or privileges are weak. These range from Dictionary attacks, all types of exploits and vulnerabilities, and more.
Common Types of Exploits
- Web vulnerability exploits: SQL injections and Cross-Site Scripting (XSS) are two popular attacks that exploit weak websites. SQL injections are so deadly because they can be used to steal data from compromised databases and destroy them.
- Zero-day exploits: These are vulnerabilities found by cybercriminals in popular operating systems, software, protocols or applications. Zero-day exploits are shared across hacker communities, which quickly (during the zero-day) target organizations using that vulnerable technology—before a security patch or update comes out to fix the vulnerability.
Common Cyber Threats
To perform those types of attacks (or exploit certain vulnerabilities), attackers use different techniques or threat vectors. The most popular include:
- Malware: While it’s the most common type of cyber threat, malware is also the most damaging and dangerous. Malware travels through the internet and installs itself on a host system. It will attempt to steal information, open backdoors, delete files, deny access to files, take data hostage or spread itself.
- Botnets: Another type of cyber threat, botnets are armies of malware-infected computers spread across the globe. Botnets are controlled by a single user. They can be used for good or bad, from harmless web scraping to destructive DDoS on a target.
- Dictionaries: These are files containing default passwords, commonly used passwords or endless possibilities of words in different languages. Dictionaries can also be used for good (password recovery) or to brute-force unauthorized access.
- Ransomware: This is a new popular cyber threat that is creating havoc. Ransomware comes as malware or trojan, which executes a program to encrypt data. The only person that has the key to decrypt your data is a cybercriminal. They will send a ransom note requesting money (or something in return) for the key to unlocking your data.
Best Practices for Assets and Data Security
The best time to start preparing for a cyberattack or security breach is yesterday. Any individual, organization, company, government or group can be hacked—targets range from small businesses to multinational corporations. Hackers will either go for the easy route, such as exploiting vulnerabilities, or they’ll launch challenging hacks to prove their worth.
So, how can you secure your assets and your data privacy against all types of cyber attacks, risks, threats and vulnerabilities? How can you improve your data security?
Below is a list of some recommendations and best practices:
- Use a firewall: To protect internal assets, use a firewall with strong rules that don’t break the usability of a system or application. For web assets and application security, use a WAF. Firewalls can help create physical and virtual network segmentation, boosting your network security.
- Use other defense mechanisms: Use antivirus, anti-malware, Intrusion Detection Systems, Intrusion Prevention Systems, VPNs, proxies, etc. All these software/hardware tools will help improve security and privacy.
- Be aware of social engineering: End-user education is paramount. Have processes and train people to not be tricked by phishing emails, scams, fake websites, lost USBs or other attack vectors. Kevin Mitnick, one of the most famous hackers, once said, “Social engineering bypasses all technologies, including firewalls.”
- Enforce strong password policies: There’s a saying about passwords in the cybersecurity world: “A password is like a toothbrush.” Choose a good one, don’t share it with anyone and change it occasionally. If possible, use multi-factor authentication. A password manager can help you keep track of complicated passwords that you can’t remember off the top of your head.
- Update and patch systems: To avoid nasty zero-day attacks and security breaches, update your computer systems, mobile devices and applications as soon as possible. Be wary of new apps and devices such as unregulated Internet of Things products, as they come with many more vulnerabilities and the potential for a security breach. As computer security expert Window Snyder said, “A single vulnerability is all an attacker needs.”
- Get behind a CDN: Content Delivery Networks (CDNs) are the best defense against powerful volumetric and distributed botnet attacks or DDoS attacks.
- Backup and recovery: Follow the 3-2-1 backup rule and have a good disaster recovery plan for data loss prevention.
- Perform regular audits or pen tests: A pen tester can find weak points and vulnerabilities that are often hard to see. Let a pen tester audit your network, web or any asset. Also, check for access controls and identity management to learn who has which rights.
Cybersecurity is a lot more than just another area of information technology. It is a shared responsibility with processes, awareness, abilities and technologies to defend not only data, privacy and infrastructure—but people themselves.
This article only got your toes wet in the ocean of cybersecurity. To get yourself a good dive and delve deeper into the cybersecurity world, check the following trusted and high authoritative sources: