It’s unnerving to think that by 2021 global cybercrime is predicted to reach $6 trillion annually. If your business relies on internet access, email communication, accepts credit card payments, collects customer information, or stores employee data, your business is at risk.
A threat is any potential danger to information or systems. Threats could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity.
Threats must be identified, classified by category, and evaluated to calculate their damage potential to your business. Below are potential threats your business might face along with what might happen if there is an attack:
- Hacking - Hacking is now a multi-billion dollar industry for cyber criminals and provides opportunities for threat actors to extract data for political and monetary gains.
- Cracking - Reverse engineering of software, passwords or encryption could lead to unauthorized access to sensitive information.
- Malware - Malware disrupts computer operations, gathers sensitive information, or gains access to a computer system to compromise data and information. Examples include viruses, worms, spyware, keyloggers, and backdoors.
- Misuse - Employees may take advantage of entrusted resources or privileges for a malicious or unintended purpose. Included in this category are administrative abuse, policy violations, and use of non-approved assets. These actions can be either malicious or non-malicious in nature.
- Errors - Errors such as system misconfigurations or programming errors can cause unauthorized access by cyber criminals. Examples include SQL injection and XSS Scripting.
- Data Leakage - Unauthorized electronic or physical transmission of data or information from within an organization to an external destination or recipient could leave data in the wrong hands.
- Cloud Computing - Storing unencrypted sensitive data with lax access controls leaves data stored in the cloud vulnerable to improper disclosure.
- Mobile Devices - Mobile devices carrying sensitive data can be lost or stolen, possibly causing data to fall into the wrong hands.
- Availability Attacks - Cyber-attacks can be structured to extort or damage organizations whose websites or online assets are a major source of revenue.
- Advanced Persistent Threats (APT) - Hackers will attack computer systems while avoiding detection and harvesting valuable information over the long term.
- Third-Parties / Service Providers - Third-parties’ networks may be used by other external threat actors as an initial access point into an organization’s network.
- Physical - Theft, tampering, snooping, sabotage, vandalism, local device access, and assault can lead to a loss of data or information.
- Environmental - Natural events such as earthquakes, power loss, fires, and floods pose hazards to the infrastructure in which assets are located.
- Insider Threat - Employees, contractors, or partners can commit fraud, espionage or theft of intellectual property.
- Social Media - Employees often fall victim to scams or reveal information not intended for public knowledge.
- Dumpster Diving - Improper disposal of sensitive data could lead to improper disclosures and sensitive information just sitting in trash bins.
- Social Engineering - Attackers rely heavily on human interaction to gain access to company networks or systems, usually tricking users into breaking normal security procedures and revealing their account credentials.
*Checklist of common cybercrime threats obtained from our Cyber Liability partner, NAS Insurance.