Cybersecurity Threats: What They Are & How They Work Today

Businesses today are constantly under threat...threat of what, exactly? 

A cybersecurity threat can be defined as any action — intentional or unintentional — that compromises the security of an organization or an individual. As threats grow and evolve, organizations need to understand what they are up against: it’s the only way to defend against cybersecurity threats from criminals who exploit vulnerabilities to gain access to your networks, data, and confidential information.

Security operations have become an indispensable aspect of organizational survival and success. Cyberattacks and data breaches regularly make headlines as malicious actors continue to adapt and develop new tactics. To help you deal with cybersecurity threats better, let's look at:

• What threats are like today
• How threats have and continue to evolve
• Most common threats
• Best practices to deal with them

Defining threats today

Threats are malicious or negative events that take advantage of security weaknesses, loopholes, or vulnerabilities. Vulnerabilities come in all types, from technology and from humans alike. More specifically, in a cybersecurity context, we can define a threat as:

A threat is anything that could exploit a security weakness, loophole, or vulnerability, affecting the confidentiality, integrity, or availability (CIA Triad) of your systems, data, people, and more.

Threat awareness is critical to any organization because threats come with risks: a threat that is acted upon can result in a lot of risks that organizations want to avoid, like financial punishments or reputational damage — more on that topic later.

Cybersecurity threats are constantly in flux — and they come in many forms. That’s why security teams at places like CISA, Splunk, and across the internet encourage knowledge sharing: so organizations understand the types of threats out there. Fortunately, you can know these threats easily: this free ebook explains today’s top 50 cyber threats in detail.

How cybersecurity threats evolve

Historically, network security professionals primarily occupied themselves with a collection of well-understood threats:

• Phishing attempts via email
• Data and security breaches
• Malware brought in on a thumbdrive
• Unpatched operating systems with known exploits

Today’s cybersecurity landscape, however, is a lot more complicated. For example, poorly secured Internet of Things (IoT) devices threaten to give attackers a way in via a thermostat or a smoke detector. Personal devices create new risks, especially as they become tied to business and the work we do every day.

Attackers are getting smarter, too, using net tools and techniques to reach an increasing number of targets faster and more effectively than ever before. Though their techniques change, their goals rarely do. Most threat actors carry out attacks in order to achieve some edge. 

Most are looking for money and financial gain, stealing money directly or credit cards and personally identifiable information (PII) that they can leverage for ransom. Others might seek data in many forms: more PII, or corporate data like intellectual property/source code, and more. Some bad actors aim to steal computer resources. Lastly, some threat actors solely want to cause chaos.

As cybersecurity threats have exploded in volume in recent years, they've also become increasingly sophisticated and targeted. Cybercriminals commonly leverage publicly available information such as social media data to engage in identity theft and easily crack passwords.

With this data commonly available on the black market, it’s easier than ever for cyberattackers to fill in any information gaps about a prospective target.

Meanwhile, the technology available to power these attacks is becoming more ubiquitous. Malicious actors are able to use the same types of resources as any enterprise — including cloud computing, artificial intelligence (AI), and distributed computing resources — to increase the likelihood of a successful attack. As the attack surface of the typical enterprise has increased in size through the proliferation of IoT devices, cloud infrastructure, and employee use of personal devices, targets face a greater level of risk than ever before.

Common cybersecurity threats

Cybersecurity would be a lot easier if all we had to do was understand how people attack our digital systems. Unfortunately, every day there are more digital surfaces to attack and more ways to attack them. Among the countless cyber threats to any person or organization, some common threats include:

Malware

Malware stands for malicious software. It's programmed in such a way as to infiltrate the system, take advantage of the resources on the system, exfiltrate data, or cause damage to the system. Some common types of malware are viruses, trojans, ransomware, and spyware. Different malware serves different purposes. Some sophisticated malware can be stealthy and difficult to identify. Malware infections usually occur by downloading files from untrusted sources, visiting unsafe websites, and interacting with other infected devices.

(Related reading: malware detection.)

Advanced Persistent Threats (APTs)

APTs are targeted, complex, and sophisticated cyberattacks where the threat actors gain access to a network or system and stay within for a long time. During this time, they try to gain access to various networks and systems within an organization and try to gain as much information as possible.

APTs are difficult to detect or notice, as they're very stealthy. In fact, the average breach takes 150 days to be discovered. This is long enough for threat actors to have gained enough information and access to cause catastrophic damage. APTs are often sponsored by nations, states, or major criminal organizations.

Social engineering

Social engineering is an umbrella term for many types of cyberattacks: the part that makes it true social engineering is that the attack takes advantage of human psychology.

In this type of attack, the threat actors manipulate individuals into giving out their sensitive information. While social engineering is an attack on an individual, it can further be used for enterprise cyberattacks. Attackers use social engineering to gain an initial foothold and then use that access to breach an organization's network.

What are the different types of social engineering attacks?

• Phishing: Sending fraudulent emails or messages and tricking users into revealing sensitive information.
• Baiting: Setting something desirable as bait, such as discounts or free products, and using the bait to trick users into going to a malicious website or downloading malware.
• Tailgating: Taking advantage of authorized personnel's access to get physical access to a location.
• Shoulder surfing: Observing sensitive information while individuals enter it into their system or finding it on an individual's workstation.
• Pretexting: Creating a pretext by impersonating an official or employee of an organization to gain trust, and then tricking individuals into giving out sensitive information.

Injection attacks

An injection attack is a form of cyberattack where malicious code is injected into an application or system with the intent to perform malicious actions. Injection attacks can lead to authentication bypass, unauthorized access, data theft, illegitimate transactions, and system compromise. The most common types of injection attacks are:

• Cross-site scripting (XSS): Attackers inject malicious scripts to take advantage of the existing features of the application (for example: search box, DOM, etc.) and stay in line with same-origin policy to perform malicious actions.
• SQL injection: Here, the injection is a manipulated SQL query that the application passes to the back-end SQL database for processing. The SQL database executes the malicious code to perform illegitimate actions.
• Command injection: Command injections take advantage of the underlying system. The application passes the injection to the system's command line and the system executes the malicious command.

Man in the middle (MITM) attacks (aka on-path attacks)

In MITM or on-path attacks, threat actors intercept the communication between two parties to steal sensitive information or alter the data passed from one party to another. MITM attacks are commonly seen on public networks. In MITM, attackers can also impersonate a party to trick the other party into believing that they're talking to a legitimate party. MITM attacks are usually used to steal individual sensitive information such as credentials, credit card details, etc., for identity theft or malicious transactions. However, they can also be used to breach an enterprise.

Denial of service (DoS) and distributed DoS (DDoS)

DoS and DDoS attacks aim to bring down the normal operations of a system or network. They do this by sending an overwhelming amount of traffic to the servers. While the servers are trying to handle this traffic flood, they cannot serve legitimate requests, therefore causing service disruptions for legitimate users or requests. DoS and DDoS not only disrupt services but can also cause system and network crashes.

Zero day exploits

Zero day exploits target previously unknown vulnerabilities. This makes it difficult for detection systems to detect exploitation attempts and for organizations to patch the vulnerabilities before they're exploited. Attackers find and exploit vulnerabilities that vendors and users are unaware of or vulnerabilities that do not have patches yet. Log4j/Log4Shell is a popular example of a zero-day exploit.

Insider threats

Employees or contractors who use their credentials to gain unauthorized access and — either intentionally or unintentionally — expose the company to malicious software and other security risks or steal personal data or other sensitive information.

Insider threats are the most common threats and they can target different components of an organization, such as:

• Infrastructure devices: Servers, network hardware, and wireless access points, among others.
• Enterprise applications: Attackers target these systems by exploiting vulnerabilities in code or delivery via malware.
• Endpoint hardware and software: Client computers and operating systems, user devices such as smartphones, and even connected IoT devices such as printers.
• IoT devices: Any IoT device connected to the network, including industrial sensors, security cameras, or even “innocuous” devices like smart thermostats and appliances.
• Cloud-based resources: This category includes storage systems, public cloud services (such as web-based mail systems), and SaaS cloud computing platforms.
• Third-party vendors: Enterprises are increasingly at risk of being breached or subject to an attack through contractors and vendors whose systems aren’t properly secured.

Risks of cybersecurity threats

Threats are big news for organizations because they can carry huge risks. Security teams must remain acutely aware of the top cybersecurity threats they face, given the impacts they can have on the business's ongoing success. After all, a successful cyberattack can result in on or all of the following consequences: financial implications, catastrophic data loss and breaches, disruption of business operations, damage to your company's reputation, and legal and regulatory penalties. 

Financial implications

Cybersecurity breaches come with significant financial implications for businesses. In fact, global cybercrime damage is predicted to hit $10.5 trillion annually by 2025. Ransomware alone is predicted to cost victims around $265 billion (USD) annually by 2031. These costs can be a result of not only direct financial losses but also expenses related to incident response, legal fees, regulatory fines, and reputational damage control.

Investors also feel the impact — publicly traded companies suffered an average decline of 7.5% in their stock values after a data breach. Businesses that fail to prepare for cyber threats adequately may face crippling financial consequences.

Catastrophic data loss and breaches

By 2025, 200 zettabytes of data will need to be protected. Your customers, partners, and employees expect their personal and sensitive information to be safeguarded. Businesses must keep up with laws and regulations that govern how data is collected, stored, and shared.

In the event of a data breach, businesses not only face the potential of increasing regulatory fines but also the potential of eroding stakeholder and customer trust. Additionally, you'll have to verify data integrity after the breach before continuing business operations. Especially for organizations handling huge amounts of data and processing it to generate insights, unreliable data can lead to incorrect results.

Disruption of business operations

Some cyberattacks, such as distributed denial of service (DDoS) and ransomware, directly bring down organizations’ systems and networks. For other types of breaches, while the systems and network are not down due to the attack itself, you might have to take actions such as quarantining assets, disconnecting network access, disabling accounts, etc., to contain and mitigate the attack. This causes downtime, productivity losses, and customer dissatisfaction.

In certain industries or organizations where infrastructure is critical, such as hospitals, system or network downtime can be life-threatening.

(Related reading: the cost of downtime.)

Damage to your reputation and brand

A tarnished reputation can be a long-lasting consequence of a cybersecurity breach. Customers, partners, and investors may lose trust in a company that fails to protect its digital assets. And competitors can gain advantages as a result of a breach. Regaining a lost reputation takes much more time than losing it, and businesses can face huge losses during this period.

Legal and regulatory penalties

Due to the increase in cyberattacks lately, regulatory bodies are very strict with adherence to compliance. Depending on the geographical location and the industry an organization falls under, organizations must comply with the laws and regulations that apply to them. Failing to do so can result in hefty penalties and impact permissions and licensing for business operations.

As the world becomes even more digitally interconnected, businesses must recognize the importance of safeguarding their brand and reputation through robust cybersecurity practices.

Best practices for defending against cybersecurity threats

While the ever-evolving threats keep growing stronger, following cybersecurity best practices and overall cyber hygiene can help defend against them. Organizations should carefully evaluate the threats they face and implement security measures that are best suited for them. However, here are some best practices that apply to all organizations in general.

Regular software updates and patch management

Most vendors regularly try to identify vulnerabilities and release software updates and patches to address security weaknesses. Take advantage of this and regularly apply the latest updates. These updates will help you defend against attackers who are looking to exploit existing vulnerabilities. Create a plan to check for updates regularly and apply patches across products and across the organization.

Strong passwords

Set strong password policies. Follow password best practices such as minimum length and use of small-case and upper-case letters, numerals, and symbols. Train users on secure password practices such as not using common passwords, not using the same password on multiple platforms, and not including personal public information such as name, important dates, etc. Encourage users to use password managers to store passwords securely.

Multi-factor authentication

Multi-factor authentication (MFA) is an additional layer of security for user authentication. MFA is a practice of using two+ of the following:

• Something you know: password, pin, personal information, etc.
• Something you have: access card, token, security key, etc.
• Something you "are": fingerprint, retina, etc.

Using multiple factors for authentication makes it difficult for attackers to falsely authenticate themselves as a legitimate user.

Access control

Always make sure to provide access as needed and revoke access when not needed. Use the principle of least privilege to prevent unauthorized access. Regularly review access controls and adjust per business needs.

Awareness and training

One of the weakest links in cybersecurity is humans. Conduct regular training and awareness sessions to inform users on security best practices, how to identify something suspicious, and what process to follow when they encounter a breach.

Network segmentation

Divide your network into different segments based on usage and criticality. Then add security measures between different segments. This will add multiple layers of security within the organization. Even if one of the network segments is compromised, the attackers will have to put in extra effort to gain more control. Network segmentation is a good way to contain a breach.

Continuous detection, response, and testing

Install and configure detection and response systems such as SIEM, EDR, XDR, IDS, and IPS. These systems will help you identify suspicious activities and mitigate or block them before attackers can cause damage. Regularly test and review your detection and response systems to ensure they have the latest rules.

Encryption

Encrypt data so that even if the attackers get hold of data, it’s of no use to them. You should encrypt data at rest and data in transit. Encryption is super important, as organizations regularly handle a lot of sensitive information.

(Related reading: end to end encryption.)

Backup and recovery

Regularly back up important data and store it in a secure location. Practice storing backups in multiple locations so that even if one storage is corrupted, you have secured data in other locations. This ensures that you can restore your data and systems in the event of a security breach. It's also important to create a strategic recovery plan to minimize downtime.

Incident response

Even after following all the best practices, there’s always a chance that attackers will find a way around. So, you have to prepare in advance for how you will handle a cybersecurity incident. Create a detailed incident response plan clearly defining roles, responsibilities, and processes. Train your incident response teams regularly. This helps you minimize the damage caused due to an incident and get back to normal business operations sooner.

Today’s top threats: Know what you’re up against, defend with splunk

To remain resilient in a digital landscape fraught with cybersecurity threats that are more pervasive and sophisticated than ever before, security teams need to know what threats to look for. The Splunk Threat Research Team constantly monitors the threat landscape to help organizations understand and defend against cybersecurity threats from criminals who exploit vulnerabilities to gain access to networks, data, and confidential information.

That's why we've published our Top 50 Cybersecurity Threats eBook,. Armed with the right information, you can:

• Assess what threats are relevant to your environment.
• Understand how these threats impact businesses around the world.

Ignoring these threats is not an option — the consequences can be devastating. To thrive in the current digital environment, businesses must remain vigilant and stay ahead of threats through continuous security monitoring and proactive threat detection, investigation, and response.

Explore the Splunk security portfolio for industry-leading solutions that protect your business and empower your security team to tackle the most pressing security challenges.