Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

What exactly is a Cyber Threat?

Written by  Jan 08, 2020

Online threats are varied and they don’t discriminate organisations from individuals when looking for a target, they don't care.

You’ve likely heard the term “cyber threat” thrown around in the media. But what exactly are these cyber threats? This is not a simple answer but I will try to explain in detail what 'cyber threats' really are.

A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber attacks include threats like computer viruses, data breaches, and Denial of Service (DoS) attacks.

Advertisement
Norton360 by Symantec 300x600

Cyber threats today

The term is almost exclusively used to describe information security matters. Because it’s hard to visualise how digital signals travelling across a wire can represent an attack, we’ve taken to visualising the digital phenomenon as a physical one.

A cyber attack is an attack that is mounted against us (meaning our digital devices) by means of cyberspace. Cyberspace, a virtual space that doesn’t exist, has become the metaphor to help us understand digital weaponry that intends to harm us.

What is real, however, is the intent of the attacker as well as the potential impact. While many cyber attacks are merely nuisances, some are quite serious, even potentially threatening human lives.

DDoS attackAlso see:
What is a DDOS attack?

Why is it necessary to protect from cyber threats?

Cyber threats are a very real problem. Cyber attacks can cause electrical blackouts, failure of military equipment and breaches of national security secrets. They can result in the theft of valuable, sensitive data like medical records. They can disrupt phone and computer networks or paralyse systems, making data unavailable.

The threats are growing becoming more serious, too. Gartner explains, “Cybersecurity risks pervade every organisation and aren’t always under IT’s direct control. Business leaders are forging ahead with their digital business initiatives, and those leaders are making technology-related risk choices every day. Increased cyber risk is real — but so are the data security solutions.”

The UK government has launched an open consultation aimed at improving the IT security of the UK economy, they are taking cyber threats very seriously and want your thoughts.

Cyber threats

Types of cybersecurity threats

Cybersecurity threats come in three broad categories of intent. Attackers are after:

  1. Financial gain
  2. Disruption
  3. Espionage

Virtually every cyber threat falls into one of these three modes. In terms of attack techniques, malicious actors have an abundance of options. There are ten common types of cyber threats:

  1. Malware. Software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system.

  2. Phishing. An email-borne attack that involves tricking the email recipient into disclosing confidential information or downloading malware by clicking on a hyperlink in the message. A more detailed explanation can be found here.

  3. Spear Phishing. A more sophisticated form of phishing where the attacker learns about the victim and impersonates someone he or she knows and trusts.

  4. “Man in the Middle” (MitM) attack. Where an attacker establishes a position between the sender and recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and recipient believe they are communicating directly with one another. A MitM attack might be used in the military to confuse an enemy.

a to zAlso see: Cyber Security A to Z

  1. Trojans. Named after the Trojan Horse of ancient Greek history, the Trojan is a type of malware that enters a target system looking like one thing, e.g. a standard piece of software, but then lets out the malicious code once inside the host system.

  2. Ransomware. An attack that involves encrypting data on the target system and demanding a ransom in exchange for letting the user have access to the data again. These attacks range from low-level nuisances to serious incidents like the locking down of the entire city of Atlanta’s municipal government data in 2018.

  3. Denial of Service attack or Distributed Denial of Service Attack (DDoS). Where an attacker takes over many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand. More information about DDOS attacks can be found here.

  4. Attacks on IoT Devices. IoT devices like industrial sensors are vulnerable to multiple types of cyber threats. These include hackers taking over the device to make it part of a DDoS attack and unauthorised access to data being collected by the device. Given their numbers, geographic distribution and frequently out-of-date operating systems, IoT devices are a prime target for malicious actors.

  5. Data Breaches. A data breach is a theft of data by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass a government or institution and espionage.

  6. Malware on Mobile Apps. Mobile devices are vulnerable to malware attacks just like other computing hardware. Attackers may embed malware in app downloads, mobile websites or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts and more.

Preventing Ransomware: Understand, prevent, and remediate ransomware attacksamazon uk

Emerging cyber threats

Cyber threats are never static. There are millions being created every year. Most threats follow the standard structures described above. However, they are becoming more and more potent.

For example, there is a new generation of “zero-day” threats that are able to surprise defences because they carry no detectable digital signatures.

Another worrying trend is the continuing “improvement” of what experts call “Advanced Persistent Threats” (APTs). As Business Insider describes APTs, “It’s the best way to define the hackers who burrow into networks and maintain ‘persistence’ — a connection that can’t be stopped simply by software updates or rebooting a computer.”

cyber attacks1

Sources of cybersecurity threats

Cyber threats come from a variety of places, people and contexts. Malicious actors include:

  • Individuals that create attack vectors using their own software tools
  • Criminal organisations that are run like corporations, with large numbers of employees developing sophisticated attack vectors and executing attacks
  • Nation states
  • Terrorists
  • Industrial spies
  • Organised crime groups
  • Unhappy employees or former employees
  • Hackers
  • Business competitors

Nation states are the sources of many of the most serious attacks. There are several different versions of nation-state cyber threats. Some are basic espionage— trying to learn another country’s national secrets. Others are aimed at disruption.

Many cyber threats are bought and sold on the “dark web,” a disorganised but widespread criminal segment of the Internet. In this online bazaar, aspiring hackers can buy ransomware, malware, credentials for breached systems and more. The dark web serves as a multiplier for threats, with one hacker being able to sell his or her creation over and over.

Cyber Lock 2

Best practices for cyber defence and protection

It’s easy to get frustrated over the severity of the threat environment. However, it is possible to protect your business from cyber threats, whether you are a business or an individual.

Cyber defence for businesses

Enterprise best practices for defence from cyber defence include basic but extremely important countermeasures like patching systems. When a tech vendor discovers (or is informed of) a security flaw in their product, they typically write code that fixes or “patches” the problem.

For example, if Microsoft finds that a hacker can gain root access to Windows Server through a code exploit, the company will issue a patch and distribute it to all owners of Windows Server licenses. They, among many others, do this at least once a month. Many attacks would fail if IT departments applied all security patches on a timely basis.

A host of new technologies and services are coming onto the market that make it easier to mount a robust defense against cyber threats. These include:

  • Outsourced security services
  • Systems that enable collaboration between security team members
  • Continual attack simulation tools
  • Point solutions for anti-phishing and secure browsing

Cyber defence for individuals

For individuals, the best practices are simple.

  • Password hygiene. Big security organisations cannot protect consumers against phishing or hacker who can guess passwords like “abcd.” Common sense and password hygiene can go a long way to protect consumers from cyber threats.

  • Anti-virus software. Subscribe to anti-virus software and keep your system up to date with automated, scheduled scans.

  • Caution against phishing attacks. Be careful about opening file attachments. Phishing and spear phishing emails ones that look real but are not. These are becoming more professionally designed and can look almost exactly like the real thing, always be cautious. For example, if you get an email that says “past due invoice” with a PDF attachment, don’t open it unless you are 100% sure you know who sent it. If you double check, you’ll probably see it comes from an unusual email, like This email address is being protected from spambots. You need JavaScript enabled to view it.. Do not open it, curiousity killed the cat but you don't want to kill your computer!

Advertisement

Cybersecurity Essentialsamazon uk

Summary

It can be a scary time for businesses and consumers who are worried about cyber threats. The threats certainly exist, and they’re getting increasingly potent and frequent. The attackers are varied, with many worrying imbalances between attackers and their targets.

Even if a company is targeted by a powerful nation-state, it is still possible to protect critical digital assets. It takes planning and commitment of resources, but a good security operations team or a proactive individual can stay on top of most of the most serious cyber threats.

Following these practices will seriously reduce your chances of being breached, a little common sense and advanced planning will go along way to protecting your computers and your networks from attacks.


Carl Perkins

A security tech expert, Carl specialises in IT Security having worked in the field for over 10 years and has previous Tech admin roles to his credit. He is very experienced and his contribution is invaluable to us.

2 comments

  • Rob Dutton
    Comment Link Rob Dutton Wednesday, 26 February 2020 10:17

    They are not going anywhere are they!

  • Tom Ferris
    Comment Link Tom Ferris Wednesday, 04 December 2019 12:58

    An excellent and detail explanation, very well done for explaining so clearly

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

Apr 01, 2020 IT Security News

Online privacy is all but gone, say Brits

Nearly 80% of UK consumers believe they have lost any real control over how their personal data is collected and used by...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Apr 10, 2020 IT Security News

The importance of security for UK office printers

When it comes to digital security, we tend not to think about printers as they are often seen as dumb devices with a few...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 14, 2020 IT Security News

Windows 10 is getting DNS over HTTPS (DoH) support

DNS is one of the last protocols that still runs unencrypted on the Internet. ...

Apr 11, 2020 IT Security News

Tips for testing an IT security experts worth in the UK

There is no shortage of people presenting themselves as security experts. Some of them truly are, the others may or may ...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

Apr 22, 2020 IT Security News

Kaspersky shares 10 security and privacy tips when using Zoom

The recommendations from Kaspersky come following recent concerns regarding Zoom's security and privacy. ...

Apr 07, 2020 IT Security News

Eighty per cent of exposed Exchange servers remain unpatched

Over 350,000 Microsoft Exchange servers have not been patched against the CVE-2020-0688 post-auth remote code execution ...

Advertisement
Symantec Home 120x60

Advertisement