UNDERSTANDING THE CURRENT THREAT LANDSCAPE
Right from the days of the Creeper and the Reaper, the cybersecurity industry has experienced growth to match the growth of computer technologies. Consequently, leaderships of organisations are beginning to understand the role of cybersecurity in their industry. Board members and senior management now see cybersecurity as one of the key talking points in organisational matters. This is mostly because the cybersecurity threat landscape has grown and changed for practically every industry.
Cybersecuritythreat landscape, as the name implies, are the range and number of cybersecurity threats, vulnerabilities and attacks that are prevalent in a domain or context. In simple terms, it defines the range of cyber-attacks that may be targeted at organisations in a particular industry, location, etc. The threat landscape is dependent on basic concepts like current identifiable vulnerabilities on assets, current threats, threat vectors, risks, threat actors and observed trends, and may be peculiar to different industries. It is important that organisations understand their current threat landscape because the attack vectors used by cybercriminals are always evolving.
Threat Vectors are the different routes that malicious attacks may take to get past your organisations defenses and infect your network. They are essentially the various means hackers explore in order to perform a cyber-attack.
Threat actors, on the other hand, are individuals who attempt to take advantage of vulnerabilities and low cyber security controls to infiltrate organizations’ defenses and perform malicious activities. Threat actors are mostly hackers.
The current cybersecurity threat landscape requires meticulous preparation from cybersecurity teams because of the vast range of cyber-attacks. Unlike before, when only large corporations had computers and there was little traffic on the internet, there are billions of devices connected to the internet. As more devices get connected to the internet, there are more attack vectors and more cyber-attacks that can be targeted at an organisation.
Some of these cyber-attacks that can be targeted at today's organisations include: ransomware, DDoS, Spyware, and Man-in-the-Middle Attacks, etc (Follow this link to read more on cyber-attacks)
Some effects of falling victim to the ever-changing cybersecurity threat landscape include:
- Financial losses
- Reputational Damage
- Senior Management & Board job Losses
- Loss or Destruction of Sensitive Organisational Information
- Exposure of customer personal information
In 2019 alone, several organisations were victim to the latest cyber-attacks. Some of the top 10 cyber-attacks of 2019 include:
- Singapore Ministry of Health: On 28 January 2019, the Singapore MOH admitted to a data breach exposing sensitive information records of 14,000 individuals diagnosed with HIV. This information was subsequently leaked online.
- Capital One: In an official statement, Capital One disclosed that it had suffered a data breach impacting 100 million people in the US and 6 million in Canada. This data breach led to breach of social security numbers and several other private information.
- Adobe: On 19 October 2019, Adobe found out that primary data of Adobe Creative Cloud users (including emails, country of origin, usernames) were exposed online
In view of all these possible scenarios, senior management and Board of Directors are paying keener attention to cybersecurity. For example, according to a research by The Conference Board, cybersecurity is now number 1 threat facing CEOs in the USA and among the top 10 facing global CEOs.
It is, therefore, imperative, for organisations to pay attention to the current threat landscape, and plan accordingly.