With so many different types of threats circulating, it is difficult for network security administrators to find a comprehensive solution for their secure networks. By identifying which threats are the most dangerous to their organization, security administrators can effectively focus their resources where they are needed most.
The costs associated with a data breach vary for different types of organizations as do the individuals identified as targets by cyber criminals. Any individual with a high level of responsibility can be a valuable target in the minds of hackers.
For some organizations, one of the biggest concerns is finding a way to prevent PII from being stolen. For military and government organizations in particular, this threat is of greater concern. For example, leaks of classified information could potentially give other nations an advantage in the event of a conflict or even cause diplomatic problems, as they did during the leak of classified information from the Edward Snowden case. Insurance companies, banks and retailers have many of the same concerns because they are all entrusted with highly sensitive customer information. If customer information were stolen or leaked, it would be detrimental to the reputation of these institutions while also causing a financial loss. For these organizations, it is important to focus cybersecurity efforts on tackling threats that could result in an unintentional loss of customer data. In order to prevent the loss of data, companies need to implement systems that prevent information leakage, such as firewalls and scanning systems that examine content leaving the organization. Another way to prevent the loss of data is to define security policies that include processes for how users are supposed to handle data. Any user that has access to PII should be prevented from taking that information out of the organization, either by disallowing digital devices from leaving a secure area or by requiring any portable media to be scanned for threats upon its exit. Once these policies have been defined, it is also important to make sure that all users and systems stay in compliance so that hackers don't exploit vulnerabilities.
In some cases, cyber criminals may try to cause damage once they are inside of an organization instead of trying to extract PII from within. Operators of critical infrastructure are often victims of this particular type of attack. The greatest risk to operators of critical infrastructure, such as a nuclear facility, is that a targeted attack will cause disruption to the operation of the facility. This could occur if attackers disabled critical systems or caused those systems to malfunction, potentially having disastrous consequences. The Stuxnet virus is an example of this type of threat, wreaking havoc once inside Iran's nuclear facility. Stuxnet was designed to cause a disruption in very specific equipment, not to extract information from the secure environment. For a visual representation of how this virus spread, you can take a look at the diagram below:
Image Credit: IEEE Spectrum
The associated costs of a nuclear power plant meltdown or the shutdown of elements of a national power grid would be tremendous, and that's why facilities need to invest in protecting critical infrastructure and implement effective security policies. A majority of their efforts and resources should be spent on preventing threats from entering a secure area, compared to the resources needed to prevent information from leaving.
In a perfect world, every organization would be able to implement the absolute best defenses to prevent all types of threats, regardless of the relative risks. Unfortunately, organizations have finite budgets and resources for implementing a data security policy and preventing different types of threats. In order to work within the constraints of limited resources, each organization needs to identify exactly what risks exist as a result of different threats and allocate the resources available to them appropriately. It is very unlikely that any two organizations will face the exact same set of risks, meaning there is no one-size-fits-all solution. The best solution is usually the one that can adapt to an organization's changing needs while providing the right balance of costs and risk mitigation.
Each industry has a different set of risks and concerns and thus needs a unique solution in order to address threats. Stay tuned for the first piece in our series, which will focus on malware targeting the energy industry.
