It's always good to stay grounded and get back to the basics once in a while. Being in the world of security information and event management (SIEM), we keep hearing of so many securitythreats and breaches, and this was one such thing with which the week started. A Security Week report said some suspected Chinese hackers defaced the website of the Philippines News Agency, a possible repeat of cyber-attacks last year also blamed on China during a territorial row.
So, why are organizations prone to attacks all the time? For this we need to understand the possibilities of security threats followed by a proper network security audit. We all know that security in a network or a system is strongly related to the notion of dependability. The bottom line is that we need to ensure we can protect business services and data against possible security threats.
So what are threats?
In simple terms, a threat is a potential, unauthorized danger on corporate IT infrastructure that can exploit a vulnerability to breach security and cause problems. Businesses face many external and internal threats that can corrupt hardware and compromise data. Today's security threats are more sophisticated than ever, and they’re growing at an unprecedented rate.
You can classify security threats into two major groups based on the threat sources – external and internal.
Anyone or anything outside your organization that attempts to gain unauthorized access to your organization networks using the Internet or any other networks qualifies as an external threat. According to a DTI (Department of Trade and Industry) survey, 72% of all companies received infected e-mails or files last year, and for larger companies this figure rose to 83%.
Let discuss some types of external security threats which have always been the issues that IT leaders claim as their prime concern.
- Malware: It is a code or software that is specifically designed to damage, disrupt and inflict some illegitimate action on data, hosts, or networks. Viruses, worms, Trojans, and bots classify under this category.
- Hacking: It’s all about exploiting the vulnerabilities in your network.
- Spam: All unwanted online communications belong to this category.
- Phishing attempts: These are about all possible fraudulent attempts to breach into the system and access data.
Alright, let’s move on to internal threats. Believe me, you can never write off internal threats, the most significant threats an enterprise faces come from within. Let me quickly give you a couple of scenarios:
- Data Leakage: Insiders are those who set up and maintain critical databases, network segments and web portals. They might quietly move sensitive data off a network by using USB devices, especially when there is no USB protection. Also, data leakage happens via many other means.
- SQL injection: This type of attack forces a database to yield otherwise secure information by causing it to confuse classified data, such as passwords or blueprints with information that is available for public consumption, such as product details or contacts.
For more on each kind of threats, stay tuned with us. There’s more coming!!