Understanding Cyber Threats in Today’s Digital World

Today’s cyber threat landscape is constantly evolving. Modern organizations face a growing number of cyber threats that are increasingly complex. There’s no one-size-fits-all formula for deciphering exactly what a cyber threat may be for your organization compared to another. However, understanding your cyber threat landscape, as well as how to prioritize cyber threats for remediation, is a great first step in developing a cybersecurity program. As you understand more about the cyber threats your organization faces and the potential impact on your most critical operations, the more prepared you will be to adapt your cyber hygiene practices and mature your cybersecurity measures over time.

The National Institute of Standards and Technology (NIST) defines a cyber threat as a circumstance or event that could potentially negatively impact operations. For example, if an attacker successfully exploits the threat, it could result in losing the ability to deliver products or services.

As a result, there could be far-reaching impacts on your relationships with your customers, your brand, your vendors, partners, key stakeholders, and, in some extreme cases, the market you're in. A cyber threat can also negatively impact your internal operations and staff. For example, if your organization is a critical infrastructure provider, there may be potential for negative impact on the nation from these threats.

In many cases, a successfully exploited cyber threat can result in a threat accessing a range of important and sensitive data, which the attacker could destroy, make public, change, or create a denial of service (DoS).

The Cybersecurity and Infrastructure Security Agency (CISA) points out that cyber threats don't just come from unknown or known outside sources; they can also originate from within your organization by trusted users. These are insider threats.

Often, when there are news-making threats for critical infrastructure or other important critical services, nation-state threat actors are in play.

CISA says that national governments as cyber threats could be anything as low-level as a nuisance created when attackers deface web pages to life-or-death situations when critical infrastructure is involved.

"Only government-sponsored programs are developing capabilities with the future prospect of causing widespread, long-duration damage to U.S. critical infrastructures," CISA points out.

Another potential cyber threat actor may be a terrorist or an adversary to the nation. While their intent may be similar to national governments, they may not have the same abilities as nation-state threat actors. Their tactics are likely less developed. CISA says terrorists pose a limited cyber threat; however, this could be an increasing point of concern in the future as new generations join terrorist ranks with more technological experience.

Organized crime groups and industrial spies are also well-known as cyber threat actors. While their threat isn't as high as a nation-state threat actor, they carry some weight in their abilities to create disruption or damage via cyber-attacks. Often, they're focused on industrial espionage. They're also wanting to follow money, knowing these attacks can be lucrative, especially when targeting big business.

While a traditional hacker may be the most well-known type of cyber threat actor, there are also an increasing number of hacktivists joining the ranks. These threat actors are generally politically motivated and, according to CISA, have a medium-threat level. They may successfully carry out only isolated attacks, but those attacks can be damaging. Unlike nation-state cyber threat actors who are focused on destroying or disrupting critical infrastructure, hacktivists generally engage in cyberattack activities that promote agendas more than causing harm.

And finally, there are well-known hackers who generally operate alone or as part of small groups. These attackers pose a lesser threat; however, their threat opportunities are more widespread with varying potential for outcomes. Some hackers want notoriety. Some want fortune. Some just want to prove they can do it.

In terms of critical infrastructure, most lone hackers don't have the skills or resources to be a significant threat; however, because there are so many, they have the ability to create a significant cyber event that could have lasting impact.

CISA identifies some of these sub-groups as:

• Script kiddies: Use available research and tools to exploit vulnerabilities and exploit code.

• Worm and virus writers: Usually write worm and virus code, but not exploit code.

• Security researchers and white hat hackers: Bug hunters and code exploiters looking for weaknesses that usually financially benefit from their identification.

• Black hat hackers: Similar to bug hunters and code-exploiters, they are often paid to write code or intentionally try to hack networks.

Yes. There are different types of cyber threats. While often thought of in terms of technology issues, vulnerabilities or weaknesses, cyber threats may also be individuals who intentionally or inadvertently employ measures to cause harm.

There are many types of cyber threats, and they’re constantly changing and evolving, especially as organizations adopt and implement new technologies, like cloud services.

While not all-encompassing, here are a few examples of common cyber threats:

• Exploitation of misconfigurations and unpatched systems

• Phishing: Sending fake emails that look like they're from real sources to trick people into revealing information like usernames, passwords and payment info.

• Credential stealing: Because people often use the same usernames and passwords across many sites, attackers can collect usernames and passwords from one breach and then use them to access other sites.

• Malware: Malicious software that gives attackers system access.

• Denial of Service (DoS) and Distributed Denial of Service (DDoS): Flooding attacks that use up bandwidth so systems can't respond to actual service requests.

• Cross-Site Scripting (XSS): Putting malicious code on websites to target visitors.

• Man-in-the-Middle (MitM) attacks: Compromising users through unsecure networks like public Wi-Fi.

• SQL Structured Query Language (SQL) Injection: Putting malicious code on a server and then using SQL to access sensitive information that otherwise wouldn't be accessible.

• Zero day exploits: Exploiting a system after a threat is publicly announced but before a patch or other fix is released.

• Spam: Attackers send unwanted and unsolicited messages, usually in great volume, to lure a user into clicking a malicious link, downloading a malicious file, or giving up sensitive information, such as credentials.

• Cloud vulnerabilities: A cloud security vulnerability is a weakness within a cloud computing environment, for example an insecure API, poor access management, or system misconfigurations.

• Misconfigured code: A growing number of hackers are successfully finding security weaknesses within code where a misconfiguration early on is missed during code development and testing, opening the door to exploit that weakness.

• Insider threats: While many insider threats take the form of a disgruntled employee or employee who has been lured (for example, by financial incentives) to commit actions that can harm an organization, unintentional actions by employees or connected partners may also introduce insider risks.

• Malicious links: These links are generally part of emails or websites where a would-be attacker has intentionally created a link that leads to things such as viruses or malware to enable them to access devices or convince a user to provide credentials.

• Lost or stolen assets: Lost or stolen assets, especially those not protected with passwords and/or encrypted are cyber threats. This isn't just a lost smartphone or laptop, it can include a range of devices that might contain data, for example a tablet, an external back-up drive, thumb drive, etc.

• Unencrypted data and devices: If your devices are unencrypted, a threat actor may be able to read and access your unprotected data.

• Social engineering: Social engineering is a cyber threat because the tactics trick people into releasing confidential or sensitive information that attackers can then use for fraudulent activities.

• Unpatched vulnerabilities: Attackers love unpatched systems. Often, known vulnerabilities for software and devices go unpatched and attackers can employ tactics to exploit those weaknesses to get access to systems and networks.

• No continuous vulnerability monitoring: Without continuous vulnerability monitoring, your organization lacks insight into any new potential risks or vulnerabilities as your environment changes, potentially introducing new cyber threats you don't know exist.

Exposure management helps organizations see, predict, and act to identify and address cyber threats. Exposure management and cyber risk management are often used interchangeably, both helping to identify cyber threats and then prioritize which have the greatest potential impact on your operational resilience so you can remediate those issues.

Exposure management aligns with the cybersecurity lifecycle and creates a framework you can use to continuously seek out cyber threats and mature your cybersecurity practices.

In simple terms, exposure management helps unify your security goals and objectives with those of your business so you can make better informed business decisions based on a range of risks, for example, cyber threats, so you continuously assess your security practices and improve your cyber hygiene.

Three components of the exposure management lifecycle include:

• See: Identify and map all of your assets for visibility across your environment

• Predict: Use threat intelligence and business context to discover which vulnerabilities attackers may be most likely to exploit

• Act: Remediate or mitigate your critical cyber threats

While the terms cyber threat and cyber risk are often used interchangeably, they are not the same. A cyber threat is the possibility a cyberattack may occur. A cyber risk, however, takes into account risk associated with that cyber threat and to determine potential impact. A cyberattack, although interrelated, is the actual action a threat actor may take to successfully exploit a security issue.

Cyber threat management is important because it can help you understand how to use technical data, automation tools and other resources to make better business decisions.

The reality for modern business is that the threat landscape is constantly evolving. As it rapidly changes, it's also more complex. Systems are no longer just servers and networks. Today's business operations span a range of devices, systems and locations — from on-premises assets to the cloud, and even into operational technology, internet of things (IoT) and industrial internet of things (IIoT) devices.

Unfortunately, many organizations still take a compliance-driven approach to the cyber threat management practices, instead of one driven by cyber threats and potential impact. Instead of building proactive and flexible programs, some organizations focus on meeting minimum requirements for their compliance and regulatory bodies. While that might keep you out of compliance crosshairs, it may not be enough to protect you from the evolving, sophisticated attack methods hackers employ today to exploit cyber threats.

While meeting compliance and other regulatory standards is paramount, it should not be the single-most driving factor for your cyber threat management program. Doing so may mean you're just not secure enough.

Without a comprehensive and well thought-out cyber threat management program, it can be nearly impossible to keep up with all of your assets and related vulnerabilities and security issues. A cyber threat management program can help you identify and inventory all of those assets, identify your critical operations and services, know all of your vulnerabilities and weaknesses, help prioritize which ones you should address first, and then continuously get insight into all of your risks as your environment scales and evolves.

Also, another important benefit of cyber threat management is it can help you build a strategy that proactively accesses areas where you may be at greatest risk so you can stay one step ahead of attackers.

Often, organizations that don't have mature cyber threat management programs don't find out where they have potential exploits until it's too late — either after an attack is underway, which can go unnoticed for months and months, or when faced with an audit or investigation into a potential issue.

Cyber threat management is a framework to close security gaps. Organizations that don't have a cyber threat program often discover they have no comprehensive visibility into their threat landscape. They aren't able to track all of their security issues quickly, accurately and efficiently; and they can't create reports that align cyber goals with business objectives. That means they often struggle to build a culture that encourages everyone to take part in the ongoing battle against cyber threats.

And, in an industry where it's difficult to find, attract and retain skilled, qualified professionals, programs without efficient cyber threat management practices often end up with overworked, burned out, exhausted IT and security team members. Those issues can negatively affect focus and vision, creating another unique set of cyber threats.

There are some best practices your organization can employ to help you better identify cyber threats.

First, you need insight into what today's threat landscape looks like. While many organizations try to do this by keeping their security teams involved in industry news and research, you may find it more effective to partner with a resource such as Tenable Research. Your teams are already busy seeking out weaknesses and trying to remediate them. It's almost impossible for a small team or an already busy team to identify all of today's biggest threats. Instead of using your team's time and resources for that big-picture research, a team like Tenable can help ensure it's delivered to you, right within your Tenable product of choice. That way, you can focus your team's attention on figuring out which of those important vulnerabilities are applicable to your environment and how to prioritize which ones to address first.

And, it's not just about threats within your organization. Cyber threats are always evolving externally as well, so you'll need a good read on what those are so you know where to focus your attention.

Next, once you're familiar with what the threat landscape looks like, you need visibility across your entire environment and through all of your assets. Remember, it's no longer just about IT assets on site. Your teams likely have a gamut of mobile devices to monitor, as well as software-as-a-service applications, and other cloud-based solutions.

Visibility into all of your assets supported by an accurate (and automatically updated) asset inventory is key. Without knowing which assets you have, as well as when and how they are used, you can't identify where you have weaknesses. Asset inventory, as well as identification of critical services and operations, is a key early step in identifying cyber threats for your organization.

Once you know where all of your assets are and how they're being used, you'll need help identifying all of your potential vulnerabilities, misconfigurations, unpatched systems and other security issues. Consider using a tool that automates vulnerability identification for you, such as Tenable Nessus.

Nessus Network Monitor, for example, gives you continuous insight into vulnerabilities in your environment. And, unlike having your team go out and try to discover all potential security issues manually, you'll have access through Nessus to 78,000 CVEs, more than 174,000 plugins, with 100 or more new plugins added weekly.

Tenable One, for example, is an exposure management platform that will help you determine not just where you have those cyber threats, but the risk they pose to your organization. It's a way to know your cyber risk at any time, no matter how or when your environment changes.

With a tool like Tenable One you can also easily prioritize which of these cyber threats you should focus on first. Tenable's Vulnerability Priority Rating (VPR) gives you an easy-to-understand score so you know what to focus on first.

So, now that you've identified where you have vulnerabilities and prioritized which ones your team should address first, it's time to put your response actions into play. While playbooks, policies and procedures are critical here, a tool like Tenable can help automate your response based on your preset parameters or industry recognized best practices. A platform like Tenable One can help you quickly alert and notify key team members based on their roles and responsibilities, again, helping you stay ahead of attackers before they have a chance to exploit a weakness you didn't know was there.

While many organizations use the Common Vulnerability Scoring System CVSS to prioritize their cyber threat remediation processes, many find it difficult to work through. That's because many CVSS come back with a vulnerability rating of critical or high, without taking into account your organization's environment or business needs. As a result, teams get buried beneath a mountain of vulnerabilities they can't work through, all while new vulnerabilities are discovered with similar ratings. Where do you focus?

Instead, consider using Tenable's VPR to manage your vulnerability prioritization processes. Using Tenable's Predictive Prioritization technology, your organization can get more accurate insight to more effectively and efficiently improve your remediation strategies.

Each vulnerability gets a VRP based on severity of either critical, high, medium, or low. However, VPR also takes into account technical impact as well as the threat, meaning what's the likelihood an attacker might exploit that weakness and what would its impact be on your operations if successful. This is based on research that draws on recent threat activity and potential future threat activities.

This differs from the traditional CVSS approach because it takes into account more than just technical severity. VPR also considers risk. VPR takes into consideration vulnerabilities with known exploit codes. That's because those with publicly available exploit codes are more likely to be used in a cyberattack. Those with a higher maturity for exploit code are more likely rated critical or high through VPR, making it more effective than prioritization scoring through CVSS.

As demonstration of the differences between CVSS and VPR scoring, on average, VPR rates about 700 vulnerabilities as critical, whereas there may be tens of thousands of vulnerabilities scored as critical through CVSS. With fewer vulnerabilities rated as critical through VPR, it's easier for your organization to know where to focus remediation efforts first.

Want to know more about VPR and CVSS and how they're different? Read this blog for a deeper dive.

Your organization's strategy to mitigate or remediate cyber threats is contingent upon a range of information that's unique to your business and goals. However, there are some best practices to mitigate some of these threats:

• Complete an asset inventory and update it regularly. You can't identify all of your cyber threats without knowing where your assets are and how they're used.

• Conduct routine risk assessments using a best practice risk management framework.

• Consider using a vulnerability assessment solution that automates many of your routine processes, including role-based alerts and notifications.

• Know your current security posture.

• Identify security gaps. Prioritize remediation and develop plans to address security weaknesses.

• Establish a target security profile and routine evaluate, modify and update your processes to mature your cyber hygiene practices.

• Update software. There are often known, unmediated vulnerabilities in software systems that must routinely be updated to address. Consider automating these processes if you can.

• Adopt identify and access management policies and procedures. Consider enabling least possible access controls that enable users to complete required tasks, but not access other information. Be sure to have systems in place that automatically remove users from your systems if they depart from your organization or change roles.

• Establish network access controls, such as zero trust.

• Employ endpoint security.

• Set up firewalls.

• Enforce password management best practices, including secure steps to reset passwords and other credentials.

• Maintain and manage approved software lists, as well as management of trusted certificates for approved solutions.

• Use additional security measures such as multi-factor authentication, especially for users with elevated privileges.

• Employ encryption technologies.

• Develop, test and routinely update your system recovery plans.

• Employ a continuous network monitor for instant insight into potential network intrusions.

• Employ antivirus and anti-malware solutions.

• Educate and train your staff on cyber threats and conduct routine exercises to determine where you may have potential weaknesses (For example, send a test email with what looks like a potential malicious link. Do you have users who routinely will click those links or download unknown attachments?)

• Conduct phishing exercises to see if you can successfully exfiltrate credentials or other sensitive data from your staff.

• Conduct internal and external penetration tests to identify security weaknesses and ensure your security defenses work as intended.

• Partner with a team like Tenable so you're always updated on current cyber threats.

• Employ vulnerability assessment and vulnerability management best practices.

• Develop a system back-up plan and routinely test it against a variety of potential disruptive scenarios.

• Patch applications and operating systems where you can and employ a patch management schedule.

• Employ a security platform that gives you insight across your entire attack surface, from traditional IT to the cloud and into IoT, IIoT, and OT operations.

The coronavirus pandemic, which accelerated technology adoption and remote workforce opportunities for many organizations beginning back in 2020, introduced a growing list of cyber threats for modern business. In no specific order, here are some of the biggest cyber threats facing organizations today:

• Ransomware

• Malware targeting mobile devices

• Supply chain and third-party vendor risks

• Social engineering

• Phishing schemes

• Cloud security weaknesses

• Misconfigurations

• More attacker focus on critical infrastructure and operational technologies

• More application security issues, for example Log4j

• Staffing shortages in IT and cybersecurity

• More advance persistent threats (APTs)

• Work-from-home security risks via unsecure networks and devices

Yes. There are cyber threat frameworks you can use to build and mature your cyber threat management program. For example, the U.S. government developed a cyber threat framework to help organizations understand what a cyber threat is, providing a common language to identify and discuss cyber threats. This framework aligns threat actor objectives with a threat lifecycle, focusing on stages of preparation, engagement, presence, effects and consequences.

One of the most widely used frameworks is the NIST Cybersecurity Framework (NIST CSF). This is recognized as a best practice approach to help organizations identify cyber threats and manage cyber risks. By employing NIST CSF, your organization can get better insight into all of your vulnerabilities and cyber threats, as well as their potential impact, and then reduce these risks and make response and recovery plans.

Depending on your industry, location and business-type, here are some other cyber threat-addressing frameworks to consider:

• ISO 27001

• ISO 27002

• SOC2

• NERC-CIP

• FISMA

• HIPAA

Tenable's risk-based vulnerability management platform is a great way to identify, prioritize and remediate your cyber threats.

Unlike legacy vulnerability management practices, risk-based vulnerability management is more than just discovering vulnerabilities in your enterprise. It enables you to identify assets and associated risks and also get practicable, understandable information to understand which cyber threats pose the greatest risk to your organization, so you can make plans to remediate those that matter most first.

With Tenable One, for example, you can eliminate a fragmented approach to exposure management and get complete visibility into your entire attack surface, starting with infrastructure as code (IaC), and all of your traditional IT assets, your cloud environments, OT, web apps, Active Directory, and more.

Tenable One continuously analyzes more than 20 trillion threat aspects and vulnerability and threat data using machine-learning algorithms. It helps you see where you have cyber threats across your entire enterprise and so you can prioritize them in a way that makes most sense for your business.

With Tenable's cyber threat research and tools, you can close your cyber threat gap and better secure your evolving attack surface. And remember, it's not just about identifying your cyber threats. It's about getting insight into which of those threats may have the greatest risk to your organization now and in the immediate future and helping you prioritize and remediate those risks as quickly and accurately as possible.

Tenable Lumin, for example, will generate a Cyber Exposure Score (CES) that can help you calculate, communicate and compare the risks related to your relevant cyber threats. Within its dashboard, Lumin gives you insight into your current CES and quantifies your risk level, assessment maturity, and remediation maturing. You can even compare your program effectiveness by benchmarking internally and against your industry peers.

With risk-based exposure scoring and prioritization, you'll always have insight into your biggest cyber threats — specific to your organization and your unique environment.

Tenable enables you to apply business context to all of your cyber threats. That helps you prioritize and remediate and also builds a bridge between your IT and security teams by helping them speak a language your executives and key stakeholders understand. With that support, your cyber threat management program is no longer just about tech terms and possibilities. It enables you to quantify the risks of those cyber threats in a way that has meaning to your organization. And ultimately, this type of communication can build executive engagement with your program, helping to support your needs for additional personnel, tools, time and resources as needed.

Vulnerability Management: A Fundamental First Step to Improve Cyber Hygiene and Reduce Cyber Risk

Boosting Confidence in Governments’ Cybersecurity

Why Food and Beverage Companies Should Crack Down on Industrial Cyber Threats

Think Like An Attacker to Take Control of Your Active Directory Defenses

Exposures 2022: We Predict One or More of These 5 Cyber Trends Will Really Matter to Your Business This Year

The Threats, Vulnerabilities, Attacks and Incidents That Made 2021