This article provides information on enterprise, organization, or business cyber threats. This article will use term ‘enterprise’ for any entity that can be a cyber threat victim.
Cyber threat target enterprises
All enterprises that use computers, IoTs, computer services, or cloud computing to store data or perform day-to-day business activities are cyber threat targets.
Cyber threat perpetrators
Cyber theft / hacking is a crime that is committed with a motive. The following perpetrators have their own motives to pose a cyber threat to an enterprise.
- Business competitor
- Cyber hacker / hacktivist
- Cyber criminals
- Disgruntled employee or insider
- State government or organization
A cyber perpetrator can carry a cyber attack using vulnerabilities in existing software, hardware, infrastructure, machinery, automated devices, or building security access. They can pose cyber threats when they get access to an internal system, IoTs, data server, cloud based services, discarded computer hard drives, discarded IoTs, discarded devices, cloud account, discarded access cards, or discarded sensitive printed material.
See CDSBureau article ‘protecting businesses from cyber threats’.
Cures vary by attacks and are beyond the scope of this document.
Cyber threat initiators or sources
Perpetrators can use any of the following to initiate a cyber attack. These can pose cyber threat to any enterprise.
- Unpatched/obsolete software
- Rogue software
- Distributed Denial of Service (DDoS)
- Virus and worms
- Malicious sites
- Social engineering
- Human engineering
- Compromised BYOD (bring your own device)
- Compromised devices / IoTs / computers
- Emails and attachments
- Text messages
Cyber threat risks
The following are are very high-level cyber threat risks and may not be applicable to all enterprises. For an accurate applicability assessment contact CDSBureau or post a comment below.
1. Data Theft:
This risk can occur when a perpetrator steal business data. The perpetrator can sell stolen data to your competitors or criminals. This can cause many adverse impacts including business loss, litigation, lawsuits, brand degradation, and project setback.
2. Data misuse:
This can occur when an unwanted or unauthorized perpetrator gets access to sensitive data. Any internal person or external cyber thief can pose this risk. A cyber perpetrator can manipulate data and present it out-of-context. Snowden is one of the examples who misused the data and shared with unauthorized people.
3. Cyber sabotage:
This risk can happen when a perpetrator gets access to internal automated processes or systems. Destruction is its main purpose. State organizations use this to sabotage other country’s systems like power grid and nuclear plants. Enterprises use this to sabotage their competitors. Cyber sabotage is one of the most dangerous cyber threat risk. The attacker can install malicious software to control machinery and shut it down or crank it up. A perpetrator can use the data and share it on other platforms to sabotage your reputation or new product launch. Cyber sabotage can cause litigation, law suites, destruction, death, defamation, and loss of business.
This risk can happen when a perpetrator gets control of computers, network, systems, devices, equipment, or infrastructure of an enterprise. The perpetrator gives back control to the enterprise in exchange of ransom. Ransomware can cause litigation, law suites, loss of business, defamation, money loss and degradation of service.
This risk can happen when a perpetrator gets access to sensitive information and using that information the perpetrator can blackmail an enterprise. This risk pose a greater threat because extortion can be asked only when the enterprise can be put in a grave situation.
6. Data loss
This risk can happen when perpetrator gets access to enterprise data. They can wipe the data causing enterprise to loose important information. This can impact business and push a business back to many years.Share and like us at