In addition to cybercrime, cyber attacks can also be associated with cyber warfare or cyberterrorism, like hacktivists. Motivations can vary, in other words. And in these motivations, there are three main categories: criminal, political and personal.
Criminally motivated attackers seek financial gain through money theft, data theft or business disruption. Likewise, the personally motivated, such as disgruntled current or former employees, will take money, data or a mere chance to disrupt a company's system. However, they primarily seek retribution. Socio-political motivated attackers seek attention for their causes. As a result, they make their attacks known to the public—also known as hacktivism.
Other cyber attack motivations include espionage, spying—to gain an unfair advantage over competitors—and intellectual challenge.
Criminal organizations, state actors and private persons can launch cyber attacks against enterprises. One way to classify cyber attack risks is by outsider versus insider threats.
External cyber threats include:
Insider threats are users who have authorized and legitimate access to a company's assets and abuse them either deliberately or accidentally. They include:
Cyberattacks happen because organizations, state actors or private persons want one or many things, like:
In the current, connected digital landscape, cybercriminals use sophisticated tools to launch cyber attacks against enterprises. Their attack targets include personal computers, computer networks, IT infrastructure and IT systems. And some common types of cyber attacks are:
A backdoor Trojan creates a backdoor vulnerability in the victim's system, allowing the attacker to gain remote, and almost total, control. Frequently used to link up a group of victims' computers into a botnet or zombie network, attackers can use the Trojan for other cybercrimes.
DoS and Distributed denial-of-service (DDoS) attacks flood a system's resources, overwhelming them and preventing responses to service requests, which reduces the system's ability to perform. Often, this attack is a setup for another attack.
Cybercriminals use DNS tunneling, a transactional protocol, to exchange application data, like extract data silently or establish a communication channel with an unknown server, such as a command and control (C&C) exchange.
Malware is malicious software that can render infected systems inoperable. Most malware variants destroy data by deleting or wiping files critical to the operating system's ability to run.
Phishing scams attempt to steal users' credentials or sensitive data like credit card numbers. In this case, scammers send users emails or text messages designed to look as though they're coming from a legitimate source, using fake hyperlinks.
Ransomware is sophisticated malware that takes advantage of system weaknesses, using strong encryption to hold data or system functionality hostage. Cybercriminals use ransomware to demand payment in exchange for releasing the system. A recent development with ransomware is the add-on of extortion tactics.
Structured Query Language (SQL) injection attacks embed malicious code in vulnerable applications, yielding backend database query results and performing commands or similar actions that the user didn't request.
Zero-day exploit attacks take advantage of unknown hardware and software weaknesses. These vulnerabilities can exist for days, months or years before developers learn about the flaws.
If successful, cyber attacks can damage enterprises. They can cause valuable downtime, data loss or manipulation, and money loss through ransoms. Further, downtime can lead to major service interruptions and financial losses. For example:
As an illustration, DarkSide, a ransomware gang, attacked Colonial Pipeline, a large US refined products pipeline system, on April 29, 2021. Through a virtual private network (VPN) and a compromised password (link resides outside of ibm.com), this pipeline cyber attack gained entry into the company's networks and disrupted pipeline operations. In effect, DarkSide shut down the pipeline that carries 45% of the gas, diesel and jet fuel supplied to the US east coast. They soon followed their shutdown with a ransom note, demanding almost USD 5 million in Bitcoin cryptocurrency, which Colonial Pipeline's CEO paid (link resides outside of ibm.com).
After all, Colonial Pipeline hired a third-party cybersecurity firm and informed federal agencies and US law enforcement. USD 2.3 million of the ransom paid was recovered.
Organizations can reduce cyber attacks with an effective cybersecurity system. Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks, involving technology, people and processes. An effective cybersecurity system prevents, detects and reports cyber attacks using key cybersecurity technologies and best practices, including:
A threat management strategy identifies and protects an organization's most important assets and resources, including physical security controls for developing and implementing appropriate safeguards and protecting critical infrastructure.
The threat management system provides measures that alert an organization to cyber attacks through continuous security monitoring and early detection processes.
This process involves ensuring an appropriate response to cyber attacks and other cybersecurity events. Categories include response planning, communications, analysis, mitigation and improvements.
Cybercrime can disrupt and damage enterprise business. In 2021, for example, the average cost of a data breach was USD 4.24 million globally and USD 9.05 million in the United States. These costs include discovering and responding to the violation, the cost of downtime and lost revenue, and the long-term reputational damage to a business and its brand. And in the case of compromised PII, it can lead to a loss of customer trust, regulatory fines, and even legal action.
Transform your security program with the largest enterprise security provider.
Get an intelligent, integrated unified threat management approach to help you detect advanced threats, quickly respond with accuracy, and recover from disruptions.
Whether on-premises or in hybrid cloud environments, data security solutions help you gain greater visibility and insights to investigate and remediate threats while enforcing real-time controls and compliance.
SIEM solutions centralize visibility to detect, investigate and respond to your most critical organization-wide cybersecurity threats.
A zero trust approach aims to wrap security around every user, every device, every connection, every time.
Gain insights into threats and risks and respond faster with automation. Explore the integrated security platform.
Read about the state of today's cybersecurity vulnerabilities, the vulnerabilities that linger unpatched, and the top 10 common vulnerabilities and exposures (CVEs) for enterprises of 2020.
Read the latest on cyber attacks, from cybergangs to reasons why cyber attacks are increasing.