The Cybersecurity Threat Landscape
The “cybersecurity threat landscape” is a phrase that is used to describe nefarious cyber
actors, and the tools, tactics, techniques,
and vectors they use to achieve objectives. Cyber
threats are dominating the news coverage and are as ubiquitous in organizational
discussions as the financial balance sheet. In fact, cyber threats rank as one of the top
threats identified by the United States government.
According to a February 2018 report from the Office of the Director of national intelligence,
Daniel Coats: “The potential for surprise in the cyber realm will increase in the next year
and beyond as billions more digital devices are connected—with relatively little built-in
security—and both nation states and maligned actors become more emboldened and better
equipped in the use of increasingly widespread cyber toolkits”(Coats, 2018).
We will begin by reviewing current trends in threat vectors, or the means by which the cyber
actors exploit the user and organization. Then, we will review the known advanced cyber
actors, which are called advanced persistent threats (APTs). Understanding how these
advanced actors operate, what they typically target, and the vectors by which they exploit to
achieve their objectives will lead to a better chance of limiting their impact on the
organization.
Cybersecurity Threat Vectors
Threat vectors, like the technology they take advantage of, are constantly evolving. For example,
just a few years ago we saw a shift in cybersecurity threats toward connected devices. Why the
shift? The connected devices were considered low-hanging fruit. They included everything from
traditional devices (routers) to modern devices (microwaves)that were previously not connected to
the internet. As the internet of things (IoT) evolves and grows in size, cybersecurity threat actors
take advantage. Devices such as thermostats or other IoT devices often have no underlying security
mechanisms or controls.
Beyond connected devices, ransomware has also become a problem for many
organizations. Ransomware is like malware, but has a different intent. With ransomware,
the threat actor is typically after some form of ransom, such as money. The threat actor will
typically gain access to the organizational information systems just as in any other
cybersecurity vulnerability, but instead of stealing or deleting information, the threat actor
may encrypt the data at rest and threaten to destroy (or release) it unless a ransom is paid.
Several health care facilities have had their data hacked with ransomware. These situations
will continue to evolve as the underlying technology and the way we use it evolves.
Advanced Persistent Threats
An advanced persistent threat (APT) is similar to any other cyber threat actor except for that
APTs are able to stay undetected for a long time. They may use the same threat vectors to
Answer Preview
