The source of a threat is a specific entity acting on the asset we want to protect. It can be living or inanimate.
The actual threat is likely a specific event that impacts the asset we’re worried about. The point at which that asset is damaged or stolen.
Risk is the probability that a threat will actually occur AND the probability that if a threat occurs, the asset or assets that we’re worried about are impacted.
As a vCSO, you will want to be able to help leadership teams and boards understand their threats, the sources of those threats and the risks they pose towards their organization. Your job will be to get them to understand what is at stake, how hackers get in and what is motivating them to do so. This will set you up for a great conversation that will start moving the conversation toward solutions rather than fixating on problems.
Here are some of the more common mechanisms of threats. By understanding how threats are implemented and having conversations about this with your clients, you will be able to get them to help come up with a strategy—which will almost always end with an advanced security stack addressing the threats of most concern.
Social Engineering — The main ways that social engineering impacts our organizations and those that we support are through fraudulent emails, fake websites, phone calls and texts. They also can occur through social networks, advertising, or identify spoofing.
Botnet — Botnet tools can include management elements, malware spread to control devices, or through device management (such as rules on control devices).
Malware — Main types of malware include adware, spyware, viruses, worms, trojans, backdoors in software, rootkits, keyloggers and ransomware.
Spam and Phishing — Spam and Phishing attacks include the likes of phishing emails, malware, scam requests, and fraudulent offers.
Hacking — Main methods of hacking include social engineering, password breaking, port scanning, using malware to infiltrate a computer system, phishing cross site scripting, eavesdropping on communications.
Cracking — Cracking is a type of attack that attempts break security in place.
Sniffing — These types of attack attempts to surveille or steal data when data is transmitted across a network.
DoS, DDoS, DRDos attacks — These types of attacks can stem from one or more devices overwhelming an affected server with many queries.
It would be a good idea to get your clients onboard with the above threat mechanisms to get them thinking about how their organization is impacted.
You will also want to introduce the types of organization and personas executing those different attacks. Because each group may have their own unique motives, you will probably want to include these in a discussion with your clients when discussing their threats. Getting your clients interested in understanding WHY these attacks exist and are likely to target them are also extremely important. Understanding the human side of attacks will be vital in getting leadership teams and boards united around solutions.
Bot network operators — instead of breaking into systems, they will take over systems to coordinate and distribute further attacks. These people are motivated to gain access mainly to monopolize network resources for further attacks on other systems.
Criminal Groups — Mainly criminal groups are motivated by money. Commonly, organized crime groups will use spam, phishing, spyware/malware to commit identity theft, steal data, or perform online fraud.
Foreign Intelligence Services — Foreign intelligence organizations are motivated by information gathering. They can have serious impacts on supply chains, communications and economic infrastructure.
Hackers — Hackers break into networks for the thrill of hacking. Some maybe interested in cracking security systems, while other may have malicious intent. According to the CIA, most hackers do not have an explicit intent on harming a target.
Insiders — These individuals could be disgruntled employees within an organization. They may also have been unknowingly manipulated through social engineering. These individuals will have direct access to many of the data assets at risk and can often make a substantial impact, due to their access to information within an organization. Insiders you should also consider are contractors or outsourced vendors with access to information systems, and vendors that have the ability to distribute malware remotely to your client’s systems.
Phishers — These are typically small groups or individuals attempting to steal information for monetary gain.
Spammers — These individuals are looking to distribute unsolicited email with hidden or false information used to sell products or conduct phishing campaigns later on.
Malware Authors — These are individuals or organizations with the intent to carry out attacks against users and organization by distributing malicious code.
Terrorists — Terrorists have the intent to destroy, incapacitate or exploit systems. They typically intend on targeting specific systems that may do significant public damage, weaken social structures, or damage public confidence.
Bottom Line: Communicating threats is becoming critical today. One of the easiest ways for your MSP to get the tools to effectively communicate threats and their risk is by standing up a high-margin winning vCSO program.
