Cybersecurity is relevant to all systems that support an organization's business operations and objectives, as well as compliance with regulations and laws. An organization will typically design and implement cybersecurity controls across the entity to protect the integrity, confidentiality and availability of information assets.
Cyberattacks are committed for a variety of reasons including financial fraud, information theft, activist causes, to deny service, disrupt critical infrastructure and vital services of government or an organization.
The six common types of cyber security risks:
- Nation states
- Cyber criminals
- Hacktivists
- Insiders and service providers
- Developers of substandard products and services
- Poor configuration of cloud services like S3 buckets
Common cybersecurity threats in terms of cyber attacks include:
- Phishing attacks
- Social engineering attacks
- Ransomware
- DDoS attacks
- Denial-of-Service attacks.
To understand your organization\'s cyber risk profile, you need to determine what information would be valuable to outsiders or cause significant disruption if unavailable or corrupt.
It\'s increasingly important to identify what information may cause financial or reputational damage to your organization if it were to be acquired or made public. Think about personally identifiable information (PII) like names, social security numbers and biometric records.
You need to consider the following as potential targets to cyber criminals:
- Customer data
- Employee data
- Sensitive data
- Intellectual property
- Third and fourth party vendors
- Product quality and safety
- Contract terms and pricing
- Strategic planning
- Financial data
- IoT devices
Cybersecurity programs should be capable of addressing each of these threats with their appropriate security measures. These measures should go beyond conventional solutions, such as firewalls, and include advanced security postures enhancement strategies, such as cybersecurity risk assessments mitigating the potential impact of vendor security risks.