Living in the information era is associated with convenience, speed, and accessibility. People remain connected with practically no boundaries and have access to diverse types of data. Modern individuals are not confined to the physical world but can achieve diverse goals and fulfill tasks in the so-called cyberspace (Von Solms & Von Solms, 2018). However, this convenience tends to come at quite a high price as any user’s information can be stolen and misused (Althonayan & Andronache, 2018). Cybersecurity has become a concern of individuals and governments across the globe. This paper includes a brief analysis of cybersecurity and cyberthreats.
To develop sound measures to address cyber threats, it is essential to define the concept of cybersecurity. It is necessary to note that quite numerous definitions of cybersecurity exist as researchers tend to focus on different aspects. Von Solms and Von Solms (2018) define cybersecurity as the “part of Information Security which specifically focuses on protecting the Confidentiality, Integrity and Availability (CIA) of digital information assets against any threats, which may arise from such assets being compromised via (using) the Internet” (p. 5). Other definitions are also suggested, and they focus on different aspects of the concept mentioned above.
For instance, Althonayan and Andronache (2018) note that the development of cybersecurity definitions has been shaped by a shift from the information security paradigm to the cybersecurity paradigm. The researchers define the term as “cyber risk, threat or vulnerability addressing individual and organizational assets that are subject to cyberspace interaction” (Althonayan & Andronache, 2018, p. 72). For the purpose of this brief analysis, it is possible to utilize the following definition based on the two given above. Cybersecurity refers to ensuring the protection of confidentiality, availability, and integrity of data and addressing any threat, risk, and vulnerability addressing that can occur in cyberspace.
Categories of Basic Cyber threats to a System
The lack of clear definitions and terms is one of the characteristic features of cybersecurity. For instance, such concepts as cyberthreats and cyberattacks are sometimes utilized interchangeably, although there is quite a meaningful difference. A cyberthreat can be defined as “the possibility of malicious attempts to damage or disrupt a computer network or system” (as cited in Sahrom Abu et al., 2018, p. 373). A cyberattack refers to an effort “to damage or destroy a computer network or system” (as cited in Sahrom Abu et al., 2018, p. 373). The concept of cyberthreat is broader and can encompass different types of cyberattacks.
It is possible to identify four major categories of cyberthreat to a system. These are the threats associated with the loss of data, data misuse, damage to a system, and taking control over a system (Sołtysik-Piorunkiewicz & Krysiak, 2020). Attackers may try to manipulate data in diverse ways in their pursuit of financial or other gains. Data can be destroyed or stolen and misused, which can lead to disruptions in the work of the system. A system can be damaged by causing harm to software or even hardware. Finally, hackers can attempt to take control of the entire system or some of its critical elements.
Cyberattacks and Their Peculiarities
When considering the specifics of cyberattacks, it is necessary to pay attention to the related actors. Hackers and so-called hacktivists have become the primary actors who cause most of the issues (Sołtysik-Piorunkiewicz & Krysiak, 2020). These people attack organizations and individuals due to certain personal reasons (worldview, political beliefs, religious and cultural aspects, and so on). Terrorists implement their malicious acts trying to terrify the public and attain their political or financial goals. National governments are often influential actors who can also be a source of cyberthreat. Several scandals related to cyberattacks sanctioned by certain governments have taken place recently.
Industrial spies and business competitors are common actors, mainly trying to achieve financial gains and cause harm to rivals. Organized crime groups can often be influential stakeholders who may disrupt cybersecurity. These groups try to cause harm to their rivals, manage their illegal activities, access resources, and so on. Finally, individuals who have some conflicting situations with organizations or other people can resort to cyberthreats as well, although these cases are much less common compared to the ones mentioned above.
Targets, Methods, and Impacts
Cyberattacks are quite manifold and can take different forms and aim at various targets. Malware is a widespread type of cyberattack that encompasses the development of software aimed at the execution of malicious tasks on a network or device (Sołtysik-Piorunkiewicz & Krysiak, 2020). As a result, attackers can take over the control over a system or can cause data corruption or loss. Phishing is a common cyberattack involving the use of email. The target person receives an email that aims at tricking the individual into disclosing their confidential data. The victim can be tricked into downloading malware that will perform a specific task (block the proper functioning of a system, cause damage, and so on). Although the attacker targets a specific person, the impact can be manifold and cause harm to the individual, groups, and organizations. The person can use their office-based devices when activating the malware, which will lead to certain disruptions in the work of the entire system. It is noteworthy that such far-reaching effects are a characteristic feature of the vast majority of cyberattacks.
Trojans have been widely used in diverse settings targeting individuals and organizations. The attack involves the use of software element that looks like an integral part of the system but releases malware once it is in the system. Some of the impacts of such attacks include the loss or misuse of data, inappropriate functioning or destruction of some components or the entire system. Man in the Middle (also referred to as MitM) presupposes the establishment of a position between the recipient and the sender of electronic messages. The attacker may intercept the messages or change them during transit while the communicators believe they are interacting directly (Sołtysik-Piorunkiewicz & Krysiak, 2020). This kind of attack can also have diverse negative implications, such as confidentiality breaches and information misuse.
Ransomware has become a widespread cyberattack affecting people across the globe. The attacker encrypts the data on a user’s system and demands a ransom in exchange for enabling the user to access their data (Sołtysik-Piorunkiewicz & Krysiak, 2020). The so-called DoS (Denial of Service) attacks are common types of cyberthreat that cause considerable harm to individuals, organizations, or even countries. This type of cyberattack implies the use of numerous (up to thousands) of devices operating to invoke a certain response in a target system that eventually fails due to overload of demand. Recent accusations of DoS attacks during elections in the USA and Western Europe suggest that this type of cyberthreat requires specific attention of governments and the corresponding agencies.
The current shift to industry 4.0 provides humans with diverse opportunities, but various challenges also exist. For instance, IoT technologies can be associated with DoS attacks, as attackers can take control of the objects and devices to implement DoS attacks (Bytniewski et al., 2020). The data can also be lost or misused as IoT incorporate a substantial bulk of information. Bytniewski et al. (2020) emphasize that the number of such devices and objects is increasing exponentially so the misuse of such objects can lead to unprecedented adverse effects as even the most stable system can hardly resist if thousands of devices are involved in DoS attacks. It is necessary to add that some of the attacks mentioned above can hardly be prevented, and it can also be difficult to mitigate the negative consequences of such malicious activities. At that, educating people to be responsible and alert has proved to be effective, so people are taught to be media literate in different educational settings.
On balance, it is important to note that cybersecurity has become one of the priorities of individuals, organizations and nations. The age of information has created a world where data flow is almost limitless and leads to the development of new technologies and advances in different spheres. At the same time, the connected cyberspace is also characterized by a significant degree of vulnerability that is yet to be addressed. Numerous cyberthreats can cause harm to people, organizations, agencies, or entire countries. IT specialists have developed different strategies and methods to minimize cyberthreats or mitigate the negative consequences of cyberattacks.
Althonayan, A., & Andronache, A. (2018). Shifting from information security towards a cybersecurity paradigm. Proceedings of the 2018 10th International Conference on Information Management and Engineering – ICIME 2018. Web.
Bytniewski, A., Matouk, K., Rot, A., Hernes, M., & Kozina, A. (2020). Towards industry 4.0: Functional and technological basis for ERP 4.0 systems. In M. G. Leitch & C. J. Rushton (Eds.), Towards industry 4.0 — Current challenges in information systems (pp. 3-20). Springer Nature.
Sahrom Abu, M., Selamat, Rahayu S., Ariffin, A., & Yusof, R. (2018). Cyber threat intelligence – issue and challenges. Indonesian Journal of Electrical Engineering and Computer Science, 10(1), 371-379. Web.
Sołtysik-Piorunkiewicz, A., & Krysiak, M. (2020). The cyber threats analysis for web applications security in industry 4.0. In M. G. Leitch & C. J. Rushton (Eds.), Towards industry 4.0 — Current challenges in information systems (pp. 127-144). Springer Nature.
Von Solms, B., & Von Solms, R. (2018). Cybersecurity and information security – what goes where? Information and Computer Security, 26(1), 2-9. Web.