Curriculum
Course: GRC Masterclass
Login

Curriculum

GRC Masterclass

Welcome to the Course

0/2

Information Technology and Security Principles

0/52

Governance and Security Frameworks

0/44

SOC Audit

0/8

Risk Management

0/3

GRC Job Preparatory

0/8

Compliance and Audit

0/15

RISK MANAGEMENT

0/5

Texas RAMP

0/5

HITRUST Framework for GRC

0/4

CCPA

0/4

GDPR Compliance

0/2
Text lesson

Threats

Information Technology and Security Principles: Threats

Overview of Threats

  • threat in the context of IT and cybersecurity refers to any circumstance or event with the potential to adversely impact an organization’s assets, systems, networks, or operations.
  • Threats can be intentional (e.g., cyberattacks by hackers) or unintentional (e.g., human error or natural disasters).

Categories of Threats

  1. Human Threats:

    • External Threats: Hackers, cybercriminals, competitors, and state-sponsored attacks.
    • Internal Threats: Disgruntled employees, accidental data breaches, or misuse of access by insiders.

  2. Natural Threats:

    • Natural disasters like earthquakes, floods, hurricanes, and wildfires that can damage IT infrastructure.

  3. Technological Threats:

    • System failures, hardware malfunctions, or outdated software vulnerabilities.

  4. Physical Threats:

    • Physical access to unauthorized personnel, theft of devices, or sabotage.

Types of Cybersecurity Threats

1. Phishing

Phishing is an attack vector that directly targets users through email, text, and social messages. Attackers use phishing to pose as a legitimate sender and dupe victims into clicking malicious links and attachments or sending them to spoofed websites. This enables them to steal user data, passwords, credit card data, and account numbers.

  • Example: The infamous 2016 DNC email phishing attack that compromised sensitive political data.

2. Ransomware

Ransomware involves attackers blocking or locking access to data then demanding a fee to restore access. Hackers typically take control of users’ devices and threaten to corrupt, delete, or publish their information unless they pay the ransom fee. 

Each ransom attack has to be handled differently. For example, while it’s always a good idea to contact authorities, in some cases, you may be able to find a decryption key on your own, or your cybersecurity insurance policy may provide you with a financial parachute.

  • Example: The WannaCry ransomware attack in 2017, which affected hundreds of thousands of systems globally.

3. Denial-of-Service (DDoS)

A denial-of-service (DoS) attack involves attackers flooding a server with internet traffic to prevent access to websites and services. Some attacks are financially motivated, while others are launched by disgruntled employees.

  • Example: The 2016 Dyn DNS DDoS attack that brought down major websites like Twitter and Netflix.

4. Virus

Viruses are one of the most common forms of malware. They quickly spread through computer systems to affect performance, corrupt files, and prevent users from accessing the device. Attackers embed malicious code within clean code, often inside an executable file, and wait for users to execute it. 

To prevent viruses from spreading, it’s important to educate employees regarding which kind of files they should and should not download on their computers but while connected to your network. For example, some companies choose to discourage employees from downloading files with .exe extensions.

5. Trojan horses

Trojan horses appear as legitimate software, which ensures they are frequently accepted onto users’ devices. Trojans create backdoors that allow other malware to access the device. Because Trojans can be very hard to distinguish from legitimate software, it’s sometimes best to prevent employees from installing any kind of software on their computers without guidance.

6. Spyware

Spyware hides on a computer to track user activity and collect information without their knowledge. This allows attackers to collect sensitive data, such as credit card information, login credentials, and passwords. Spyware can also be used to identify the kinds of files that hackers hunt for while committing corporate espionage. By using automation to pinpoint their cyber bounty, attackers can streamline the process of breaching your network, only targeting the segments where they’ve located valuable information.

7. Adware

Adware results in unwanted adverts appearing on the user’s screen, typically when they attempt to use a web browser. Adware is often attached to other applications or software, enabling it to install onto a device when users install the legitimate program. Adware is especially insipid because many employees don’t realize how serious it is, seeing it as a mere annoyance as opposed to a real threat. But clicking on the wrong adware can introduce damaging malware to your system.

8. Botnets

A botnet is a network of devices that have been hijacked by a cyber-criminal, who uses it to launch mass attacks, commit data theft, spread malware, and crash servers. One of the most common uses of botnets is to execute a distributed denial-of-service (DDoS) attack, where each computer in the botnet makes false requests to a server, overwhelming it and preventing legitimate requests from going through.

 

9. SQL injection

Structured Query Language (SQL) injection is used to exploit vulnerabilities in an application’s database. An attack requires the form to allow user-generated SQL to query the database directly. Cyber criminals launch an attack by inserting code into form fields to exploit vulnerabilities in code patterns. If the vulnerability is shared across the application, it can affect every website that uses the same code.

10. Man-in-the-Middle (MITM) attacks

A MITM attack happens when attackers exploit weak web-based protocols to steal data. It enables them to snoop on conversations, steal data being shared between people, impersonate employees, launch bots that generate messages, and even spoof entire communications systems.

11. Insider Threats

  • Definition: Threats posed by employees or contractors with access to sensitive data or systems.
  • Example: Edward Snowden’s data leak, exposing classified NSA information.

12. Advanced Persistent Threats (APTs)

  • Definition: Prolonged and targeted cyberattacks, typically carried out by well-funded and skilled attackers.
  • Example: The SolarWinds attack in 2020, targeting government agencies and corporations.

Common Threat Actors

  1. Cybercriminals: Motivated by financial gain, often engage in theft, fraud, or selling stolen data.
  2. Hacktivists: Driven by political or social motives, aim to disrupt services to promote their agenda.
  3. State-Sponsored Actors: Government-backed groups targeting other nations for espionage or disruption.
  4. Insiders: Employees or contractors with legitimate access but malicious intent.
  5. Script Kiddies: Inexperienced individuals using pre-written scripts to conduct attacks for fun or recognition.

Threat Modeling and Risk Assessment

Threat Modeling

  • Definition: The process of identifying and understanding potential threats to an organization’s IT assets.
  • Methods: STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), PASTA (Process for Attack Simulation and Threat Analysis).

Risk Assessment

  • Definition: Evaluating the likelihood and impact of identified threats.
  • Steps:
    1. Identify assets.
    2. Identify threats.
    3. Assess vulnerabilities.
    4. Analyze the impact.
    5. Develop mitigation strategies.

Best Practices for Threat Management

How does cybersecurity work? Here are some of the best practices you can implement to prevent cyber-attacks:

  1. Use frequent, periodic data backups. In the event a system gets destroyed or held for ransom, you can use your backup to maintain business continuity. Also, by frequently backing up, you provide yourself access to the most relevant data and settings. You also get a snapshot of a previous state you can use to diagnose the cause of a breach.
  2. Use multi-factor authentication. With multi-factor authentication, you give hackers at least one extra step they must go through to fraudulently misrepresent themselves. And if one of the measures involves a biometric scan, such as a fingerprint or facial scan, you hoist the hacker hurdle even higher.
  3. Educate employees about cyber-attacks. Once your employees understand what the most common cyber-attacks look like and what to do, they become far more effective members of your cyber defense team. They should be taught about how to handle, malware, phishing, ransomware, and other common assaults.
  4. Encourage or mandate proper password hygiene. Leaving passwords unprotected or choosing ones that are easy to guess is essentially opening the door for attackers. Employees should be encouraged or forced to choose passwords that are hard to guess and keep them safe from thieves.
  5. Use encryption software. By encrypting the data you hold, you make it virtually impossible for a thief to read because they don’t have the decryption key. Also, with encryption, you make it easier for remote employees to safely use public networks, such as those at coffee shops, because a snooping hacker won’t be able to read the data they send or receive from your network.

 

Case Studies

Case Study 1: The Equifax Data Breach (2017)

  • Background: Attackers exploited an unpatched vulnerability in the Apache Struts framework.
  • Impact: Exposed personal data of over 147 million individuals.
  • Lesson Learned: Importance of timely patch management.

https://www.breachsense.com/blog/equifax-data-breach/

Case Study 2: Target Data Breach (2013)

  • Background: Attackers used credentials stolen from a third-party HVAC vendor.
  • Impact: Compromised 40 million credit and debit card records.
  • Lesson Learned: Need for robust third-party security assessments.

https://medium.com/thedeephub/complete-case-study-target-data-breach-2-ba4bb365a82e

Recommended Resources

Books

  • “Cybersecurity Essentials” by Charles J. Brooks
  • “Threat Modeling: Designing for Security” by Adam Shostack

Tools and Software

  • OpenVAS: Open-source vulnerability scanning tool.
  • Kali Linux: A popular distribution used for penetration testing and security auditing.

Lesson Materials

comptia-security-all-in-one-exam-guide-sixth-edition-exam-sy0-601
11 mb Download
2020-data-breach-investigations-report
7 mb Download
Module 1 - Threats
2 mb Download
3 items Download all
Layer 1
Copyright © 2026 Schnell Academy | Powered by Schnell Academy