In the ever-expanding world of cyber threats, it is crucial for organizations to remain on the lookout for the various forms of malicious activities. These threats, identified by ISACA (The Information Systems Audit and Control Association), list the following categories: Hacking, Malicious Code, Loss of Intellectual Property, Phishing, Denial of Service, and Insider Damage.
Of the above categories Malicious Code has the potential to be the greatest threat. Also known as Malware, this code was created with the sole purpose of harming or exploiting computer systems. Malware also comes in many forms, such as viruses, rootkits, and logic bombs.
One of the more dangerous aspects of malware is just how easily accessible it can be. Unlike other forms of cyber threats, using malicious code can be one of the simplest forms for less technical users. Not only is it effortless, but it’s also easily attainable. Some companies exist to specifically sell vulnerabilities and exploits identified in other organizations. Not only that, but these options can be customizable such as zero-day vulnerabilities which are new exploits identified that have not yet been corrected by the organization.
An alarming example of the dangers of malicious code can be easily seen in the Stuxnet worm, which was used to infect and harm the Iranian nuclear facilities at Natanz and Bushehr. Something as small as a USB drive has the capability of spreading infection from one connected device to another, almost like a spiderweb.
Developing a deep understanding of cyber threats is essential in creating the needed cybersecurity countermeasures. When we study these threats, we are able to create policies to address incidents like Stuxnet, like the CIP-010-2 designed to control the vulnerability of smaller storage devices. When organizations are proactive in understanding the past and present cyber threats, it is only then are they enabled to be armed for the future.
Electric Grid Security and Resilience: Establishing a Baseline for Adversarial Threats (pp. 36-39)
Leave a Reply