Cybersecurity Threats: Unintentional vs. Intentional
October is national cybersecurity month and when you think of a cybersecurity threat, you may think of a movie where the villain (or hero) intentionally breaks into a company’s network to steal sensitive documents or information. Hollywood does a great job of entertaining us by bringing these fictitious hackers to life in spellbinding, edge of your seat stories. In real life, intentional external hacking events are rising rapidly. In fact, publicly-disclosed data breeches grew 50% year-over-year, with 75% initiated from external hackers, as reported in the 2017 Annual Data Breach Year-End Review by the Identity Resource Center.
While there are many instances where external hacking may be the case, there are also many threats that can be considered unintentional leaks of sensitive information. And these threats can happen from both inside and outside of your organization by both people and technology. The Alliance for Telecommunications Industry Solutions (ATIS) describes the different types of unintentional and intentional threats in the following way:
- Unintentional, insider-originated security breaches are the result of simple negligence, inattention, or lack of education. Unintentional mistakes such as a system administrator errors, operator errors and programming errors for example, are common.
- Intentional acts can be overt and direct action (e.g. when an employee with access to customer credit card information sells it to third party) or can be from individuals who use covert technical means.
- Unintentional, innocent, or negligent technical threats include software bugs that occur during the programming of a computer system, and system configuration errors, such as the use of improper settings or parameters when software is installed.
- Intentional and malicious technical threats that typically involve the use of computer code or other technical devices designated to cause trouble. This includes: software bugs intentionally added to computer programs, malicious software that modifies or destroys data – such as viruses, worms, and Trojan horses, back doors that allow unauthorized access to a system, eavesdropping programs designed to copy and transmit communications or other information, network spoofing, denial of service attacks, password cracking, email hijacking, packet replay and packet modification.
Whether intentional or not, internal or external, you must protect your organization from the wide and rapidly growing array of threats that can put your reputation and revenue at risk. Simply having a plan that meets the minimum requirements is not enough – an effective business continuity program that anticipates and responds to uncertainty is central to achieving organizational resiliency. Your clients and the regulatory environment require it.
To learn more on how Preparis can provide real-time intelligence into organizational compliance & readiness, click here.
And, join us for our upcoming webinar on October 11th at 2pm ET, entitled Organizational Resilience: From Crisis to Recovery. To register for this free webinar, click here.