How to Recognise Threats to Your Most Valuable Assets

In this world of increasing cyber threats, you need to be able to protect your assets now more than ever. However, this brings to mind the big questions: what are the real threats? What are my assets? How can an organisation be vulnerable to a cyberattack exactly? 

This is where a lot of organisations can falter. 

It’s one thing to be told you need cybersecurity and it’s another thing to actually have it. It can be difficult to know where to start. Organisations can have thousands, if not millions, of assets and not all of them are made equal.  What if you’re so distracted installing anti-malware on your employees’ phones you don’t notice a more pressing issue, such as your GitHub directory permitting public access so anyone can steal your intellectual property? 

The questions mount up: what’s the most important thing that’s vulnerable right now? What’s the second? The third? The fourth? How do you even know when or if you’ve got everything covered?  

This is why taxonomy is vital to cybersecurity, being able to categorise threats and assets allows you to strategically start building a cyber wall in a world that often won’t give you a break by making sure you effectively protect your high-risk assets, the one’s likeliest to be hit by hackers, first and reasonably work your way down from there. 

What are my company assets? 

As a business, you do not want to lose assets that are hard to replace if maliciously damaged because they could put a halt to your company’s operations. For example, the availability of a website is very important for an ecommerce business like Amazon while confidentiality and integrity of software is paramount for Identity Verifying service.  

So what can be classified as assets?  

• Important files integral to running business operations 
• Confidential email content 
• Devices like your office computers, phones and laptops,  
• Your website 
• Your customer databases 
• Your intellectual property and software 
• On-demand resources like Cloud or Microsoft Exchange 

Anything that keeps your day-to-day business operational and profiting, big and small. 

What are the cybersecurity threats? 

The threat landscape is diverse and constantly evolving.  

As said before, we know that hackers want things and in order to achieve their goals they will:  

• Steal passwords via brute force and heuristic methods 
• Send Lure files via email to trick employees into downloading malware 
• Use ransomware to encrypt your critical files to stop operations until a ransom is paid 
• Steal sensitive data using malware for blackmail purposes or to sell on the dark web 
• Hide their access to your server by frequenting ports 443 and 80, pretending to be regular internet traffic 

The tactics, motivations and end effects can differ somewhat depending on the type of hacker you end up dealing with. The hobbyist may want to cause a bit of mischief, criminals always want to drag your money away from you somehow, while hacktivists are often politically or religiously motivated and Nation-State actors may use you and your server as devastating collateral to wage wars in cyberspace. 

Whatever their goal, threat actors will leverage vulnerabilities in systems, exploiting them to attack organisations and individuals. All variety of cybercrimes have been on the rise and it continues to accelerate, with over 30 billion data records stolen in 2020, more than the previous 15 years combined.  

Now, more than ever, you need to be able to protect your organisation from cyberattacks. Just because rigorous penetration-testing uncovered a few flaws in your system doesn’t exclude the likely possibility there are more lurking out there in your system, or in your vendors’ system. 

The CIA Model  

So, how does an organization go about protecting its assets against unauthorized access and breaches? One popular method is the CIA model.  

And, no, this is in no way related to a certain agency in Langley.  

Here, CIA stands for Confidentially, Integrity and Availability. These are three broad terms which encapsulate what avenues hackers will try to harm and, thus, what you need to protect. Here’s what they cover: 

• Confidentiality concerns threats to your secrets, such as confidential code for your flag-ship software or your customer records. 
• Integrity involves threats on the efficiency of your devices and networks such as hackers installing malware to perform tasks like Buffer Overflow to damage and crash your computer. 
• Availability concerns threats to your service, such as if your ecommerce website is taken down by DDoS attack and your legitimate customers can’t access it. 

By knowing what hackers’ overall objectives tend to be, you can start to work your way back to potential exploits they might use and assets they’ll covet. 

How do you protect assets from threats? 

Having an IT Consultant is vital for your organisation’s cybersecurity posture. IT Consultants will take stock, map these assets, such as your customer records, to the relevant letter in the CIA model using threat trees and, using their judgement informed by experience with systems and protocol leveraging, determine whether the risk is high, medium or low working off the baseline value as well as tactics hackers may use to leverage your system based on these potential doorways. 

They will give you tailored solutions depending on the results, such as: 

• Putting functional security measures in place (e.g. firewalls) 
• Making sure software is updated with the latest security features 
• Recommend a type of encryption for securing confidentiality 
• Checking to see if your network infrastructure is properly configured 
• Assist in creating procedures and policies to limit risk, like verifying links before you click on them.  

As we’ve moved more online, so have company assets. Most organisations store their assets online, be it on their website with a backend database, or business support and data storage with on-demand software resources such as Cloud and Microsoft Exchange Online.  

It can easily become a mind-boggling concept keeping track of threats and assets in a constantly evolving, threat landscape.  

Securiwiser can help you evaluate the robustness of your online security, giving you a cubic score of your cybersecurity posture, as well as highlight threats to you and your assets.