Change the way you think about cyber threats

Cyber threats can stem from a wide range of scenarios, just as easily from the inadvertency of your partners and employees as from external malevolence.

Plan de Travail

How do cyber threats arise?

Cyber threats have more varied origins than you would think, often stemming from inadvertent employees and partners as well as from external malevolence.

  • human_insiders
    Malevolence

    Human insiders

    Driven by financial motivation, blackmail and revenge.

  • hacktivists
    Malevolence

    Hacktivists

    Seek to harm or otherwise expose organizations not aligned with their own beliefs.

  • cyber_criminals
    Malevolence

    Cyber criminals

    Driven by financial gain, thriving on extortion, identity theft, and corporate espionage.

  • script_kiddies
    Malevolence

    Script kiddies

    Publicize their hacks or stolen data, looking for recognition and ego-boosters.

  • byod
    Negligence

    Mobility/BYOD

    Unsecured phones, tablets, and laptops get lost or stolen. Employees access sensitive resources from non-company owned networks.

  • shadow_it
    Negligence

    Shadow IT

    To provision systems without having to deal with IT, employees use non-validated software solutions, provision unsecure accounts and grant access to sensitive data.

  • partners
    Negligence

    Partners, suppliers, clients

    Oftentimes, little to no control can be exerted on third parties who need to be able to access and edit your confidential information.

  • conf
    Negligence

    Default configuration

    From demo accounts to ports that should not be open, default configurations are an easy way into a system.

Where do cyber threats take place?

Data leaks and cyber fraud have numerous sources across all corners of the internet, from the Surface Web to the non-indexed Dark Web, right through to unsecured connected devices.

  • deep_web

    Clear and Deep Web

    The Clear Web or Surface Web is the "regular" internet, the one Google indexes and that anyone can access through their browser. Data on the Deep Web is often ephemeral and cannot be indexed by conventional search engines but remains readily accessible. Most common threat sources on the Clear and Deep Web are forums/message boards, code sharing sites such as Github, or paste sites like Pastebin or Just Paste It.

  • dark_web

    Dark Web

    The Dark Web is a portion of the internet that is intentionally inaccessible through standard web browsers. The Tor network, an anonymous network that can only be accessed with a Tor-compatible browser, is most widely known for illicit activities: stolen information is commonly traded via Tor Forums and in Tor Marketplaces.

  • connected_storage

    Connected storage

    Poorly protected NAS (Network Attached Storage) appliances and misconfigured database engines subject your data to leaks when used by employees, clients and partners to backup and store critical documents.

  • dns

    Domain Name Servers

    Impersonation is a favorite approach for stealing information, and compromising DNS represents the most frequent origin of these threats. Threats originating from the DNS ecosystem often employ techniques such as phishing and typosquatting.

What sort of data could be exposed?

Most cyber threats start with a data leak. Your precious data could already be unprotected and ripe for exploitation, to gain insight over your company and its critical processes, or to gain access to your systems and premises.

  • Credentials

    • Logins & passwords
    • Admin passwords
    • Social security numbers
    • API Keys & secret tokens
  • Business
    documents

    • Contracts
    • Proposals & price quotes
    • Customer lists
    • Analytics & reports
  • Legal
    documents

    • Non-Disclosure Agreements
    • Legal strategies
    • Settlements
    •  
  • Technical
    secrets

    • Patent filings
    • Blueprints
    • Methods & processes
    • Drug formulas, recipes
  • Software

    • Source code
    • Algorithms
    • Data sets
    • API keys & secret tokens
  • Financial data

    • Financials records
    • Earnings reports
    • Bank records
    •  
  • Personally Identifiable Information (PII)

    • Customer lists
    • Employee lists
    • Social security numbers
    • Medical records
  • Payment information

    • Credit card lists
    • SEPA or ACH payments
    • Wire transfers
    •  

Cyber threats present a real risk to your business

Leaked data, passwords, source code or blueprints can be exposed to public scrutiny or used to prepare a sophisticated attack against your company or your customers.

  • physical_sec

    Security risks

    Construction blueprints can be used to bypass security systems. A simple travel itinerary can be used to prepare a kidnapping.

  • intellectual_prop

    Intellectual Property leaks

    Product prototypes can be passed on to the press. A secret formula can be made public.

  • legal

    Legal implications

    A PII leak can trigger a GDPR compliance violation. Legal strategy can be communicated to the opposing party.

  • reputation

    Reputation damage

    Proof of bribes can be released to the press. Tax optimization schemes can be publicized.

  • fraud

    Fraud and impersonation

    Stolen credentials can be used to gain access to sensitive systems. Money can be transferred abroad through CFO impersonation.

  • disruption

    Business disruption

    SCADA systems can be shut down with stolen credentials. ERP data integrity can be compromised.

  • espionage

    Industrial espionage

    Stolen designs can be sold to a competitor. Confidential contract terms can be used to sway a negotiation.

Show me which cyber threats my organization is facing

Bee with cards