An external threat refers to the risk of somebody from the outside of a company who attempts to exploit system vulnerabilities through the use of malicious software, hacking, sabotage or social engineering.
These can be much harder to deal with than internal threats, as you cannot monitor people from the outside like you can employees, nor can you predict what they might do next.
To better understand external threats, we will learn about what kind of external threats there are and how they function to cause the kind of damage they do.
This lesson we’ll learn about:
Malicious software encompasses a wide range of software, each of which has the purpose of causing damage to a computer system. Some are less harmful than others, for example, adware, meanwhile, others can render a hard drive inoperable, for example, some viruses.
Below are some examples of the types of malware you can encounter:
Now that you know about different types of malware, try and find some infamous examples of malware that has caused damage to users across the globe.
Hacking is a general term that describes the exploitation of vulnerabilities in a computer system to gain unauthorised access to the system and its data. The method of attack is known as the “attack vector” and often involves exploiting vulnerabilities in areas like Wi-Fi, Bluetooth, the internet connection or through gaining internal network access. We’ll learn more about how these are vulnerabilities as we work through this course.
There are a broad range of possible motivations, dependent on whether it is carried out by an individual, company or government.
If carried out by an individual, it is very hard to discern their motivation as it could be anything from profit to protest to recreation. Many hacking groups claim to be performing their actions for a political or social agenda, so-called hacktivists. However, many more will do it simply to cause harm.
Meanwhile, companies and governments are a lot clearer in what they want, that being to evaluate their own weaknesses, to get profit or to gather information.
Companies may use hacking for the purpose of corporate espionage, finding out about their competitor plans, products and finances. While governments may use it for political espionage, spying on their rival countries.
Companies and governments will also hire others to hack themselves. So-called “white hat” hacking, which is used to detect system vulnerabilities so that they can prevent threats from malicious “black hat” hackers.
We mention attack vectors in this lesson, such as Wi-Fi, Bluetooth, the internet connection or through gaining internal network access. Find out more about these attack vectors online. What is easy to exploit about them?
Sabotage is a general term that describes an activity used to deliberately disrupt services, typically through the use of:
This can be carried out by individuals, terrorist organisations, companies or governments. However, unlike with hacking where the intention may be more for gaining information, or for nuisance purposes, sabotage is specifically malicious, with the goal of causing damage.
This is clearly with the goal of hindering the victim to perform their normal functions. This can be of a catastrophic impact if proper recovery procedures have not been put in place by those harmed.
There have been numerous allegations against certain countries for hacking other countries’ government institutions. Research into this to discover the scale of some of this hacking.
Social engineering refers to the techniques used to deceive people into revealing private and confidential information. This can then be used for bank fraud & identity fraud or to gain access to systems.
A common form of this is through the use of phishing emails, whereby an email is sent out by a bot or person pretending to be somebody they are not. This email will often ask the user to reply with confidential data or follow a link to a web page. This web page may then request for data to be inputted or will infect the user’s computer with malware.
Even though the phishing attempts tend to be poorly worded, there will be an effort made for the emails and web pages to appear legitimate, and inexperienced computer users can easily fall for them.
Phishing emails are very common, you may find several in your email spam folder. Research some example of phishing emails in the news.