There are many terms related to cybersecurity failures, such as events, incidents, and attacks. But what do these terms mean, and is there a hierarchy? Some of these terms have specific meanings, and learning the differences can help you build a cybersecurity program in your organization to avoid or mitigate any potential business impacts.
It’s helpful to understand these terms when thinking about cyber risks because not all risks will impact your organization equally — it’s like having one lightbulb in your store burnt out vs. having no power at all. You can probably get an extra lamp to help customers browse products, but without power, accepting credit cards or operating a register is going to be impossible. We’ve defined the most common terms below; note that some of these definitions come from the ITIL framework, which is a set of processes designed for standardizing and delivering IT services (including information and cyber security):
Both incidents and attacks can be devastating to a business in several ways. They might disrupt your operations, damage your reputation with customers or partners, or land you in legal trouble if sensitive data is stolen or leaked. The impact of both is the same, but there’s a key difference between the two: incidents are not necessarily intentional. Natural disasters do not particularly target individual organizations, nor do hardware/software failures seek out specific targets.
By contrast, attacks are targeted and intentional — an attacker has a specific objective to exploit or disrupt a specific organization. It’s important to note there are levels of intent as well. Many of us picture a hacker, usually wearing a hoodie and sitting in a dark room hunched over a computer, trying to breach a specific target. In reality, it’s often a foreign nation’s military or a multinational conglomerate.
While targeted attacks do occur, Coalition has often seen attackers casting a wide net and ensnaring anybody they possibly can — turning targets of opportunity into victims. These attacks are still intentional since the criminals are actively seeking to exploit victims, but they haven’t singled out one company or organization in particular. For example, ransomware attacks often start with a simple vulnerability exploit. An attacker will send a phishing email to harvest credentials or a spear-phishing email containing a malicious attachment that ultimately grants them access to an organization’s network.
At Coalition, we firmly believe that the best way to prevent attacks and incidents is to be proactive with your cyber hygiene program. This encompasses the people, processes, and technology your organization uses daily to ensure that both critical business information and information systems stay secure. To help our policyholders, we offer: