It is important that Canadians be cyber-aware in our personal and professional lives. We depend on networked devices every day for activities ranging from personal entertainment and communication to conducting business domestically and internationally. While the Internet provides us with these capabilities and resources, it also exposes our devices and our information to a variety of threats.
Understanding “Cyber Threats” and “Threat Surface”
Cyber threats can sound more complicated than they are, hiding behind terms like “advanced persistent threat,” “Zero-Day,” or other jargon. It is important to clarify the concepts because, in truth, cyber threats don’t have to be advanced or persistent; cyber threats can be as simple as answering our email or clicking on a link. Before we can identify what cyber threats are, we need to ask two questions:
- What do we have that someone might want?
- How can someone access or damage those assets?
The first question is relatively easy to answer, and we can immediately think of our finances, usernames and passwords for online accounts, and other personal information like social insurance numbers.
The second question can be more difficult to answer. In cyber security , we refer to “threat actors:” those who try to take our data. Our “threat surface” refers to the ways that a threat actor can access our data, or assets, without our permission.
Threat actors use the internet to conduct malicious activity. This activity ranges from stealing our data to compromising our networks and damaging our devices. Threat actors can be individuals or groups, and they can have a wide range of sophistication and capability.
Threat surface is made up of two general categories: the users and the technology. Users are; anyone with hands on a keyboard or a device who can be exploited by a threat actor, much like an Internet-connected device can. One of the most common techniques that the Cyber Centre sees is phishing . Phishing is a technique in which the threat actor entices a user to click on links to malicious websites, or download malware onto our devices.
Threat actors can exploit vulnerabilities in technology as a way of gaining unauthorized access to data and systems.
On a small scale, technology can be as simple as a personal laptop or smart phone. On a larger scale, in the case of a business or the Government of Canada, technology can include devices such as workstations, servers, and printers. Even Internet of Things technology like thermostats, fridges, and lights can be part of the threat surface.
Are we really vulnerable?
Our data and devices have value to us and others. Services like online banking have made financial management more convenient, but it has also expanded our potential threat surface. Personal information like credit card numbers, usernames and passwords, social insurance numbers, and email addresses can be bought, sold, or posted online. Even the processing power of our devices can be used by threat actors in activities such as botnets, denial-of-service attacks, or for financial gain.
As we network more of our devices, we also expand our threat surface. With the rapid pace of digitization and technological improvement, we all need to increase our cyber awareness. That’s where the Cyber Centre comes in, with advice and guidance to help you reduce your threat surface. Find out more on our Cyber Hygiene page.