A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include computer viruses, data breaches, Denial of Service (DoS) attacks, and other attack vectors.

Cyber threats also refer to the possibility of a successful cyber attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property, or any other form of sensitive data. Cyber threats can come from within an organization by trusted users or from remote locations by unknown parties.

Where Do Cyber Threats Come From?

Cyber threats come from numerous threat actors, including:

Hostile Nation-States

National cyber warfare programs provide emerging cyber threats ranging from propaganda, website defacement, espionage, and disruption of key infrastructure to loss of life. Government-sponsored programs are increasingly sophisticated and pose advanced threats when compared to other threat actors. Their developing capabilities could cause widespread, long-term damages to the national security of many countries, including the United States. Hostile nation-states pose the highest risk due to their ability to effectively employ technology and tools against the most difficult targets like classified networks and critical infrastructures like electricity grids and gas control valves.

Terrorist Groups

Terrorist groups are increasingly using cyberattacks to damage national interests. They are less developed in cyber attacks and have a lower propensity to pursue cyber means than nation-states. It is likely that terrorist groups will present substantial cyber threats as more technically competent generations join their ranks.

Corporate Spies and Organized Crime Organizations

Corporate spies and organized crime organizations pose a risk due to their ability to conduct industrial espionage to steal trade secrets or large-scale monetary theft. Generally, these parties are interested in profit based activities, either making a profit or disrupting a business's ability to make a profit by attacking key infrastructure of competitors, stealing trade secrets, or gaining access and blackmail material.


Hacktivists’ activities range across political ideals and issues. Most hacktivist groups are concerned with spreading propaganda rather than damaging infrastructure or disrupting services. Their goal is to support their political agenda rather than cause maximum damage to an organization.

Disgruntled Insiders

Disgruntled insiders are a common source of cybercrime. Insiders often don't need a high degree of computer knowledge to expose sensitive data because they may be authorized to access the data. Insider threats also include third-party vendors and employees who may accidentally introduce malware into systems or may log into a secure S3 bucket, download its contents and share it online, resulting in a data breach. Check your S3 permissions or someone else will.


Malicious intruders could take advantage of a zero-day exploit to gain unauthorized access to data. Hackers may break into information systems for a challenge or bragging rights. In the past, this required a high level of skill. Today, automated attack scripts and protocols can be downloaded from the Internet, making sophisticated attacks simple.

Natural Disasters

Natural disasters represent a cyber threat because they can disrupt your key infrastructure just like a cyber attack could.

Accidental Actions of Authorized Users

An authorized user may forget to correctly configure S3 security, causing a potential data leak. Some of the biggest data breaches have been caused by poor configuration rather than hackers or disgruntled insiders.

What are Examples of Cyber Threats?

Common cyber threats include:


Malware (malicious software) is software that has been specifically designed to perform malicious tasks on a device or network, such as corrupting data or taking control of a system.


Spyware is a form of malware that hides on a device providing real-time information sharing to its host, enabling them to steal data like bank details and passwords.

Phishing Attacks

Phishing attacks are when a cybercriminal attempts to lure individuals into providing sensitive data such as personally identifiable information (PII), banking and credit card details, and passwords.

Distributed Denial of Service (DDoS) Attacks

Distributed denial of service attacks aim to disrupt a computer network by flooding the network with superfluous requests from a botnet to overload the system and prevent legitimate requests from being fulfilled.

Learn more about botnets.

a botnet attacking a web server


Ransomware is a type of malware that denies access to a computer system or data until a ransom is paid. Ransomware is one of the most dangerous types of cybersecurity threats.

Some ransomware attack techniques involve stealing sensitive information before the target system is encrypted. Such added processes could classify some ransomware attacks as data breaches.

Learn more about ransomware.

Ransomware has earned its position as one of the leading global cyber threats by adopting the SaaS business model to create RaaS - Ransomware-as-a-Service. The RaaS model allows any novice hacker to launch ransomware attacks with software developed for ease of use. The incentive for hackers to subscribe to RaaS software is an offer to earn a percentage of each successful ransomware payment.  

Learn more about Ransomware-as-a-Service (RaaS).

SaaS production workflow

Zero-Day Exploits

A zero-day exploit is a flaw in the software, hardware, or firmware that is unknown to the party or parties responsible for patching the flaw.

Advanced Persistent Threats

An advanced persistent threat is when an unauthorized user gains access to a system or network and remains there without being detected for an extended period of time.

Learn more about APTs.

Supply Chain Attacks

A supply chain attack is when a cybercriminal hacks an organization by compromising a third-party vendor in its supply chain.

Learn more about supply chain attacks.


A trojan creates a backdoor in your system, allowing the attacker to gain control of your computer or access confidential information.

Wiper Attacks

A wiper attack is a form of malware whose intention is to wipe the hard drive of the computer it infects.

Intellectual Property Theft

Intellectual property theft is stealing or using someone else's intellectual property without permission.

Theft of Money

Cyber attacks may gain access to credit card numbers or bank accounts to steal money.

Data Manipulation

Data manipulation is a form of cyber attack that doesn't steal data but aims to change the data to make it harder for an organization to operate.

Data Destruction

Data destruction is when a cyber attacker attempts to delete data.

Man-in-the-Middle Attack (MITM Attack)

A MITM attack is when an attack relays and possibly alters the communication between two parties who believe they are communicating with each other.

Drive-by Downloads

A drive-by download attack is a download that happens without a person's knowledge often installing a computer virus, spyware, or malware.


Malvertising is the use of online advertising to spread malware.

Rogue Software

Rogue software is malware that is disguised as real software.

Unpatched Software

Unpatched software is software that has a known security weakness that has been fixed in a later release but not yet updated.

Data Centre Disrupted by Natural Disaster

The data center your software is housed in could be disrupted by a natural disaster like flooding.

Biggest Cyber Threats in 2024

Here's a list of the most pernicious cyber threats you must aware of in 2022.

Covid-Themed Phishing Attacks

During a phishing attack, victims are presented with seemingly innocuous emails or websites that are infected with malicious links. Interacting with these links initiates a credential theft process. These attacks have the highest success rates when fear is used as a motivator for interaction. Since the coronavirus pandemic, Covid-themed phishing attacks have spiked, preying upon the virus-related anxieties of the public.

covid themed phishing email
Covid-themed Netwalker phishing email - source: ncsc.org

Ransomware Attacks

Ransomware attacks are one of the most frightening cyber threats. During these attacks, a victim's sensitive data is encrypted and only decrypted if a ransom price is paid. Victims only become aware that they've been compromised when they're presented with a formidable message announcing the successful attack.

A screenshot of a ransomware message for a global infection campaign in 2016
A screenshot of a ransomware message for a global infection campaign in 2016 - source: nytimes.com.

Sometimes these messages are falsely attributed to law enforcement entities.

Insider Threats

According to a Verizon report from 2019, 57% of all database breaches involved insider threats. Unlike phishing attacks, this type of security-bypassing cyber threat cannot be mitigated with a control strategy.

To best defend against insider threats, access to sensitive resources should be restricted to those that absolutely require it. Securing Privileged Access Management (PAM) can help achieve this.

Supply Chain Attacks

According to the 2022 cost of a data breach report by IBM and the Ponemon Insitute, third-party software vulnerabilities are becoming an increasingly popular initial attack vector in cyberattacks.

difference between average data breach costs for initial attack vectors 2021-2022

These findings suggest a continued upward tilt of a sudden rising trend of supply chain attacks since January 2020.

Learn how to prevent supply chain attacks.

rising trend of supply chain attacks

Polyglot Files

Polyglot are files that can have multiple file type identities. For example, some polyglot files can be classified as both PPT and JS, and they can be opened by applications that read both file types.

Polyglot files are not hostile by nature. Cybercriminals package malicious code into polyglot files to bypass file-type security controls. Some applications only permit certain file extensions to be uploaded and/or opened. These are usually  DOC, GIF, and JPEG files.

A Phar-JPEG polyglot file would be permitted with such filters since it's attributed with a JPEG identity, but when executed, the Phar file can be used to launch PHP object injection attacks.

DDoS Attacks

As the adoption rate of IoT devices in both the home and office continues to rise, the risk of DDoS attack rises accordingly.

During a DDoS attack, cybercriminals direct a high concentration of network requests from multiple compromised IoT devices at a targeted website. This causes the victim's servers to overload, forcing them offline.

All forms of DDoSing are illegal, even if it's used to gain an advantage during a friendly online gaming session.

Social Engineering

Social engineering, in the context of cyber threats, is an effort to obtain login credentials through manipulation and trickery. Phishing campaigns are the usual attack vectors of social engineering, but these cyber threats can also be presented in person. For example, threat actors posing as IT professionals asking for your password.

Learn more about social engineering.


Phishing attacks are a subcategory of social engineering, the differentiator is that they most commonly deployed via email, whereas a social engineering attack could occur through a telephone conversation.

In a phishing attack. cybercriminals send an email posing as an important message from a reputable source, like a senior staff member or law enforcement agency. These emails aim to convince recipients to click on an infected link or download an infected attachment. Once this action is taken, decoy websites or applications are loaded, guiding the user through a convincing workflow designed to steal sensitive internal credentials or financial information.

According to the 2022 cost of a data breach report by IBM and the Ponemon Institute, in 2022, Phishing was the second most expensive data breach attack vector, averaging US$ 4.91 million per breach, increasing from US$ 4.65 million in 2021.

Learn more about phishing attacks,


Malvertising (malicious advertising) is the process of embedding malicious codes into advertisement links. Malvertising can occur on websites that permit third-party advertising networks and even in social media feeds.

An example of a malvertising attack is the Latin American banking trojan known as MIspadu. The trojan was embedded in a Facebook ad campaign for McDonald’s coupons. When users interacted with the ad, a zip file containing the bank credential-stealing trojan was downloaded and installed on their system.

Mispadu malvertising campaign
Mispadu malvertising campaign - Source: welivesecurity.com

Zero-Day Exploits

Zero-day exploits are security vulnerabilities that are exploited by cybercriminals before a patch is released for them. These exposures are usually associated with ubiquitous software providers. A recent example is a zero-day exploit impacting Microsoft Exchange servers.

Defending against such threats is difficult because they're usually not discovered until the cyberattacks abusing them have been discovered.

An attack surface monitoring solution offers advanced awareness of ecosystem vulnerabilities so that they can be remedied before developing into zero-day exploits.

Learn more about zero-day exploits.

Why is it Necessary to Protect Against Cyber Threats?

Cybersecurity risks pervade every organization and aren't always under the direct control of your IT security team.

Increasing global connectivity, usage of cloud services, and outsourcing mean a much larger attack vector than in the past. Third-party risk and fourth-party risk is on the rise, making Third-Party Risk Management, Vendor Risk Management, and cyber security risk management all the more important for reducing the risk of third-party data breaches.

Related: How to select a Third-Party Risk Management Framework.

Pair this with business leaders making technology-related risk decisions every day, in every department, without even knowing it. Imagine your CMO trialing a new email marketing tool. or even anti-virus software that has poor security practices; this could be a huge security risk that could expose your customers' personally identifiable information (PII), causing identity theft.

Whether you work in the public or private sector, information security cannot be left to your Chief Information Security Officer (CISO), it must be an organizational-wide initiative.

How to Protect Against and Identify Cyber Threats

A good place to start to understand how to protect your organization from cyber threats is with the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (NIST Cybersecurity Framework) and a cyber threat intelligence exercise.

Cyber threat intelligence is what cyber threat information becomes once it is collected, evaluated and analyzed. Cyber threat intelligence provides a better understanding of cyber threats and allows you to identify similarities and differences between different types of cyber threats in an accurate and timely manner.

Cyber threat intelligence is developed in a cyclical process referred to as the intelligence cycle. In the intelligence cycle, data collection is planned, implemented, and evaluated to produce a report that is then disseminated and re-evaluated in the context of any new information.

The process is a cycle because, during the gathering or evaluation process, you may identify cybersecurity gaps and unanswered questions or be prompted to collect new requirements and restart the intelligence cycle.

Analysis hinges on the triad of actors, intent, and capability with consideration of their tactics, techniques, and procedures (TTPs), motivations, and access to intended targets.

By studying the triad of actors, it becomes possible to make informed strategic, operation, and tactical assessments:

Strategic Assessments

Strategic assessments Inform decision-makers on broad and long-term issues, as well as providing timely warnings of threats. Strategic cyber threat intelligence forms a view of the intent and capabilities of malicious cyber attackers and what cyber threats they could pose.

Operational Assessments

Operational assessments target potential incidents related to events, investigations or activities and provide guidance about how to respond to them. For example, what to do when a computer is infected with malware.

Tactical Assessments

Tactical assessments are real-time assessments of events, investigations, and activities that provide day-to-day support.

Properly applied cyber threat intelligence provides insights into cyber threats and promotes a faster, more targeted response. It can assist decision-makers in determining acceptable cybersecurity risks, controls, and budget constraints in equipment and staffing and support incident response and post-incident response activities.

UpGuard Can Protect Your Organization Against Cyber Threats

UpGuard can protect your business from data breaches, identify all of your data leaks, and help you continuously monitor the security posture of all your vendors.

UpGuard also supports compliance across a myriad of security frameworks, including the new requirements set by Biden's Cybersecurity Executive Order.

Get a free preliminary evaluation of your data breach risk. Click here to request your instant security score now!

Ready to see
UpGuard in action?

Ready to save time and streamline your trust management process?