Threats
The threats against an organization's networks and systems can be categorized into four general types, as follows:
Intuitively, these categories are not necessarily exclusive of each other; security events may be characterized by a combination of the threats previously listed. We will discuss each of these threats in this section.
Unstructured Threats
Unstructured threats are characterized by attacks often based on well-known vulnerabilities and scripted vectors. Generally, such threats emanate from less-competent attackers or hackers known as script kiddies or newbies who may be motivated less by malicious intent and more by curiosity and intellectual challenge. The attacker usually does not understand the actual mechanisms of the exploit attempted, nor the full ramifications of his/her actions.
Oftentimes, good security practices that effectively keep pace with the latest known attack methodologies and vulnerabilities prove capable in defending against unstructured threats; by the time an attack vector is scripted by a knowledgeable miscreant, distributed, and finally deployed by the many script kiddies, it should be preventable by alert security staff and, therefore, relatively ineffectual.
This does not diminish the potential impact such threats pose to organizations, however. For instance, certain Denial-of-Service (DoS) attacks triggered by script kiddies can be difficult to defend against and could cause serious harm to an organization's operation.
Structured Threats
Structured threats are often far more serious and potentially damaging to an organization than unstructured threats. These threats are characterized by directed and specific attempts to do harm, gather information, and, disrupt business and operations. Those engaged in structure threats are often erudite assailants with detailed knowledge of network functionality and application logic. Furthermore, the attackers are often motivated by achieving a specific outcome such as fraud, theft, or industry- or state-sponsored intelligence gathering and may focus on specific targets. Oftentimes, the perpetrators of structured threats are those creating the tools and scripts used by script kiddies in unstructured threats.
Structured threats can be challenging to security administrators who may not understand their network infrastructure and systems as well as the attacker. While there are far fewer individuals engaged in structured threats than unstructured threats, it is arguable that these few are the most dangerous elements.
External Threats
External threats, intuitively, are those originating outside the secured organization. These threats are from trespassing individuals not authorized to use an organization's systems and networks. External threats could be composed of unstructured or structured threats and could emanate from industry competitors or rival nation states, among others.
Internal Threats
Internal threats are those instigated within an organization and are far more common than external threats, counter to conventional wisdom. Internal threats are initiated by someone with some authorized access to an organization's infrastructure. Classic cases of internal threats might be those triggered by disgruntled employees seeking to do damage to an organization, or employees recently dismissed that wish to steal proprietary assets.