Internal vs. External Threats
We are living in a world where cyber security is a top priority for all governments and businesses. In fact, last week the United States announced cyber security as its biggest. James Clapper, the Director of National Intelligence, says that “the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.” Hackers are able to get ahead of governments because they are applying technology faster than many can understand it. (http://ca.reuters.com/article/technologyNews/idCABRE92B0LS20130312)
These attackers are persistent, and it is important to be aware of the methods used by hackers as it is an important step towards defending sensitive company data.
When a hacker strikes, the cost to a company could potentially be millions of dollars. Not only will it affect the bottom line, but hard-earned reputations can be compromised or destroyed.
It is important to recognize the differences between the different kinds of cyber threats: external and internal. An external, or outsider threat is much trickier to pinpoint. It can be “from someone that does not have authorized access to the data and has no formal relationship to the company.” They could be from someone who is actively targeting the company, or accidentally from someone who found a lost mobile device.
Internal threats are likely to come from an authorized individual that has easy access to sensitive corporate data as part of their day-to-day duties. This could be anyone working within the company or acting as a third party representative. The Global Knowledge Blog states that insiders have a much greater advantage because they have means, motive, and opportunity, whereas outsiders most often only have a motive. (http://globalknowledgeblog.com/technology/security/hacking-cybercrime/insider-vs-outsider-threats/)
When focusing on internal threats, we have made a digital security check list:
- Implement an Intrusion Detection System (IDS). These systems act like security cameras watching a network. They react to suspicious activity by logging off suspect users, or in some cases, they might reprogram firewalls to snag a possible intrusion.
- Implement a log management platform that will centralize all the logs and correlate to find threats and alert on them.
- Stay proactive with Identity Management systems that will monitor high risk or suspicious user activity by detecting and correcting situations that are out of compliance or present a security risk.
- Be aware of who has keys and access codes to vulnerable information. Monitor the activity when these spaces are accessed, authorized, or not.
- Create safety policies for when employees with these security privileges leave the company or are terminated. This will reduce the risk of theft due to careless behaviour, or break-ins from disgruntled employees.
- Get employees involved with the security procedures of the company. As a team, you can work to strengthen your digital security practices by being kept up to date on the latest training and challenges.
Spear phishing are an extremely affective way for hackers to get in. Even though this is an outsider threat, once they trick an innocent employee into clicking on the malicious link, their PC can then be controlled by the outsider but with insider access.
If you’d like to see an eye popping example where I claim to be able to hack into almost any company using a fake LinkedIn request, then you’ll want to watch the video below where I presented as a Keynote speaker in Salt Lake City to 2,500 people.
Lastly, I highly recommend you hire me and my team or a third party security firm to evaluate your network for vulnerabilities and implement the recommended preventative measures. During these assessments you’ll be able to truly see where all your weaknesses are in your company.
Follow me on Twitter @terrypcutler