Internalcyberthreats #SEOSecurity #MobilSecurity #AITsecurity #MSSP #MicrosoftPartner #SilverSpringTech

When the topic of “cyber threats” is mentioned, the thought of an individual wearing an oversized dark colored hoodie, sunglasses, and a smirk on their face crafting malicious packets with the ill intent to compromise an organization’s server behind a laptop in a dimly lit cyber cafe.  Also, visions of the cyber threat being executed from an individual or group outside of the company and from a remote location. 

According to the article “The Biggest Threat Cybersecurity Threats are Inside Your Company” by Marc van Zadelhoff, the threat and attack images mentioned above account for less than half of the breaches out there. So that leaves threats and attacks that are generated within an organization by employees.  Generated threats and attacks internally can be a result of human error or maliciousness intent from a disgruntle employee.

Any cyber attack, (internal, external, human error, or malicious) implements a process called the Intrusion Kill Chain.  The Intrusion Kill Chain consists of 7 phases.  Each threat or attack implements a few of these phases if not all 7 to successfully compromise a network. 

The statistics on internal cyber attacks are hovering over 50 percent; is due to external attacks converting to internal attacks with the combination of human error and disgruntled employees.  The human error consists of inadvertently clicking into affected links, email attachments through spear phishing, or downloading trojan horse affected keyloggers through using unauthorized devices, thus allowing malicious activities to happen on a target network.  The priority goal for external cybercriminals is to convert to an authorized user on the network as quickly as possible to avoid detection.  Once the Installation phase on the Intrusion Kill Chain is executed, with a backdoor on a target’s network, the outsider has persistent access.

Disgruntle employees, according to a 2015 Cyber Security Intelligence Index, constituted 31.5 percent of cyber attacks while human error constituted 23.5 percent.  Also, 59% listed managers as one of the biggest insider threats in cybersecurity, followed by contractors (48%), regular employees (46%), IT admin and staff (41%) and 3rd party service providers (30%), according to a Dell Study.  On the Intrusion Kill Chain Phase chart, the disgruntled employee would not have to implement certain phases depending on the position and amount of access granted within the network system.   

Statistics show that the average time to detect a compromise or intrusion on a network is several months.  Between the actual intrusion to detection, severe damage such as obtaining user names and passwords, selling of sensitive data, and exposing propriety information to competitors.  These types of cyberattacks could cripple an organization for years if not completely shut down an organization completely.

Listed below are some internal cyber threats and attacks that organizations must successfully detect and mitigate:

  1. Unsecured Software: The first major internal security threat with the organization is not doing what needs to be done to optimize software security within the network.  For example, hiring a staff of IT Developers and then doubling the workload with network security duties as well.  Simply put, these are two different IT functions and specialties.  There is not enough time in a day to perform both functions productively and efficiently without exposing the company to vulnerabilities and threats.
  2. Unsecured Devices: Another security vector within the promotion of mobile first, cloud first computer networking environment for the convenience of working from any device and from anywhere is detrimental to an organization’s network.  Having a lack of regulations on apps and devices downloaded and used can exploit vulnerabilities.  Examples of these breaches include:
  • Downloading malware that gives cyber criminals control over the device
  • Having cyber criminals spy on their WiFi
  • Losing their devices, or having them stolen
  • Failing to adhere to the company whitelist or technology use guidelines

Organizations need to weigh the pros and cons of allowing employees to access sensitive data over any device from anywhere.  Finally, providing proper training to employees on accessing data while adhering to recommended IT security guidelines and company policy:

  1. Bad Access Practices: Setting security standards such as implementing a strong password policy can mitigate risks, but without any ill intent people by nature are going to make things that are convenient for them.  The implementation of multi-factor authentication will mitigate risks further from password authentication.  This method acts like a safety net if the password was obtained by cybercriminals due to human error, for instance saving passwords on an unencrypted document, or storing passwords on shared browsers or public computers.
  2. Email Accidents: “Reply All” can sink your company by sending a sensitive message that is intended for one recipient but is received by unintended recipients.  This is a leak of sensitive data that can have detrimental consequences to not only your company but also to clients.  This type of mistake will make clients to do business elsewhere.  There are tools that could enforce rules such as, forcing encryption on sensitive emails, stripping attachments sent outside the organization, warning employees about emailing sensitive information, and forwarding copies of certain emails to an admin, to prevent email mistakes.
  3. Malicious Insiders: A constant internal threat will exist as long as organizations have employees. Let’s face it, employees will need access to information to perform the job duties properly. So how can companies authorize and restrict access at the same time? There are various measures that can be taken, for example keeping detailed logs to monitor and detect anomalies within the network. Implementation of this will detect anyone downloading enormous amounts of information and/or unusual amount of transmissions outside of the organization. Also, the logs will provide a source to the IT security team to investigate the who, what, when, and where about the transmissions. Finally, action could be taken to prevent or the continuous suspicious transmissions by shutting down the account until the issue is resolved.

In conclusion, an effective security program will place preventive and detective security controls on both the doors and windows of the organization as well as on internal rooms and hallways. Don’t assume that every user that is within an organization’s four corner walls is not malicious.  Security must be made part of a company’s culture no matter how loyal employees seem to be.  All it takes is one time to cripple an organization.  

Article curated by Ken F.





Sharing is caring!