Internal vs. External Threats

Internal vs. External Threats We are living in a world where cyber security is a top priority for all governments and businesses. In fact, last week the United States announced cyber security as its biggest. James Clapper, the Director of National Intelligence, says that “the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.” Hackers are able to get ahead of governments because they are applying technology faster than many can understand it. (http://ca.reuters.com/article/technologyNews/idCABRE92B0LS20130312)

These attackers are persistent, and it is important to be aware of the methods used by hackers as it is an important step towards defending sensitive company data.

When a hacker strikes, the cost to a company could potentially be millions of dollars. Not only will it affect the bottom line, but hard-earned reputations can be compromised or destroyed.

It is important to recognize the differences between the different kinds of cyber threats: external and internal. An external, or outsider threat is much trickier to pinpoint. It can be “from someone that does not have authorized access to the data and has no formal relationship to the company.” They could be from someone who is actively targeting the company, or accidentally from someone who found a lost mobile device.

 

Internal threats are likely to come from an authorized individual that has easy access to sensitive corporate data as part of their day-to-day duties. This could be anyone working within the company or acting as a third party representative. The Global Knowledge Blog states that insiders have a much greater advantage because they have  means, motive, and opportunity, whereas outsiders most often only have a motive. (http://globalknowledgeblog.com/technology/security/hacking-cybercrime/insider-vs-outsider-threats/)

When focusing on internal threats, we have made a digital security check list:

  1. Implement an Intrusion Detection System (IDS). These systems act like security cameras watching a network.  They react to suspicious activity by logging off suspect users, or in some cases, they might reprogram firewalls to snag a possible intrusion.
  2. Implement a log management platform that will centralize all the logs and correlate to find threats and alert on them.
  3. Stay proactive with Identity Management systems that will monitor high risk or suspicious user activity by detecting and correcting situations that are out of compliance or present a security risk.
  4. Be aware of who has keys and access codes to vulnerable information. Monitor the activity when these spaces are accessed, authorized, or not.
  5. Create safety policies for when employees with these security privileges leave the company or are terminated. This will reduce the risk of theft due to careless behaviour, or break-ins from disgruntled employees.
  6. Get employees involved with the security procedures of the company. As a team, you can work to strengthen your digital security practices by being kept up to date on the latest training and challenges.

Spear phishing are an extremely affective way for hackers to get in. Even though this is an outsider threat, once they trick an innocent employee into clicking on the malicious link, their PC can then be controlled by the outsider but with insider access.

If you’d like to see an eye popping example where I claim I’d be able to hack into almost any company using a fake LinkedIn request, then you’ll want to watch the video below where I presented as a Keynote speaker in Salt Lake City to 2,500 people. 

Lastly, I highly recommend you hire a third party security firm to evaluate your network for vulnerabilities and implement the recommended preventative measures. During these assessments you’ll be able to truly see where all your weaknesses are in your company.

If you found this information to be helpful, please SMASH that share button now and spread the knowledge!

Follow me on Twitter @terrypcutler

Terry Cutler

Terry Cutler

Founder and Chief Technology Officer at Digital Locksmiths, Inc.
Terry Cutler is the founder of Digital Locksmiths, Inc. - an IT security and data defense firm based in Montreal - and serves as the company's Chief Technology Officer. Terry is a Certified Ethical Hacker who has learned the mindset of hackers and trained in the techniques of "the bad guys" who seek to do harm to corporations and individuals alike.He is responsible for staying on top of the latest trends in cybersecurity and being an advocate for best practices in the identification and eradication of vulnerabilities that leave the customers of Digital Locksmiths susceptible to the most dangerous threats.Another one of Terry's roles is to be a thought leader for Digital Locksmiths by sharing his expert insights about effective digital security strategies and countermeasures through his writings, speaking engagements, and media interviews.

Connect with Terry on Google +
Terry Cutler