Blog

Internal Threats – The Weakest Link

December 08, 2017 Ronnie Mize

While many businesses are concerned about the threat external hackers pose to their online systems, it is crucial to note that a clear majority of breaches begin with the compromise of an internal source. Data security is something no company should take lightly, especially smaller entities that may not have access to or knowledge of more advanced methods of intrusion detection and prevention. There are several reasons why business owners should be extremely concerned about internal threats to their infrastructure security.

Access Requirements

A requirement of efficient business operations today calls for employees to have the proper access to perform their jobs. Depending on the size of an organization, this can be a daunting task. Ensuring someone has the proper credentials without overstepping is critical to ensure potential breach points are limited. I have witnessed organizations that will “open-the-farm” and allow almost unrestricted access to virtually everyone simply because it’s easier to set up. This is a dangerous practice and sets a company up as an easy target. There may also be employees that have system administration duties necessitating their access to confidential information. For those skilled with computers, it is not extremely difficult to steal information or plant malware. Just one disgruntled employee with the right skills and access can wreak havoc.
Set a standard as to what access levels are required for each level. Establish the proper credentials and permissions from the beginning. Permissions should also be regularly audited to ensure standards established by the organization are being met and adhered to.

Trusting Employees

People working for the same company can develop a certain level of trust with one another. This can lead to employees sharing passwords or other credentials, opening the door for a potential security breach. Most companies have not taken proper measures to educate their staff on the seriousness of keeping personal information and access credentials confidential. Lack of awareness can quickly set an organization up to be a target of phishing emails or scam phone calls requesting confidential information.

Personal Internet Browsing

In the business world, a typical employee can spend hours each day surfing the internet for personal reasons. The ever-increasing presence of malware and viruses on the internet means an employee can unintentionally introduce destructive content into company software and systems. Even games and videos that seem innocent may contain a rootkit that can go unnoticed until it wreaks havoc a company’s infrastructure. Clicking on the wrong link or downloading what is thought to be legitimate software can cause system compromise, loss and/or corruption of critical data, ransomware, etc. While most organization are utilizing some type of AV/AM along with IDS/IPS, they may not catch everything. It is equally important that all employees are fully educated on security awareness and best practices as it relates to navigating the web.

Portable Information

Advancing technology has continued to make information storage devices more portable and capable of holding increasing amounts of data. From MP3 players to USB drives, an individual has many ways to get information from a company’s network and out the door. Because the storage capacity on portable hard drives has gotten so large, vast amounts of data can be transferred and stolen. Even web-based email accounts or devices with Bluetooth capabilities pose threats to online security.

Network Abuse

Anytime an employee uses a company network to take part in illegal activities such as selling drugs or distribution of sexually offensive material, the company could be held liable. Fear of being caught using a personal network can drive some employees to their company’s network for their unlawful activities. Many companies have found it necessary to block specific websites and disable certain applications to help prevent employees from committing crimes on their network. Use of web filtering and/or proxy systems allow an organization to establish approved sites and limit access to business need. Monitoring software that scans emails and internet use for harmful file types or incriminating keywords can also be used to further protect the company infrastructure from malicious activity.

A company’s network and infrastructure security are paramount to its ability to function properly and increase its customer base. Threats to the system and data security of an organization could spell disaster or even threaten the future of the business. Prudent organizations are beginning to understand the need to watch for both external and internal threats to their protected information.