Embed Size (px)
DESCRIPTION
Information security
Citation preview
The Insider versus External Threat
Zhi Hao Chen(30113181)
Pavan Geddam(30127867)
Sasidhar Bandla(30121080)
The Insider Threat
• What is insider threat? An insider threat is generally defined as a current or former
employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization's information or information systems. Insiders do not always act alone and may not be aware they are aiding a threat actor (i.e. the unintentional insider threat).
The Insider Threat
• Some characteristics of Insiders at Risk of Becoming a Threat
1. Greed/ financial need
2. Reduced loyalty
3. Pattern of frustration and disappointment
4. Inability to assume responsibility for their actions
The Insider Threat
How to know who is insiderActing differently Download or copy more information from the company
than they should knowWorking long hours than others
The Insider Threat
Decrease insider threat• Training employees to recognize phishing and other
social media threat vectors• Train continuously to maintain the proper levels of
knowledge skills and abilities• Maintain staff values and attitudes that align with
organizational mission and ethics• Improve usability of security tools• Improve usability of software to reduce the likelihood
of system-induced human error
The Insider Threat
Defend your organisation from insider crime by:• Effective supervision – set the tone from the top• An anti-fraud strategy, tailored to the needs of the particular
organisation• Listening to staff concerns and encouraging them to speak up• Looking for weaknesses in controls and systems• Technical controls such as server room audit trails and disabled
USB access to prevent data theft• Effective pre-employment screening• Disabling access privileges on termination of employment• Be honest – report fraud, prosecute if necessary and give truthful
references for employees
External Threat
•External threats are anything from your organization's outside environment that can adversely affect its performance or achievement of its goals. Ironically, stronger organizations can be exposed to a greater level of threats than weaker organizations because success breeds envy and competition to take what your organization has achieved.
External Threat
An external threat includes:•individuals outside an organization attempting to gain unauthorized access to an organization’s networks using the Internet, other networks, or dial-up modems.
•flooding a network with large volumes of access requests so that the network is unable to respond to legitimate requests, one type of denial-of-service attack.
External Threat
External Accidents•Modern business computer systems are large and distributed. In addition to an organization’s internal network, many important components reside on the public Internet. This means that a complex chain of events can affect an IT database in unpredictable ways. For example, a heavy storm in one region of the country can cut power to a server that stores software licenses for other servers. With licenses unavailable, database backup software may not function at its scheduled time, leaving the database open to irreversible corruption.
External Threat
External Attacks•The most frightening attacks come from skilled and sophisticated external hackers. These attackers can find network vulnerabilities or socially manipulate insiders to get past outer network defenses. Since an organization’s software applications maintain open connections to IT databases, hackers seek to take control of these applications after they get inside, often by seeking application passwords set to their defaults
Insider Vs External Threats
•A threat originating outside a company, government agency, or institution. In contrast, an internal threat is one originating inside the organization.
•The relative susceptibility to insider- and outsider-originated attacks depends on many factors. Let’s discuss some of them
Insider Vs External Threats
• Only 39 percent of survey respondents said they were victims of a cyberattack
• 16% were attacked from an external source
• 13% were attacked from an internal source
• 10% were attacked from both internal and external sources
• 61% reported that they were not attacked
Insider Vs External Threats
• Personnel security. Some organizations carefully screen all personnel before they are allowed access to computing systems, to determine whether their background is sufficiently unblemished to merit trust in them. Good personnel security substantially diminishes the threat of an insider attack.
• Network architecture. Networks that have traffic screening and security management barriers generally provide less opportunity for outsider attacks than do those that do not. Multiple entry points (as opposed to a single entry point) into a network are more conducive to outsider attacks.
Insider Vs External Threats
• Intrusion detection capabilities. Deploying intrusion detection tools appropriately and taking the time to carefully investigate the data they provide can also affect the relative proportion of insider versus outsider attacks. Most of today's commercial intrusion detection tools are better at discovering outsider attacks. Most current attacks on networks and the systems therein do not occur at a single point in time, they often occur over a period of days, weeks and even months. Intrusion detection tools can help shut these attacks off by enabling an organization to discover an attack early, thereby enabling network and security administrators to change packet-filtering rules, disconnect target machines from the network, and take other evasive measures to prevent further, successful attacks. The overall result is less likelihood of outsider attacks (although insider attacks can also be reduced in a similar manner).
References
• https://www.us-cert.gov/sites/default/files/publications/Combating%20the%20Insider%20Threat_0.pdf
• http://www.thesecurityco.com/media/40631/Whitepaper-insider-threat_January2013.pdf• http://www.yourdictionary.com/external-threat
• http://education-portal.com/academy/lesson/external-opportunities-threats-in-swot-analysis-examples-definition-quiz.html#lesson
• http://itlaw.wikia.com/wiki/External_threat
• http://searchsecurity.techtarget.com/tip/The-worse-of-two-evils-Internal-vs-external-security-threats
• http://www.integritysrc.com/blog/223-internal-vs-external-threats-which-one-worries-you-more• http://smallbusiness.chron.com/difference-between-internal-external-threats-database-
74165.html• https://www.saintcorporation.com/solutions/smallBusiness.html
Question time!!!Thank you~~~
