Protect Your Data From Internal Attacks

Uploaded on 2016-02-17 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

While Hollywood may love the image of the hacker lurking in the shadows, stealthily pillaging from across cyberspace, the reality is that threats from inside your network, whether intentionally malicious or unintentionally hazardous, are by far the greater problem in online security.

An inside threat can be as innocuous as an employee unknowingly clicking on a seemingly secure link in an email, opening up an opportunity for a malicious and soon-to-be-ex contractor to scorch your servers and sell secrets to your competitors.

A Vormetric study reports that 44% of US companies experienced a data breach or failed compliance audit in the last year. In fact, many of the most newsworthy breaches (like Target, Home Depot, and the Office of Personnel Management) came from internal weaknesses.

Anger meets misconfiguration

Innocuous or intentionally malicious, internal threats appear in the form of disgruntled employees, or those who merely seek to bypass security procedures they perceive as onerous. The misconfiguration of web-based applications and cloud-based infrastructure, are all too common. The added insecurity of un-vetted, often un-savvy contractors and consultants and the plethora of mobile devices in the workplace make company data ripe for even unsophisticated hackers.

Using these inside weaknesses in your perimeter security, hackers gain access to your networks and exfiltrate sensitive and valuable data. In the case of the infamous Target breach (which resulted in both the CEO and CIO losing their positions), thieves used credentials from one of the corporation’s refrigeration vendors to steal payment information and data from more than 70 million customers. Who would've thought that the company providing refrigeration would be the way into your entire internal network?

An ongoing battle

Protection from internal threats requires multi-pronged, ever-evolving approaches. Management and IT security professionals need to start by examining and securing internal weaknesses and recognize them as a major threat. This applies to people as well as computer systems.

1. Organisations need to understand the applications accessing their networks and move past the legacy ideology of “safe” and “unsafe” products

Operating systems have long been proven vehicles for attack. But even products built for safety can be vulnerable, like the recently uncovered flaw in Trend Micro’s antivirus software.

Two of the key elements in security are layering and segmenting. Layers of protection start with your firewall, move through your network and end on with individual users. Segmenting your network prevents intruders from getting everywhere once they break in somewhere. This was one of Target’s mistakes. Safety is not a place one reaches, but a state that requires vigilance. Seeing your network as one amorphous blob does nothing to help secure it.

2. Password protection efforts are only as strong as the passwords themselves, and then only if teams and workers don’t share them in an effort to simplify workflow

Ashley Madison reminded us that the most popular passwords are 123456, abc123 and Qwerty. Because passwords are keys to the kingdom in your business, they need complexity. Your systems must note length, content and repetition and should require new passwords at regular intervals.

More than that, companies need to take steps to prevent credential sharing. Single sign-on simplifies logins and cuts down on sharing. Allowing users to login from only one computer at a time also helps. Two-step authentication, especially for access from outside, can significantly reduce hackers’ chances of getting into your network. All this is slightly more inconvenient for employees, but holds exponential benefit for securing your network.

3. Trust contractors (with caveats)

Companies must vet anyone who has access, be it employees or contractors, to ensure that the people using those access points are both ethical and properly trained in how (and why) security protocols are mission-critical. A code of ethics, an acceptable use policy and getting an overview of their company’s IT security are a good place to start. From unidentified USB devices to unsecured WiFi Networks, employees must realize how they can unwittingly become the entry point for external malware. Teach them the ropes in plain English, and your human factor won’t be as vulnerable.

4. Have an eject button

When workers leave, be sure they’re really gone. Create off-boarding lists for what to do about closing accounts and turning in devices to ensure that they don’t take data access with them. When someone enters your network, make sure they’re found before damage is done, through active breach detection or otherwise. Regular security audits are an essential tool to know who is accessing your network. And be sure to keep up on current vulnerabilities so you can plug any new holes.

5. Educate, educate, educate

Rebooting and being on hold with tech support sums up most people’s experience with IT. The average person does not understand the intricacies and threats to network security. IT departments need to continually educate workers with short, 5- to 10-minute presentations on topics from passwords to email attachments to BYOD. Do remember that the Sony hack was only possible because a worker pulling an email out from their junk folder, and then opened the attachment. Securing the human factor is the hardest, but most rewarding part of IT security.

The good news

After years of chaos inside of the perimeter, teams can now access more mature network detection tools. The cloud and data analytics make it possible to identify breaches before any damage done, and remediate them without incident. As breaches continue to infiltrate every facet of business and life, accessing the most modern protections available will continue to be worth its weight in (data) gold.

Net-Security: http://bit.ly/1Q5ayL0

« US Agreement With The UK Allows Data Access To Private Companies
NSA Is Merging Hacker And Anti-Hacker Teams »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

CERT.hr

CERT.hr

CERT.hr is the national authority competent for prevention and protection from computer threats to public information systems in the Republic of Croatia.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

SafeCharge

SafeCharge

SafeCharge is a global provider of technology-based multi-channel payments services and risk management solutions for demanding businesses.

Institute for Cyber Security Innovation - Royal Holloway

Institute for Cyber Security Innovation - Royal Holloway

The Institute for Cyber Security Innovation aims to bring together Academia, Industry and Government to be a catalyst for applied research and innovation in cyber security policy and solutions.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

Cube 5

Cube 5

The Cube 5 incubator, located at the Horst Görtz Institute for IT Security (HGI), supports IT security startups and people interested in starting a business in IT security.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Fortiphyd Logic

Fortiphyd Logic

Fortiphyd Logic equips operators of the power grid, oil & gas, and other critical infrastructure with the tools and training they need to defend their industrial networks from advanced cyberattacks.

Intrepid Solutions and Services

Intrepid Solutions and Services

Intrepid Solutions and Services provides technology solutions and professional services to key components of the intelligence and national security communities.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

At RIT’s Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

GeoEdge

GeoEdge

GeoEdge is the premier provider of ad security and quality solutions for the online and mobile advertising ecosystem.

ICS

ICS

ICS is a leading provider of outsourced IT services, cybersecurity, communications, and distributed workforce solutions throughout the US.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

Defence Innovation Accelerator for the North Atlantic (DIANA)

Defence Innovation Accelerator for the North Atlantic (DIANA)

The NATO DIANA accelerator programme is designed to equip businesses with the skills and knowledge to navigate the world of deep tech, dual-use innovation.