Cyber attacks should be of great concern for businesses of any size in this day and age. Data breaches are reaching epidemic levels, with 46 data records being stolen every second. As cyber security threat detection is essential for digital health of any organization, you need to identify the risk sources: external or internal.
Most companies focus on reducing the threats from outside the business. However threats originating from within the organization may be a bigger threat than most people realize. In fact one of the main causes of data breaches is an unintentional leak due to a careless employee.
Threats from outside the organization may include hackers, cybercriminals, competitors, or any malicious person who is not affiliated with the company.
These external attacks are often financially motivated such as ransomware attacks, in which malware is installed on devices containing company data. This data is then encrypted and can not be accessed until a substantial amount of money has been paid to the attacker.
However, the aim of every cybercriminal is not necessarily to make money. Data can also be very valuable for various reasons and it is often the case that an attack occurs in order to access sensitive data. In these situations, the company may not even realize the data breach has occurred until well after the event.
Methods of Cyber Attacks
There are various methods an external attacker can use to gain access to internal systems and data:
- Social engineering, in which passwords or other sensitive information can be guessed or obtained via employees for example, by an outsider posing as someone else inside the company.
- Hacking, where malicious individuals gain access to via security loopholes in code and authentication systems.
- Malware, a computer program hosting malicious code that may allow backdoor access for a hacker, or delete or change existing data. These programs are usually installed by mistake as they are often posing as genuine files or software.
- Denial of Service (DoS) Attacks are a type of attack that make websites and other online services inaccessible to users by flooding the server with requests.
- Physical theft, usually of mobile devices may allow unauthorized users access to sensitive data.
- Malicious USB drops are another way that hackers can get malware onto a system by leaving USB pen drives loaded with malicious software in a place they know they will be picked up and accessed out of curiosity.
- 3rd-party apps are a new method that hackers are using to infect systems with malware such as Gooligan.
Malicious attacks from outside the organization are more common than internal attacks. To illustrate this, in a survey into Cybercrime issued by the Ponemon Institute, every single company surveyed had experienced a virus, worm, or trojan attack at some point, and 97% had been affected by malware.
Insider threats include attacks by current or past employees, contractors who have been given access to internal systems, and other business partners who may be privy to restricted data. A data breach may also occur not as the result of a malicious attack, but because an employee has inadvertently given an outsider access to his or her account through carelessness or ignorance about proper security procedures.
The motivations behind insider attacks are often the same as with external attacks – financial motives may be behind the attack, or it may be the case of a disgruntled employee trying to get revenge on his or her employee by leaking sensitive data. Employees may also be influenced by outsiders such as competitors, using them to gain access to company systems.
It’s also worth noting that the majority of insider threats are not malicious attacks, but rather caused by employees’ curiosity or carelessness with standard security procedures. Shadow IT, in which employees install software that has not been vetted by the IT department and so may be a security risk, is also a huge problem for many modern businesses.
The Shadow IT trend has increased in recent years due to the growing number of mobile devices and companies with a BYOD policy. Third-party apps are often installed by employees to help increase their productivity but these apps often connect with SaaS applications and can introduce new security risks. The use of third-party apps in enterprises has increased 30 times in the last two years. For this reason it’s important that third-party apps are audited on an ongoing basis in order to be aware of any potential security risks.
Most companies have a great deal of sensitive data that could be very valuable and possibly damaging to the company reputation if it was leaked to the outside world. Such data may include:
- Trade secrets and intellectual property
- Information about products and internal research
- Financial and personal staff information
- Source code
- Business plans and other sensitive corporate information.
Methods of Attack
It is generally easier for internal employees to gain access to this kind of data and so internal attacks can be difficult to protect against. The best method of defence is to invest in an internal threat monitoring and detection system that will monitor the online behavior of employees and report anything suspicious before a data breach occurs.
Common types of internal attack, or potential include:
- Social engineering, in which an employee is manipulated into giving up passwords or other confidential information.
- Data sharing with 3rd-party people or public sharing.
- Unauthorized downloading of data onto a personal USB drive or other storage medium.
- Unauthorized data transfer to personal cloud storage accounts.
- Abuse of employee privileges to access confidential corporate data for personal gain.
- Physical theft of company equipment such as computers or mobile devices.
Internal attacks are not as common as external attacks, with only 43% of companies surveyed in the previously mentioned report had suffered attacks due to malicious insiders, and 36% as the result of stolen hardware.
However despite their relative infrequency, internal attacks can be much more costly than attacks from outside. Attacks due to malicious insiders accounted for an average business cost of $145,000 per year, while viruses, worms, and trojans accounted for only $2,000.
Which is the Biggest Threat?
It’s clear that any business fighting cybercrime must put equal measures against both internal and external attacks into place, as both pose a serious threat to business data and finances.
Most data breaches actually involve a combination of both internal and outsider threats, so it is vital to protect data from any possible type of attack.
Sensitive data can be secured via secure encryption, restriction of access both physically and by user account. However securing data can only go so far towards protecting it. Staff security training is also essential to ensure data is not put at risk unnecessarily. Monitoring systems for irregular activity from both within the company and from external access by individuals, and via third-party apps, may be the best way to block attacks before they cause serious damage.
3,112 total views, 17 views today