Is Your Biggest Threat Internal

Your company could be compromised, even with a relatively tech-savvy workforce. Fooled into allowing attackers access to company networks, it is this mode of access that is one of the biggest cyber security challenges. Perceptive, well-meaning employees can be fooled into doing something that allows unauthorized access to company accounts all too often.
IS_Internal_ThreatFormer FBI Computer Intrusion Unit tells us, in an interview with Warwick Ashford at Computer Weekly, that “there is no patch for careless, greedy or stupid.” If an email was received that appeared to be a subpoena from their personal lawyer, there are few people that would not open it. That is enough to let an attacker into the company network.
Once these criminals gain unauthorized access, the most common tactic is to seek privileged system users and compromise their accounts. The credentials are then used to gain unrestricted access to the whole network. Circumnavigating all firewalls and all other security controls, attackers will find and obtain all kinds of data; this could be identifying employees with access to finance authorization.
Attackers after money will compromise key employees and make unauthorized payments to accounts they control within minutes. In one particular case, the money was designed to be made untraceable by arranging for a series of bank transfers to be made within seconds of the money arriving. However, the criminal behind the operation was caught when he arrived – where the money ended up in the Seychelles – from Ukraine. The criminal had entered a country with the relevant extradition treaties in place and thus became an instant target. As long as they stay in countries without one, they are untouchable.
These criminals become increasingly adept at mining all the information they need from social media accounts to ‘coerce’ people into co-operating with them. Initially in the case above, the attacker had intimidated employees by sending targets pictures of their child’s private school bus timetable.
Tools are available to help monitor targets and everything they do on the compromised device that can cost as little as $170. For as little as $500, hackers can get access to the accounts of those negotiating deals worth in excess of $1bn.
Many companies are simply failing to take adequate precautions. This is in spite of the fact that there is an ever-increasing arsenal in tackling such crime. Price and access are being lowered constantly, yet few act for a belief that they are insured against loss, or unlikely to be targeted.
“It is essential to assess the risk properly by creating a cyber-risk calculation framework that is underpinned by an understanding of data assets and the business,” says Codling. By subscribing to cyber threat intelligence feeds, businesses can know who is likely to target them. Including what, and why, and even how they are likely to achieve this.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”

Related Posts

Ignore Bad Data… Sort Of

Ignore Bad Data… Sort Of

In George Orwell's classic Animal Farm there is a well-known quote that sums up the issues tackled in the book: "All...