Post your thoughtful analysis about one key point you took from this assigned reading. (This first week you are not required to post: One question to ask your fellow classmates to facilitate discussion, nor are required to post In The News nor comment on other students’ postings.)
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Threats to employees and former employees:
Employees and ex-employees are at risk because they often have extensive system knowledge and possess the credentials needed to access sensitive system parts. The most important thing is understanding the company’s control mechanisms, so generally know how to avoid detection. Companies tend to trust their employees when the security department insists that they have a safety violation, yet the employee’s manager protects the employee from “safety distractions.” Examples of employee sabotage can be seen in the news of chapter1. Tim Lloyd retaliated by planting a logic bomb program on a company’s critical server, which destroyed the company machine’s running, took its backup tapes home, and crushed them to prevent recovery. That resulted in $10 million in direct business losses, $2 million in lost reprogramming costs, and 80 layoffs.
Hello Dan,
I wholeheartedly agree with you without an iota of doubt about your analyses and this is so because one of the most common threats faced by organization is employees with a negative approach. and you need to understand that nothing can harm an organization more than unfaithful employees. Believe me, employees who attend office just to earn their salaries are in fact the biggest threat to an organization. Non serious employees do not contribute much towards the productivity of an organization.
As a cyber defense security consultant, I often explain to my clients the impact insider threats can pose to an organization. In this week’s reading, chapter 1 – section three highlights how insiders can leverage their understanding of an organization’s internal architecture and their access to critical business assets to exploit these weaknesses. However, I found the statistic reported by The Department of Justice that roughly half of all cases for cybercrime have defendants that are either IT/IS employees or ex-employees. This point is a great resource to share with my clients to illustrate the real threat insiders can pose.
One point that I took from this reading was that the threat environment is ever changing.
Threats can come from anywhere, but insider threats have the potential to be crippling for an organization.
This reminds me of a time in my own organization where we had an issue where a member of our senior management had clicked a link in an email that contained malware, and ended up giving a third party access to our system. I think this is a good reminder security awareness training should not be forgotten, and is important for all employees within an organization.
Hi Andrew,
While I agree that all employees should undergo security awareness training. I think its interesting to note that typical 4% of employees are often responsible for repeatedly falling victim to phishing. At a previous employer, we had one individual was repeatedly phished and he could not grasp the severity of having his password harvested. Once attackers find a weakness they’re prone to try to exploit it again.
Kelly
One of the biggest takeaways from this week’s reading I felt was the concept of “script kiddies”.
Years ago, hacking was mainly viewed as a feat requiring high levels of sophistication and intelligence; but now, high-level hackers have organized their attacks into hacker scripts—selling malicious code on the dark web/black market for anyone to use at any level of expertise. This new strategy of marketing and selling attacks opens up numerous repercussions. Being that malware and malicious code are now easily accessible, the threat environment is overall expanded in numbers; but can also allow for security personnel to have access to different hacker scripts and dissect these programs to better understand how to secure their systems (similar to the concept of open source software). In thinking long term, the success in hacker script sales could also turn the trade into a competitive industry. If hackers see high profit in selling system exploitations and malware, it is highly feasible that hackers can continuously detect and record system vulnerabilities for other cybercriminals to use.
Overall, it is important for security professionals to understand new threat strategies, like hacker scripts, in order to fully comprehend how to develop a strong defense.
Hi Lauren,
I agree with your callout here. Last weekend my firm performed incident response for a client that had a simple FTP server misconfiguration. While the fix was simple (less than an 1 hour to remediate) the simplicity and low level of effort an attacker would require to exploit the misconfiguration activated immediate forensics. Always good to clean up the low handing fruit as we say. Nice post.
Kelly
Cybersecurity is a cat and mouse game. Both cybersecurity professionals and threat actors are continually getting better. As cybersecurity professional come up with new ways to block attacks, threat actors will find new ways to circumvent those cybersecurity controls.
The book uses this NSA adage: “attacks always get better; they never get worse.” Attacks are always getting more sophisticated, so therefore the way we respond and protect ourselves from these attacks also needs to evolve. Every few years, there’s a new threat that steals the spotlight. Currently, it’s been ransomware. As a cyber underwriter, our main concern for the last two years has been ransomware. However, as our insureds get more sophisticated and as the regulatory landscape continues to evolve, we’re starting to shift our focus from ransomware to privacy being the biggest threat to our portfolio.
One key point I took away from this reading is that external threats can be just as dangerous as those conducted internally. Given all the different types of attacks, malware consistently ranks number one in the type of attack companies are experiencing and it’s also the most expensive according to the “Average Annual Computer Crime Costs by Attack Type” chart. The Target case is a great example. The attackers used malware and spear-phishing to attack one of Target’s vendors and the damage seemed surreal. $154 million in settlement payouts, $202 million annual loss, and losses of executive leadership. In addition to this, there are many forms of malware (Ransomware being the most popular) making it difficult to stay ahead of the attackers, however, proper security countermeasures can help mitigate the risk of an attack and reduce financial loss.
Hey Dhaval, the Target Case is a great example of external threats because both the threat and vulnerability came from outside factors (outside hacker and exploited vendor). I also think it ties in well to the topic of week 2, system security plans. The hacker being able to access critical systems from a compromised vendor shows the need for proper system interconnection security and limited information sharing.
One surprising point I took away from this reading was how much of a business’s threat environment comes from internal factors. According to Accenture, about 70% of companies experienced a phishing or social engineering attack. We know that humans tend to be the weakest links in IT security, and it is important to train employees to become knowledgeable and safe in this area. What really surprised me was that, according to the same study, about 40% of companies had experienced an attack from malicious insiders. Employee hacking, extortion, and sabotage could come as a result of a disgruntled worker or a worker that may be needing some financial compensation in return for assistance in a breach. As a result, it is important to set strict access limitations for users along with following a least-privilege access mindset.
One key point I learned about Chapter 1, “The Threat Environment,” is that there are so many environmental threats that both internal and external threats need to be given equal attention. On the one hand, regular employees are not the only threat inside the company. The access given to temporary workers and employees of outsourcing companies is another possible way to generate data breaches. On the other hand, numerous threats are arising from emails. For example, urgent email attachments received by employees can be difficult to prevent human error due to the urgency of the situation. And there are a few viruses that spread through emails and generate scams. For example, spam and advertising emails are interspersed with various links that entice people to click on them and then find out that they are fraudulent links. Or through that link, viruses, worms, Trojan horses, etc. are spread. In phishing emails, the victim receives an email that appears to come from a bank or other company with which the victim does business, and the message may even direct the victim to a website that appears to be real.
I have received emails from outlook informing me to close my account, informing me that I have a request to close my account and to click on the link, and other actions to bait the link if it is not operated by me. By googling, I found out it was a phishing email. The real official will not issue a similar notice. The level of vigilance and publicity in that area needs to be increased.
Hi Dan,
You bring up a good point about access given to temporary employees or outsourced organizations. Just as regular full-time hires, many contract employees are given a similar level of access to complete their job responsibilities, and with that level of access they could perform malicious activities. Contract employees may also be accustomed to the security practices and policies at their consulting firm and may need to learn the new policies in place at their client location, at times these policies can be lost in translation and could result in a breach of security policy.
Hello Dan,
That’s a great post. Both of the threats internal and external does needs to be considerate while securing the information security program. As you have mention that temporary employees would have access to the companies network, the companies that doesn’t have a good work flow of removing or disabling those accounts provides the greatest risk of having those accounts active while they are not in use.
Something of note that I find of particular interest and relevance from Chapter 1: The Threat Environment, is that of the discussion of cyberwar, and the significance and impact of cyber attacks by and for governments / political spheres / terrorists. This topic is particularly interesting to think about right now considering the cyberwar / attacks against Ukraine right now, wreaking havoc in Europe. Cyber attacks against the Ukrainian government are attempting to incite fear by taking control of official government websites with threatening messages. A cyber attack such as this sets the stage for a potential all out war between the parties involved, and demonstrates the devastation that can be caused via a well executed and calculated cyber attack. As the threat environment rapidly changes, nations must be able to recruit top security talent to be able to attack and defend in this modern threat environment.
A key point that I wanted to analyze from this assigned reading is how difficult it can be sometimes to detect phishing attacks, especially if they are target / spear phishing attacks.
If a hacker or group of hackers really wants to breach a specific system, they could just do some target-specific research and make a fake email address, subject line, and body of an email that would peak the intended targets interest. In addition to this, they could craft many emails and send it to the least suspecting employees who would be more likely to click on it than higher level managers and executives, and still get some access to the system. If the desire to get into a certain system is really strong, the potential attacker could just sit around all day researching information that is important to the target entity and continue crafting up legitimate looking and diverse emails to send until they get in.
According to the 2019 Data Breach Investigations Report (DBIR), 32% of all data breaches included some type of phishing, but that number jumps to 78% if the target is a nation state (1.4.9). Since nation states have some of the most sought after information by cyber criminals and other nation states, these criminals will put in a lot of effort just to get one phishing attempt to work. Another important factor is that technology based email filtering software still do not catch every phishing attempt, so every single employee must use some degree of discretion before clicking on any email.
Hello Michael,
It for sure is difficult sometimes to detect the phishing email. As there are many ways to make the phishing email looks like an actual email. Also, according to the ESET’s research, the phishing email has been increased by 7.3% in between May and August 2021. .
One of the key point that I took from this week reading was related to the Employee and Ex-Employee Threats. The employee and ex-employee are the dangerous threat as they would have a complete knowledge of the companies network and systems set up. They would have the appropriate system/network access they would need to access any sensitive part of the system. There is a lower chance of employee and ex-employee being detected as they would be known to any specific detection controls used by the company. Employee and ex-employee can also plant an time or logic bomb on computer which could allow any type of malicious activity to be performed at the time set by that employee.
Hi Vraj,
Employees and ex-employees are great examples of internal threats. Who better to conduct a malicious attack than someone who feels they have been wrongfully terminated. As you said, they know the systems and the security involved and there is a low chance of them being detected.
With regard to the chapter one, the topic explained thoroughly about the threats that environment in which companies in an enterprise setting are meeting and that has propensity to derail the sucess of the company. However, Boyle and Panko realistically insisted that rogue employees or ex-employees are increasingly regarded as a threat and dangerous to an organization progress. Some of the notable things these employees could do with company when getting computer access include destruction of hardware and software assets, embarking on financial theft to enrich themselves, and internet abuse such as downloading pirated software or malware and viruses. The organization must have a mechanism or robust measures in place to prevent and detect those actions, such as blocking certain websites, implementation of firewall security or filetype extensions, managing user accounts effectively to allow users to have certain permissions but not all, and in the event of an employee being terminated, making sure their credentials to access the network are blocked immediately.
In Chapter 1, whether an attack is internal or external, it can be extremely damaging. A company’s thought is, how can we best prevent an attack? Whether that is training, to be aware of your surroundings, or social engineering tests. Additionally, another item that stood out to me in this reading are hacker scripts and script kiddies. A script kiddie is someone who is not skilled and uses scripts or programs. It is interesting that one of the most important tool is Metasploit Framework. It makes it easy to take a new exploitation and turn it into a full attack. It is used by both attackers to create the attack.
Internal threats are defined as cybersecurity risks that emanate from within any organization to compromise the system or cause damage. The most prominent reason for Internal threats is the abuse of extended user/role-based privileges given to the hired and trusted employees.
An external threat relates to outsider attacks on the part of individuals attempting to gain unauthorized access to the targeted organization’s network. Most external attacks are intended to steal crucial information through viruses and malware. It is pertinent to note that the grave attacks come from skilled and sophisticated hackers, which is quite problematic