This chapter describes what the threat environment is: the types of attacks and the attackers an organization may face. One of the challenges organizations face when trying to mitigate the associated risks is not understanding the enemy. Many times, insider attackers are responsible for the most widespread attacks. Breaches are often not caused by advanced technology, but by disgruntled employees trying to retaliate.
In addition, this chapter introduces basic terms related to cybersecurity, well-known methods of cyberattacks, attack analysis, and the need for cyber countermeasures. It serves as a starting point for the cyber field to prove the existence of cyber threats and a key point for developing countermeasures and cyber awareness.
There are four reasons why employees and former employees are very dangerous: they usually have a broad understanding of the system, they usually have the necessary credentials to access sensitive parts of the system, they understand the company’s control mechanisms, and therefore often know how to avoid being discovered. Finally, the company tends to trust employees.
And it professionals account for a large part in the statistical proportion, there will be sabotage and employees will hack (break into) the company’s computers using stolen credentials, flaws in internal systems, or some other fraudulent scheme, the main purpose is for money or intellectual property rights; the common way for the implantation of scripts to threaten the company, hack into other people’s devices to obtain private content threat; at the same time, staff will also download some virus-carrying software and videos when they are online for entertainment. Employees may also lose the u disk and computer that store important files because of their own negligence.
If personnel are not properly controlled, it will lead to the company being in an environment with a very high-risk coefficient.
Employees known as “trusted insiders” are the most significant threat to the confidentiality, integrity and availability of information systems – whether intentional or unintentional. Employees have knowledge of and access to internal systems, knowledge of system controls, and knowledge of ways to avoid detection. The most effective way to reduce insider threats is therefore to train employees in relevant security awareness and to give them appropriate permissions depending on their position.
This chapter discusses the threat environment facing organizations. The main point I draw from this chapter is the need to understand all potential threats and the importance of taking defensive measures against them. Also, this chapter explains the dangers of employee and former employee threats. Many times, it is not advanced technology that leads to a breach, but rather disgruntled employees trying to retaliate.
In addition, the chapter introduces basic terms related to cybersecurity, well-known methods of cyberattacks, attack analysis, and the need for cyber countermeasures. such as viruses, worms, spam, Trojan horses, remote access Trojans, spyware, and rootkits.
Extensive studies and research have been conducted on insider threats, the possible causes, predictive models and best practices for prevention, early detection, and mitigation of the threats of insider attacks to a wide range of critical infrastructure, government agencies, and the private sector. Left undetected, insiders can cause irreparable and devastating consequences to private and public sector organizations, which compromise the integrity of the overall system.
Internal employees may inadvertently pose a threat to enterprise network security due to their lack of awareness or knowledge of network security. They may click on malicious links, download insecure files, use weak passwords, or share sensitive information. These actions can lead to malware infections, data breaches, or network intrusions.
On the other hand, internal employees may also intentionally carry out attacks on corporate network security. These employees may be unhappy with their working conditions or pay, or they may be manipulated by competitors or outside forces. They can steal sensitive information, destroy data, or compromise network systems, causing huge losses to the business.
This article explains what the threat environment is: the types of attacks and the attackers a business may face. One challenge businesses face when trying to mitigate the associated risks is not knowing the enemy. Many times, internal attackers are responsible for the most widespread attacks.
Too often, it’s not advanced technology that causes data breaches, but disgruntled employees trying to get revenge. Employees and former employees are the most dangerous “enemies” because they have extensive knowledge of the company
There is a exploration of the types of attacks and attackers that enterprises may face. A challenge enterprises encounter in attempting to mitigate associated risks is a lack of understanding of the enemy. Many times, internal attackers are the cause of the most severe attacks.
The chapter explains the danger posed by employee and former employee threats. Employees and ex-employees are the most dangerous “enemies” due to the extensive knowledge they have acquired about the company during their employment. They also have ready access to credentials to access sensitive/non-public sectors of systems. They understand how the enterprise operates and know how to circumvent the controls in place to avoid detection. Moreover, disgruntled employees often exploit the “this is our people” mentality. They manipulate those who trust their employees too much, and managers might defend them even if they have violated policies.
To sum up, it reminds us that enterprises need to not only focus on external threats but also be vigilant against internal threats, especially from employees and former employees. Understanding these potential threats and taking appropriate precautions is crucial for the security of the enterprise.
This article describes the definition and damage of environmental threats, which can come from internal or external sources and may be intentional attacks or unintentional accidents. In response to these threats, organizations can take a number of measures to strengthen network security, including strengthening authentication, encrypting communications, implementing security policies, regularly updating software patches, and conducting security training. At the same time, continuous monitoring and timely response to possible security incidents is also critical.
I think the key points are: the types of attacks and the attackers that businesses may face. One challenge businesses face when trying to mitigate the associated risks is not knowing the enemy. Many times, internal attackers are the cause of the most widespread attacks.
Danger of threats from employees and former employees. Many times, it’s not the high level of technology that causes the disruption, but a disgruntled employee trying to get revenge. Employees and former employees are the most dangerous “enemies” because they have extensive knowledge of the company during their employment. They also have certificates that allow them to enter the sensitive/non-public sector of the system at any time. They know how businesses operate and how to defeat existing controls to avoid detection. And, many times, these disgruntled employees are able to take advantage of the “this is our people” mentality. They manipulate people who place too much trust in their employees, and managers may defend them even if they create violations. Attacks by employees, such as employee sabotage, hacking, financial theft, intellectual property theft, extortion, harassment, Internet and non-Internet abuse, data loss, and other types of insider attackers, such as contractors or employees of contracting companies.
In Chapter 1, the discussion centers on the threat environment faced by companies in an enterprise setting. Boyle and Panko emphasize the significant risk posed by rogue employees or ex-employees to an organization. These individuals could potentially cause harm by destroying hardware and software assets, committing financial theft, or engaging in internet abuse, such as downloading pirated software or spreading malware and viruses. To mitigate these risks, organizations should implement measures such as blocking certain websites or file types, managing user accounts to limit permissions, and promptly revoking network access credentials upon an employee’s termination.
One of the main points I learned in chapter 1, “The Threat Environment”, is that there are so many threats in the environment that both internal and external threats need to be given equal attention. On the one hand, regular employees are not the only threat within a company. Granting access to temporary workers and employees of outsourced companies is another possible way to cause a data breach. On the other hand, email raises many threats. For example, urgent email attachments received by employees may be difficult to prevent from human error due to the urgency of the situation. There are also viruses that spread through email and generate scams. For example, spam and advertising emails are scattered with links that trick people into clicking on them and then realizing they are fraudulent links. Or viruses, worms, Trojan horses, etc. are spread through that link. In phishing emails, the victim receives an email that appears to be from a bank or other company with which the victim does business, and the message may even direct the victim to what appears to be a real website.
From the chapter 1, I have learned that the threats to the bad environment faced by the organization are huge and constantly changing and these threats can come from many sources such as cyber security threats, physical security threats, social engineering threats, compliance and legal threats, supply chain threats, technology threats etc. These environmental threats may cause property damage to the organization and even lead to loss of customers and reputation damage. To deal with these threats, organizations need to establish a comprehensive security strategy that includes risk assessment, threat intelligence gathering, security training, security auditing, and monitoring. At the same time, organizations also need to regularly update their security policies and measures to address the changing threat landscape.
There are four reasons why employees and former employees are very dangerous: they usually have a broad understanding of the system, they usually have the necessary credentials to access sensitive parts of the system, they understand the company’s control mechanisms, and therefore often know how to avoid being discovered. Finally, the company tends to trust employees.
And it professionals account for a large part in the statistical proportion, there will be sabotage and employees will hack (break into) the company’s computers using stolen credentials, flaws in internal systems, or some other fraudulent scheme, the main purpose is for money or intellectual property rights; the common way for the implantation of scripts to threaten the company, hack into other people’s devices to obtain private content threat; at the same time, staff will also download some virus-carrying software and videos when they are online for entertainment. Employees may also lose the u disk and computer that store important files because of their own negligence.
If personnel are not properly controlled, it will lead to the company being in an environment with a very high risk coefficient.
Based on the reading I think the professionals think that the threat environment will continue to change is very interesting, and I agree with that. Technology is growing very fast, we should consider the pros and cons when we create and invent new technology. Because new technology also comes with new risks. For example, AI technology is growing very fast now, but we need to be careful about the risk when we use this technology. The risks of technology and information systems always need to be considered, and providing solutions for the risk needs to be our first consideration.
One of the main points I learned in chapter 1, “The Threat Environment”, is that there are so many threats in the environment that both internal and external threats need to be given equal attention. On the one hand, regular employees are not the only threat within a company. Granting access to temporary workers and employees of outsourced companies is another possible way to cause a data breach. email raises many threats. For example, urgent email attachments received by employees may be difficult to prevent from human error due to the urgency of the situation. There are also viruses that spread through email and generate scams. For example, spam and advertising emails are scattered with links that trick people into clicking on them and then realizing they are fraudulent links. Or viruses, worms, Trojan horses, etc. are spread through that link. In phishing emails, the victim receives an email that appears to be from a bank or other company with which the victim does business, and the message may even direct the victim to what appears to be a real website.
The threats that organizations face are both internal and external, and the threats are large and constantly changing, and their sources are diverse. Enterprises can be said to be in the threat environment all the time, if enterprises and organizations do not handle these threats well, it will lead to huge economic losses and trust crisis. To deal with these threats, organizations need to establish a security strategy, including risk assessment, threat intelligence collection, security training, security audit and monitoring. In addition, the organization must constantly update and develop security policies and security measures to respond to constantly changing and evolving threats.
The key points I got from reading this chapter are:
An insider threat is defined as a cybersecurity risk that comes from within any organization to compromise systems or cause damage. The most prominent cause of insider threats is the abuse of extended user/role-based privileges granted to employed and trusted employees.
An external threat involves an external attack by an individual attempting to gain unauthorized access to a targeted organization’s network. Most external attacks aim to steal critical information through viruses and malware.
Whether the attack is internal or external, it can be extremely destructive.
This chapter made me realize that many times it is not advanced technology that causes vulnerabilities, but disgruntled employees trying to retaliate. Employees and ex-employees are the most dangerous “enemies” because they have accumulated a wealth of company knowledge during their employment. They also have readily available credentials to access sensitive/non-public parts of the system. They know how the business works and how to thwart existing controls to avoid detection. Additionally, many times these disgruntled employees are able to capitalize on the “it’s our guy” mentality. They can manipulate those who are too trusting of their employees, and managers may defend them even if they create a breach.
The confidentiality, integrity, and availability of information systems are constantly threatened, often most significantly by “trusted insiders” – employees and former employees. These individuals pose a significant risk due to their extensive knowledge of the company’s operations, access to sensitive information, and understanding of how to evade detection. Intentional or unintentional, their actions can cause severe damage. To mitigate these risks, it is imperative for enterprises to not only focus on external threats but also enhance security awareness training for employees, granting them appropriate permissions based on their position. A lack of understanding of the enemy, especially internal attackers, is a significant challenge. Therefore, a comprehensive understanding of these potential threats, coupled with appropriate precautions, is crucial for ensuring the overall security of the enterprise.
The types of attacks and attackers faced by commercial organizations are the key to preventing risks. One challenge for companies in dealing with such risks is the difficulty of recognizing the enemy. Many times, internal attackers become the source of the most widely influential attacks. Threat and danger of employees and former employees. Many times, it’s not high-tech, but resentful employees trying to get back. Employees and former employees are the most dangerous “enemies” because they know the details within the company. They also have certificates to access the sensitive / private parts of the system at any time. They understand how the business works and know how to bypass existing controls to avoid detection. And, many times, these resentful employees are able to use the “our own people” mentality. They manipulate leaders who trust their employees too much, and managers will even defend them when they create irregularities. Employee attacks such as employee sabotage, hacking, financial theft, intellectual property theft, extortion, harassment, cyber and non-network abuse, data loss, etc., and other types of internal attackers such as contractors or contracting company employees.
In the first chapter, I was most impressed by the script kiddies. They are unskilled individuals who use scripts or programs developed by others, primarily for malicious purposes. This shocked me because I always thought that only highly skilled people were capable of doing this. It also means that someone can do whatever mischief or damage they want, at a very low cost. But on the other hand, it also makes it easier for security personnel to access different hacking scripts and parse these programs to better understand how to protect their systems (similar to the concept of open source software).
In Chapter 1, “The Threat Environment,” the book provides detailed information on understanding the threat environment, which means knowing and recognising your enemy, especially from a cybersecurity perspective. This chapter also helped me understand some cybersecurity terminology that I didn’t know. Through my reading, I believe that the focus of cybersecurity work is risk management, and one of the important elements of risk management is to identify, analyse, manage, as well as dispose of the threat environment to minimise risk, to guide the enterprise’s own risk management with various risk frameworks and standards, and to develop a risk appetite and risk tolerance that suits its own risk appetite, in order to achieve eventual safe and smooth operation.
Threats can be classified into internal threats and external threats, and most security incidents are caused by internal threats. It is necessary to provide security protection for internal threats, including personnel, management systems, security technology, and other disposal measures. Used to protect enterprise IT assets.
Environmental threats usually refer to external factors that adversely affect the audit process and results. These threats can arise from a variety of sources, including technology, policy, regulation, and economics, and can negatively impact the effectiveness, accuracy, and reliability of audit work. Here are some common threats to the IT audit environment:
Technical threats: With the rapid development of information technology, new technologies and tools continue to emerge, which may bring new challenges to audit work. For example, the application of cloud computing, big data, artificial intelligence and other technologies may make traditional audit methods and technologies obsolete, requiring auditors to constantly update their knowledge and skills.
Policy and regulatory threats: Changes in policies and regulations may have a significant impact on audit work. For example, new regulations may require auditors to adopt new audit methods or reporting formats, while policy changes may result in some audit projects not being carried out or inaccurate results.
Economic threats: Changes in the economic environment may also have an impact on audit work. For example, an economic downturn may cause a company to struggle and increase audit risk; The economic recovery may bring new investment opportunities and business models, creating new challenges for audit work.
Data security threats: Data security is an important concern in IT audits. Security events such as data leakage, tampering, or loss may cause audit results to be distorted or invalid, which has a serious impact on audit work.
Supply chain threats: In a complex supply chain environment, supplier or partner issues can also have an impact on audit efforts. For example, a vendor’s software or hardware has vulnerabilities or defects that could make the audit results inaccurate or unenforceable.
To address these environmental threats, auditors need to remain sensitive to new technologies, new regulations and new economic environments, and constantly update their knowledge and skills. At the same time, it is also necessary to strengthen data security management and supply chain risk management to ensure the effectiveness and reliability of audit work.
One of the key points I learned from this chapter is that the threat environment is huge and constantly changing for organizations. Organizations must deal with a variety of different opponents, attack agents, and handle the consequences of a successful invasion. These attackers have many ways to execute attacks, such as Web-based attacks, extortion, or various types of malware. Finally, if the invasion is successful and violates one of the security objectives: confidentiality, integrity, and availability, it could cost organizations millions of dollars. The money can be used to notify customers of events, lawsuits, vulnerability remediation, or long-term financial losses due to the loss of customers and bad reputation.
There is a threat of unauthorized access, modification, and access interruption to the confidentiality, integrity, and availability of data, information, and information systems. Analysis has found that whether IT employees are exploited by the outside world or engage in personal misconduct as defaulters, they are the biggest threat to the IT environment. Therefore, identifying and preventing defaulters from posing a threat is more challenging.
Chapter 1 discusses the threat situation facing the business. Threats are primarily external, but can also be internal. Internal threats (e.g., disgruntled employees) are dangerous because they know the target system, but most importantly, they have valid credentials to access the network/system. This chapter goes on to explain the various types of attacks that threat actors can use, such as worms, viruses, Trojan horses, and social engineering. The threat landscape is constantly changing. If organizations are not aware of the latest attack methods and techniques, they will fall behind because attackers are always on the move.
A key point that I took from this chapter is the threat environment is vast and ever changing for organizations. Organizations have to deal with a wide array of different adversaries, attack vectors, and deal with the aftermath of successful compromises. The different adversaries could include current/former employees, organizational competition, nation-state, and more. These adversaries have many avenues to perform their attacks, e.g. web based, extortion, or various types of malware. Lastly, in the event a compromise is successful and violates one of the security objectives: confidentiality, integrity, and availability, it could cost the organization millions of dollars. This money may be used to notify customers of the incident, lawsuits, remediation of the vulnerability, or long term financial loss from losing customers and bad reputation.
This chapter describes the types of attacks and attackers that an organization may face, basic terms related to network security, well-known network attack methods, attack analysis, and the necessity of network countermeasures.
Of these, internal attackers are responsible for the most serious attacks. Internal employees may inadvertently pose a threat to enterprise network security due to their lack of awareness or knowledge of network security. The most effective way to reduce insider threats is to train employees on relevant security awareness and give them the appropriate authority based on their position.
Xiaozhi Shi says
This chapter describes what the threat environment is: the types of attacks and the attackers an organization may face. One of the challenges organizations face when trying to mitigate the associated risks is not understanding the enemy. Many times, insider attackers are responsible for the most widespread attacks. Breaches are often not caused by advanced technology, but by disgruntled employees trying to retaliate.
In addition, this chapter introduces basic terms related to cybersecurity, well-known methods of cyberattacks, attack analysis, and the need for cyber countermeasures. It serves as a starting point for the cyber field to prove the existence of cyber threats and a key point for developing countermeasures and cyber awareness.
Shijie Yang says
There are four reasons why employees and former employees are very dangerous: they usually have a broad understanding of the system, they usually have the necessary credentials to access sensitive parts of the system, they understand the company’s control mechanisms, and therefore often know how to avoid being discovered. Finally, the company tends to trust employees.
And it professionals account for a large part in the statistical proportion, there will be sabotage and employees will hack (break into) the company’s computers using stolen credentials, flaws in internal systems, or some other fraudulent scheme, the main purpose is for money or intellectual property rights; the common way for the implantation of scripts to threaten the company, hack into other people’s devices to obtain private content threat; at the same time, staff will also download some virus-carrying software and videos when they are online for entertainment. Employees may also lose the u disk and computer that store important files because of their own negligence.
If personnel are not properly controlled, it will lead to the company being in an environment with a very high-risk coefficient.
Chun Liu says
Employees known as “trusted insiders” are the most significant threat to the confidentiality, integrity and availability of information systems – whether intentional or unintentional. Employees have knowledge of and access to internal systems, knowledge of system controls, and knowledge of ways to avoid detection. The most effective way to reduce insider threats is therefore to train employees in relevant security awareness and to give them appropriate permissions depending on their position.
Xiaozhi Shi says
This chapter discusses the threat environment facing organizations. The main point I draw from this chapter is the need to understand all potential threats and the importance of taking defensive measures against them. Also, this chapter explains the dangers of employee and former employee threats. Many times, it is not advanced technology that leads to a breach, but rather disgruntled employees trying to retaliate.
In addition, the chapter introduces basic terms related to cybersecurity, well-known methods of cyberattacks, attack analysis, and the need for cyber countermeasures. such as viruses, worms, spam, Trojan horses, remote access Trojans, spyware, and rootkits.
Yuanjun Xie says
Extensive studies and research have been conducted on insider threats, the possible causes, predictive models and best practices for prevention, early detection, and mitigation of the threats of insider attacks to a wide range of critical infrastructure, government agencies, and the private sector. Left undetected, insiders can cause irreparable and devastating consequences to private and public sector organizations, which compromise the integrity of the overall system.
Internal employees may inadvertently pose a threat to enterprise network security due to their lack of awareness or knowledge of network security. They may click on malicious links, download insecure files, use weak passwords, or share sensitive information. These actions can lead to malware infections, data breaches, or network intrusions.
On the other hand, internal employees may also intentionally carry out attacks on corporate network security. These employees may be unhappy with their working conditions or pay, or they may be manipulated by competitors or outside forces. They can steal sensitive information, destroy data, or compromise network systems, causing huge losses to the business.
Nana Li says
This article explains what the threat environment is: the types of attacks and the attackers a business may face. One challenge businesses face when trying to mitigate the associated risks is not knowing the enemy. Many times, internal attackers are responsible for the most widespread attacks.
Too often, it’s not advanced technology that causes data breaches, but disgruntled employees trying to get revenge. Employees and former employees are the most dangerous “enemies” because they have extensive knowledge of the company
Shuting Zhang says
There is a exploration of the types of attacks and attackers that enterprises may face. A challenge enterprises encounter in attempting to mitigate associated risks is a lack of understanding of the enemy. Many times, internal attackers are the cause of the most severe attacks.
The chapter explains the danger posed by employee and former employee threats. Employees and ex-employees are the most dangerous “enemies” due to the extensive knowledge they have acquired about the company during their employment. They also have ready access to credentials to access sensitive/non-public sectors of systems. They understand how the enterprise operates and know how to circumvent the controls in place to avoid detection. Moreover, disgruntled employees often exploit the “this is our people” mentality. They manipulate those who trust their employees too much, and managers might defend them even if they have violated policies.
To sum up, it reminds us that enterprises need to not only focus on external threats but also be vigilant against internal threats, especially from employees and former employees. Understanding these potential threats and taking appropriate precautions is crucial for the security of the enterprise.
Xinyi Peng says
This article describes the definition and damage of environmental threats, which can come from internal or external sources and may be intentional attacks or unintentional accidents. In response to these threats, organizations can take a number of measures to strengthen network security, including strengthening authentication, encrypting communications, implementing security policies, regularly updating software patches, and conducting security training. At the same time, continuous monitoring and timely response to possible security incidents is also critical.
Guanhua Xiao says
I think the key points are: the types of attacks and the attackers that businesses may face. One challenge businesses face when trying to mitigate the associated risks is not knowing the enemy. Many times, internal attackers are the cause of the most widespread attacks.
Danger of threats from employees and former employees. Many times, it’s not the high level of technology that causes the disruption, but a disgruntled employee trying to get revenge. Employees and former employees are the most dangerous “enemies” because they have extensive knowledge of the company during their employment. They also have certificates that allow them to enter the sensitive/non-public sector of the system at any time. They know how businesses operate and how to defeat existing controls to avoid detection. And, many times, these disgruntled employees are able to take advantage of the “this is our people” mentality. They manipulate people who place too much trust in their employees, and managers may defend them even if they create violations. Attacks by employees, such as employee sabotage, hacking, financial theft, intellectual property theft, extortion, harassment, Internet and non-Internet abuse, data loss, and other types of insider attackers, such as contractors or employees of contracting companies.
Hongli Ma says
In Chapter 1, the discussion centers on the threat environment faced by companies in an enterprise setting. Boyle and Panko emphasize the significant risk posed by rogue employees or ex-employees to an organization. These individuals could potentially cause harm by destroying hardware and software assets, committing financial theft, or engaging in internet abuse, such as downloading pirated software or spreading malware and viruses. To mitigate these risks, organizations should implement measures such as blocking certain websites or file types, managing user accounts to limit permissions, and promptly revoking network access credentials upon an employee’s termination.
Xiaozhi Shi says
One of the main points I learned in chapter 1, “The Threat Environment”, is that there are so many threats in the environment that both internal and external threats need to be given equal attention. On the one hand, regular employees are not the only threat within a company. Granting access to temporary workers and employees of outsourced companies is another possible way to cause a data breach. On the other hand, email raises many threats. For example, urgent email attachments received by employees may be difficult to prevent from human error due to the urgency of the situation. There are also viruses that spread through email and generate scams. For example, spam and advertising emails are scattered with links that trick people into clicking on them and then realizing they are fraudulent links. Or viruses, worms, Trojan horses, etc. are spread through that link. In phishing emails, the victim receives an email that appears to be from a bank or other company with which the victim does business, and the message may even direct the victim to what appears to be a real website.
Yawen Du says
From the chapter 1, I have learned that the threats to the bad environment faced by the organization are huge and constantly changing and these threats can come from many sources such as cyber security threats, physical security threats, social engineering threats, compliance and legal threats, supply chain threats, technology threats etc. These environmental threats may cause property damage to the organization and even lead to loss of customers and reputation damage. To deal with these threats, organizations need to establish a comprehensive security strategy that includes risk assessment, threat intelligence gathering, security training, security auditing, and monitoring. At the same time, organizations also need to regularly update their security policies and measures to address the changing threat landscape.
Shijie Yang says
There are four reasons why employees and former employees are very dangerous: they usually have a broad understanding of the system, they usually have the necessary credentials to access sensitive parts of the system, they understand the company’s control mechanisms, and therefore often know how to avoid being discovered. Finally, the company tends to trust employees.
And it professionals account for a large part in the statistical proportion, there will be sabotage and employees will hack (break into) the company’s computers using stolen credentials, flaws in internal systems, or some other fraudulent scheme, the main purpose is for money or intellectual property rights; the common way for the implantation of scripts to threaten the company, hack into other people’s devices to obtain private content threat; at the same time, staff will also download some virus-carrying software and videos when they are online for entertainment. Employees may also lose the u disk and computer that store important files because of their own negligence.
If personnel are not properly controlled, it will lead to the company being in an environment with a very high risk coefficient.
Haoran Wang says
Based on the reading I think the professionals think that the threat environment will continue to change is very interesting, and I agree with that. Technology is growing very fast, we should consider the pros and cons when we create and invent new technology. Because new technology also comes with new risks. For example, AI technology is growing very fast now, but we need to be careful about the risk when we use this technology. The risks of technology and information systems always need to be considered, and providing solutions for the risk needs to be our first consideration.
Xiaozhi Shi says
One of the main points I learned in chapter 1, “The Threat Environment”, is that there are so many threats in the environment that both internal and external threats need to be given equal attention. On the one hand, regular employees are not the only threat within a company. Granting access to temporary workers and employees of outsourced companies is another possible way to cause a data breach. email raises many threats. For example, urgent email attachments received by employees may be difficult to prevent from human error due to the urgency of the situation. There are also viruses that spread through email and generate scams. For example, spam and advertising emails are scattered with links that trick people into clicking on them and then realizing they are fraudulent links. Or viruses, worms, Trojan horses, etc. are spread through that link. In phishing emails, the victim receives an email that appears to be from a bank or other company with which the victim does business, and the message may even direct the victim to what appears to be a real website.
Yiwei Hu says
The threats that organizations face are both internal and external, and the threats are large and constantly changing, and their sources are diverse. Enterprises can be said to be in the threat environment all the time, if enterprises and organizations do not handle these threats well, it will lead to huge economic losses and trust crisis. To deal with these threats, organizations need to establish a security strategy, including risk assessment, threat intelligence collection, security training, security audit and monitoring. In addition, the organization must constantly update and develop security policies and security measures to respond to constantly changing and evolving threats.
Yujie Cao says
The key points I got from reading this chapter are:
An insider threat is defined as a cybersecurity risk that comes from within any organization to compromise systems or cause damage. The most prominent cause of insider threats is the abuse of extended user/role-based privileges granted to employed and trusted employees.
An external threat involves an external attack by an individual attempting to gain unauthorized access to a targeted organization’s network. Most external attacks aim to steal critical information through viruses and malware.
Whether the attack is internal or external, it can be extremely destructive.
Shuyi Dong says
This chapter made me realize that many times it is not advanced technology that causes vulnerabilities, but disgruntled employees trying to retaliate. Employees and ex-employees are the most dangerous “enemies” because they have accumulated a wealth of company knowledge during their employment. They also have readily available credentials to access sensitive/non-public parts of the system. They know how the business works and how to thwart existing controls to avoid detection. Additionally, many times these disgruntled employees are able to capitalize on the “it’s our guy” mentality. They can manipulate those who are too trusting of their employees, and managers may defend them even if they create a breach.
Zhang Yunpeng says
The confidentiality, integrity, and availability of information systems are constantly threatened, often most significantly by “trusted insiders” – employees and former employees. These individuals pose a significant risk due to their extensive knowledge of the company’s operations, access to sensitive information, and understanding of how to evade detection. Intentional or unintentional, their actions can cause severe damage. To mitigate these risks, it is imperative for enterprises to not only focus on external threats but also enhance security awareness training for employees, granting them appropriate permissions based on their position. A lack of understanding of the enemy, especially internal attackers, is a significant challenge. Therefore, a comprehensive understanding of these potential threats, coupled with appropriate precautions, is crucial for ensuring the overall security of the enterprise.
Xuanwen Zheng says
The types of attacks and attackers faced by commercial organizations are the key to preventing risks. One challenge for companies in dealing with such risks is the difficulty of recognizing the enemy. Many times, internal attackers become the source of the most widely influential attacks. Threat and danger of employees and former employees. Many times, it’s not high-tech, but resentful employees trying to get back. Employees and former employees are the most dangerous “enemies” because they know the details within the company. They also have certificates to access the sensitive / private parts of the system at any time. They understand how the business works and know how to bypass existing controls to avoid detection. And, many times, these resentful employees are able to use the “our own people” mentality. They manipulate leaders who trust their employees too much, and managers will even defend them when they create irregularities. Employee attacks such as employee sabotage, hacking, financial theft, intellectual property theft, extortion, harassment, cyber and non-network abuse, data loss, etc., and other types of internal attackers such as contractors or contracting company employees.
Yue Ma says
In the first chapter, I was most impressed by the script kiddies. They are unskilled individuals who use scripts or programs developed by others, primarily for malicious purposes. This shocked me because I always thought that only highly skilled people were capable of doing this. It also means that someone can do whatever mischief or damage they want, at a very low cost. But on the other hand, it also makes it easier for security personnel to access different hacking scripts and parse these programs to better understand how to protect their systems (similar to the concept of open source software).
Yue Wang says
In Chapter 1, “The Threat Environment,” the book provides detailed information on understanding the threat environment, which means knowing and recognising your enemy, especially from a cybersecurity perspective. This chapter also helped me understand some cybersecurity terminology that I didn’t know. Through my reading, I believe that the focus of cybersecurity work is risk management, and one of the important elements of risk management is to identify, analyse, manage, as well as dispose of the threat environment to minimise risk, to guide the enterprise’s own risk management with various risk frameworks and standards, and to develop a risk appetite and risk tolerance that suits its own risk appetite, in order to achieve eventual safe and smooth operation.
Zhaomeng Wang says
Threats can be classified into internal threats and external threats, and most security incidents are caused by internal threats. It is necessary to provide security protection for internal threats, including personnel, management systems, security technology, and other disposal measures. Used to protect enterprise IT assets.
Chenhao Zhang says
Environmental threats usually refer to external factors that adversely affect the audit process and results. These threats can arise from a variety of sources, including technology, policy, regulation, and economics, and can negatively impact the effectiveness, accuracy, and reliability of audit work. Here are some common threats to the IT audit environment:
Technical threats: With the rapid development of information technology, new technologies and tools continue to emerge, which may bring new challenges to audit work. For example, the application of cloud computing, big data, artificial intelligence and other technologies may make traditional audit methods and technologies obsolete, requiring auditors to constantly update their knowledge and skills.
Policy and regulatory threats: Changes in policies and regulations may have a significant impact on audit work. For example, new regulations may require auditors to adopt new audit methods or reporting formats, while policy changes may result in some audit projects not being carried out or inaccurate results.
Economic threats: Changes in the economic environment may also have an impact on audit work. For example, an economic downturn may cause a company to struggle and increase audit risk; The economic recovery may bring new investment opportunities and business models, creating new challenges for audit work.
Data security threats: Data security is an important concern in IT audits. Security events such as data leakage, tampering, or loss may cause audit results to be distorted or invalid, which has a serious impact on audit work.
Supply chain threats: In a complex supply chain environment, supplier or partner issues can also have an impact on audit efforts. For example, a vendor’s software or hardware has vulnerabilities or defects that could make the audit results inaccurate or unenforceable.
To address these environmental threats, auditors need to remain sensitive to new technologies, new regulations and new economic environments, and constantly update their knowledge and skills. At the same time, it is also necessary to strengthen data security management and supply chain risk management to ensure the effectiveness and reliability of audit work.
Hao Zhang says
One of the key points I learned from this chapter is that the threat environment is huge and constantly changing for organizations. Organizations must deal with a variety of different opponents, attack agents, and handle the consequences of a successful invasion. These attackers have many ways to execute attacks, such as Web-based attacks, extortion, or various types of malware. Finally, if the invasion is successful and violates one of the security objectives: confidentiality, integrity, and availability, it could cost organizations millions of dollars. The money can be used to notify customers of events, lawsuits, vulnerability remediation, or long-term financial losses due to the loss of customers and bad reputation.
Yuming He says
There is a threat of unauthorized access, modification, and access interruption to the confidentiality, integrity, and availability of data, information, and information systems. Analysis has found that whether IT employees are exploited by the outside world or engage in personal misconduct as defaulters, they are the biggest threat to the IT environment. Therefore, identifying and preventing defaulters from posing a threat is more challenging.
Hao Li says
Chapter 1 discusses the threat situation facing the business. Threats are primarily external, but can also be internal. Internal threats (e.g., disgruntled employees) are dangerous because they know the target system, but most importantly, they have valid credentials to access the network/system. This chapter goes on to explain the various types of attacks that threat actors can use, such as worms, viruses, Trojan horses, and social engineering. The threat landscape is constantly changing. If organizations are not aware of the latest attack methods and techniques, they will fall behind because attackers are always on the move.
Chunqi Liu says
A key point that I took from this chapter is the threat environment is vast and ever changing for organizations. Organizations have to deal with a wide array of different adversaries, attack vectors, and deal with the aftermath of successful compromises. The different adversaries could include current/former employees, organizational competition, nation-state, and more. These adversaries have many avenues to perform their attacks, e.g. web based, extortion, or various types of malware. Lastly, in the event a compromise is successful and violates one of the security objectives: confidentiality, integrity, and availability, it could cost the organization millions of dollars. This money may be used to notify customers of the incident, lawsuits, remediation of the vulnerability, or long term financial loss from losing customers and bad reputation.
Haixu Yao says
This chapter describes the types of attacks and attackers that an organization may face, basic terms related to network security, well-known network attack methods, attack analysis, and the necessity of network countermeasures.
Of these, internal attackers are responsible for the most serious attacks. Internal employees may inadvertently pose a threat to enterprise network security due to their lack of awareness or knowledge of network security. The most effective way to reduce insider threats is to train employees on relevant security awareness and give them the appropriate authority based on their position.