2.5 - Insider Threats

Network Security Overview

• Organizations invest significant resources in securing network edges.

  • Tools used include firewalls and intrusion prevention systems.

  • These systems primarily focus on protecting the perimeter of the network.

• Internal Network Vulnerability

  • Despite strong external security measures, internal systems remain vulnerable.

  • Employees within the organization often have access to sensitive systems, posing potential threats.

  • Possible internal threats: employees who might misuse their access.

• Insider Threats

  • Employees may unintentionally or intentionally become threats from within the network.

  • Threats are not limited to careless behavior, such as writing down passwords on sticky notes.

• Knowledge of Sensitive Data

  • Employees possess extensive knowledge about:

  • Locations of sensitive data.

  • Security methods in place to protect that data.

  • Techniques to copy or remove data without triggering security alerts.

• Types of Insider Threats

  • Not only disgruntled employees but also external attackers targeting employees.

  • Documented incidents of recruitment by attackers to gain access and exploit insider knowledge.

• Real-World Example of Insider Threats

  • Ransomware Attacks: Employees may be incentivized by malicious actors to introduce ransomware into the organization.

  • Attackers may offer financial rewards in cryptocurrencies (e.g., Bitcoin).

  • Example scenario:

    • Employee plugs a USB drive into the system, unwittingly executing ransomware.

    • The ransomware subsequently encrypts critical systems across the network.

    • Attackers profit significantly from these breaches (potentially millions of dollars).

• Security Practices Revisions

  • Organizations are improving internal security practices to safeguard sensitive data.

  • Updating security best practices specifically for internal data protection.

  • Enhancing backup strategies to ensure data integrity and recovery capabilities.