One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1170909 |
| Date de publication | 2019-06-24 13:00:00 (vue: 2019-06-24 17:01:15) |
| Titre | An overview on insider threat awareness |
| Texte |
Organizations usually focus on cyber threats which are external in origin. These include anti-malware, external firewalls, DDoS attack mitigation, external data loss prevention, and the list goes on. That's great, external cyber attacks are very common so it's vital to protect your networks from unauthorized access and malicious penetration. The internet and unauthorized physical access to your facilities will always be risks and they must be monitored and managed. But it’s easy to lose sight of an often overlooked cyber attack surface, and that’s the one on the inside. Internal cyber attacks are more common than many people assume, and ignoring that reality would be at your peril. Here’s why you should be prepared for internal cyber threats, and what you can do about it.
The impact and importance of insider attacks
Insider threats to your network typically involve people who work as employees or contractors of your company. They belong in your facilities and they often have user accounts in your networks. They know things about your organization that outsiders usually don't–the name of your network administrator, which specific applications you use, what sort of network configuration you have, which vendors you work with. External cyber attackers usually need to fingerprint your network, research information about your organization, socially engineer sensitive data from your employees, acquire malicious access to any user account, even those with the least amount of privileges. So internal attackers already have advantages that external attackers lack.
Also, some insider threats aren’t from malicious actors. Some insider threats are purely accidental. Maybe an employee will accidentally leave a USB thumb drive full of sensitive documents in a restaurant’s washroom, or click on a malicious hyperlink that introduces web malware to your network. According to Ponemon Institute’s April 2018 Cost of Insider Threats study, insider threat incidents cost the 159 organizations they surveyed an average of $8.76 million in a year. Malicious insider threats are more expensive than accidental insider threats. Incidents caused by negligent employees or contractors cost an average of $283,281 each, whereas malicious insider credential theft costs an average of $648,845 per incident. But the bottom line is that all of these incidents are very expensive and they must be prevented.
Comparing insider versus outsider threats and attacks
So insider threats can be a lot more dangerous than outsider threats. As far as malicious attackers are concerned, insiders already have authorized access to your buildings and user accounts. An outside attacker needs to work to find an external attack vector into your networks and physical facilities. Those are steps inside attackers can usually skip. It's a lot easier to privilege escalate from a user account you already have than to break into any user account in the first place. A security guard will scrutinize an unfamiliar individual, whereas they will wave hello at a known employee.
The same applies to accidental incidents. I don’t know any sensitive information about companies that I’ve never worked for. A current or former employee often will, and it may be socially engineered out of them.
Because of the privileged access that insiders already have, they can be a lot more difficult to detect and stop than outsider threats. When an employee is working with sensitive data, it’s very difficult to know whether they are doing something malicious or not. If an insider behaves maliciously within your network, they can claim it was an honest mistake and therefore it can be challenging to prove guilt. Insider threats can be a lot more |
| Envoyé | Oui |
| Condensat | > awareness border:0;margin:0;padding:0; insider overview threat |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.