Threats

Internal threats

Internal threats are from individuals that have legitimate access such as employees, students, and contractors. Insiders can be extremely difficult to detect or to protect against because they have legitimate access to the system, know what to look for, and most likely know how to circumvent intrusion detection systems.

They can misuse the companys IT resources to: perform port scans on outside systems and initiate attacks from inside the company. access, process, and distribute pornography materials. access unauthorized information (salary, secret trade). spread SPAM, SCAM, and/or malicious code. implement unauthorized changes to data or programs or steal data files for personal gain. visit illegal download sites. install illegal software into their computer (copyright infringement). Passwords are an important line of defense against unauthorized access to an IT system. When employees share their password or leave their computer unprotected; it provides opportunities for unauthorized users.

External Threats

Outside intruders can be hackers/crackers, saboteurs and thieves. If the network is compromised, intruders can attack or misuse the system. One common technique used by intruders to gain unauthorized access to the system is password theft. The intruder obtains the password of an authorized users account by: finding a sticky note with the password written on it; often stuck on the monitor or hidden under a keyboard, going through garbage to find discarded documentation that may contain passwords (dumpster diving), running a password-cracking application to figure out passwords that are stored in plain text from users accounts. This application can figure out a weak password in a matter of seconds. The program works with the same speed or even faster than the spelling check feature worked in a word processor. Types of attack are: - dictionary attack: compare passwords against dictionary files until the match is found, - hybrid attack: use a dictionary attack with a check for extra characters attached to either end of the word, - brute force attack: compare every possible combination and permutation of characters available until the match is found. It is used for passwords that are very complex and difficult to guess.

Employees Compromise Enterprise Data Security

Insider malice -Lets get the most depressing part out of the way: attacks coming from inside an enterprise accounted for $40 billion in damages in 2013. And unfortunately, while theyre rarer than other threats to your organization, malicious insider attacks are harder to detect and more costly than attacks coming in from outside hackers.

. Poor Password Practices

Passwords are one of the oldest authentication protocols still in use, literally dating back to the invention of spoken language. While it might be tempting to turn to the adage, If it aint broke, dont fix it, the fact is that passwords, at least the way most people use them, are seriously broken. It only takes ten minutes to crack a six-character password thats all lowercase letters. If you capitalize some of those letters, it will take 10 hours. If you replace letters with numbers and symbols, youre looking at 18 days of safety before someone gets a hold of your password

Weak Access Policies

Again, each employee should only have access to the systems and data they need to access, when they need to access them and that access needs to be revoked as soon as the employee no longer needs it.

How do weak access policies lead to compromised enterprise data security? Lets say you have a folder on a server full of confidential documents. They might contain sensitive customer data, like phone numbers and birth dates, or they might contain plans for a secret project.

Now lets say that one of your employees, still figuring out their way around your file management system, opens up that folder and accesses one of those documents. Now they have a cached copy on their personal workstation, which gives a hacker another vector by which to access the sensitive data. Worse, they may accidentally attach the document to an email, delete the document from its original location on your company server or otherwise compromise the data all completely unwittingly.

Not to mention, weak access policies give those employees who are tempted to steal your data an easy way to do it.

Unsafe Downloads

Each of your employees is in charge of their own workstation, and what they download could be a security threat to your whole organization. This could be anything from what they assume is a helpful productivity app or extension from a website, a trojan-laden torrent from a pirating website or a risky click from an email spammer.

No matter how your employee gets it, though, youre lucky if the damage is isolated to that persons work computer. More likely, it will spread through your network, and if you dont have the proper network isolation, it can spread to the servers containing your most precious data. From there, nogoodniks can leach data from your employees desktop, email and any other machines the virus now calls home.

Phishing and Social Engineering

Phishers and social engineers can exploit your employees for all sorts of internal data, including passwords, as well as gain access to your facilities. How? Phishers imitate legitimate companies your employees might interact with, like your enterprise software vendors or email provider, and simply ask for the data via phone or email. A social engineer might dress up like a maintenance person, slip past your front desk and plug a thumb drive into an empty workstation.

No matter how they gain access, phishers and social engineers are wolves in sheeps clothing, out for your data. If your employees dont know how to recognize them, their weak defenses let your companys guard down.

Unprotected Data and Email

A lack of strong data and email encryption can also make your data and systems more vulnerable to a security breach. In fact, using encryption can help to prevent some of the types of security breaches mentioned above.

Hashing and salting a password can help protect it against hacking, and using email encryption can help protect sensitive data contained in email even if a bad guy gets one of your employees passwords. Encryption provides an extra layer of security for your data, making it unreadable to anyone to whom you havent explicitly shared the encryption key. By using encryption to protect not only the data you host on premises and in the cloud, but also your company email solution, you can bolster your enterprise data security posture and protect your business from a nasty breach.

Unauthorized access

Tailgating

One of the most common types of unauthorized access is tailgating, which occurs when one or more people follow an authorized user through a door. Often the user will hold the door for an unauthorized individual out of common courtesy, unwittingly exposing the building to risk.

Door Propping

Similar to tailgating, propping doors open, most often for convenience, is another common way unauthorized individuals gain access to a location and potentially create a dangerous situation for the people and assets within.

Levering Doors

You might be surprised to know how easily many doors can be levered open using something as small as a screwdriver or as large as a crowbar.

Keys

Whether stolen, lost or loaned out, keys pose a major problem. They are often impossible to track when lost, forgotten, stolen or loaned to someone else, and if an individual tends to tailgate to enter the building, he or she may not notice missing keys for several days. During that time, there is huge risk

Access Cards

With the added advantage of identifying authorized users who swipe in with an access control reader, electronic key cards are a more high-tech alternative to traditional keys. However, they are prone to the same risks associated with keys, namely the potential to be lost, stolen or shared with an authorized or unauthorized person.

From a technology perspective, there are four main categories of access cards: Magnetic stripe, proximity, proximity smart cards and contact smart cards. Each has its pros and cons, with some more susceptible to risk than the others. Magnetic stripe cards are the easiest to duplicate and are susceptible to wear and tear or damage from magnetic fields. Proximity cards and smart cards are much less susceptible to duplication, and smart proximity cards can be programmed with much more information than access cards, allowing them to be used for a variety of interactive applications in addition to physical access, including network access. Some proximity smart cards, however, require a small battery, which can diminish their lifespan.

Disclosure of information

A privacy breach occurs when an individuals personal information is accessed, collected, used or disclosed in contravention of applicable privacy legislation or privacy policy. Personal information, which is defined differently in different statutes, is the cornerstone to most privacy laws. Personal information usually refers to information that is about an identifiable individual. Some of the more obvious examples of personal information include information pertaining to an individuals home address, nationality or ethnic origin, colour, religion, age or marital status; education, health, employment or criminal history; personal identification numbers, such as those listed on a drivers license or a bank account number; biometric particulars, such as fingerprints or blood type; and sexual preference or political affiliation.

A privacy breach may arise intentionally or inadvertently, but the effect may be equally devastating to its victims. Intentional breaches can consist of theft2 or an abuse or manipulation of the technologies that are so often used to catalogue and protect personal information.3 Hacking, which consists of breaching computer systems and electronic safeguards, is a serious problem, particularly due to the heavy reliance organizations place on computerized databases. Such intentional breaches are often vicious in nature and consist of a deliberate desire to access, collect, use or disclose an individuals personal information with a view of causing a disturbance or perpetrating a crime.

While deliberate, bad faith activities, such as hacking and theft, are serious crimes that cause risks to individuals whose personal information has been exposed, human error or ignorance is often the most likely cause of privacy breaches. Privacy breaches based on human error or ignorance typically arise in cases of careless practices, mistaken disclosures, or operational, technical or communication breakdowns.

Corporate espionage is not just a plot for action movies, it is a real threat to small and large businesses. Many successful attacks of corporate espionage steal data from companies each year resulting in intellectual property being sold to other companies, often in other countries, or ransomed back to the company. This, in turn has made it more difficult for companies to compete and to provide high-quality services.

Corporate espionage is focused on people more often than not and those who obtain information by manipulating people are called social engineers. These social engineers recognize that people are the weakest link in organizational security. It could take time to perform reconnaissance, defeat security controls, and locate the data they need if they target technology but a few well-placed phone calls or a casual meeting in a bar could give them much of the information they need.

Vulnerabilities in an organization

Complicated user interface

Graphical user interfaces environments are complex things, these days. It can take thousands, even millions, of lines of code to write the software for a basic GUI environment. Complexity, unfortunately, is the enemy of security. Every time you increase the complexity of a system, you increase the opportunity for something to go wrong in its design. The more lines of code in your system, the more opportunities there are to introduce bugs when developing the system; the more bugs there are, the more opportunities you have for bugs that introduce security vulnerabilities.

Default password not changed

System administrators leave their devices with default username and password combinations for a variety of reasons. Simply not knowing that a password needs to be changed or assuming that their perimeter firewall will protect them from unauthorized access are some of the reasons for doing so. This practice is definitely not a good idea considering an attacker can break into your network by some other means, then easily gain access to these devices. A bigger issue we're seeing is that some worms are configured to automatically propagate and search for systems set with a default username and password. Many times system administrators believe that the default username and passwords for specific devices are generally not known. This is not always the case. There are websites on the Internet which are specifically there to provide the default username and password combinations for a ton of vendors products

Disposal of storage media without destroying data

When data is moved, all data in the previous location should be destroyed. If any data remnants remain, this can create security issues and possibly allow unauthorized access to residual data. If companies move their data in a private cloud, they have access to the underlying infrastructure and more control over how they destroy data in the previous locations. It is a common misconception that by formatting the hard-drive, all data has been securely deleted. Like delete and emptying the trash folder, this utility only modifies the file system but does not remove the data. Think of this as removing the table of contents from a book but leaving everything else. All the pointers are gone, but the pages still exist.

Equipment sensitivity to moisture and contaminants

Industries that have medium or high sensitivity to water/moisture contamination, such as printing, car manufacturing, power generation, chemical & food manufacturing/storage, pharmaceutical, textiles, communications. Contents that are highly sensitive such as computers, scientific equipment, food products, clothing etc. Any contents that have a long replacement time, such as specialized machinery or specifically designed equipment.

Equipment sensitivity to temperature

Laptop and desktop computers are vulnerable to overheating. The electronic components operate at a specific current induced by a low voltage. The sensitivity of the components means that even a small fluctuation in voltage is dangerous. Excessive heat lowers the electrical resistance of objects, therefore increasing the current. In addition, slowdown is a result of overheating. Components can shut down when overheated and the motherboard temperature sensor instructs hardware such as the hard drive and processor to slow down. Cold temperatures are not as dangerous to a computer as overheating is, but problems can still occurs. If computers get too cold when left powered off, their components can be damaged upon boot because the electricity heats the circuit. As electricity travels through an circuit, it heats rapidly and causes the matter to expand. Rapid expansion, when close to matter that remains the same size, it distorts it. This can bend or break component.s parts.

Inadequate protection of cryptographic keys

Creating and sharing the secret keying material that underlies cryptographic algorithms is a complex security challenge. The keys protect data, but they must be protected themselves. And a poor password that provides access to the keys can give everything away. Ultimately, the security of information protected by cryptography directly depends on the strength of the keys, the effectiveness of mechanisms and protocols associated with keys, and the protection afforded to the keys

Inadequate replacement of older equipment

Security risks are the number one danger of older technology. The older your operating system or application, the longer the bad guy hackers have to find and exploit vulnerabilities. This is especially true when the manufacturer is no longer actively maintaining support. Hard drives are the most likely point of failure in older hardware since they have moving parts. A hard drive failure usually results in severe data loss, and data recovery attempts may cause further damage if not done correctly.

Inadequate security awareness

Information security are compromised, trust is lost and everyone loses: the victims and the institutions tasked with protecting their data. Information could be lost or compromised (due to an equipment malfunction, an error, or virus). Theres a huge ROI(return on investment) on security awareness training.

Inadequate segregation of duties

Segregation, or separation, of accounting duties means dividing the tasks so that different people are handling transaction processing, data recording, financial statement preparation and auditing. Relying on one person to handle all the accounting functions could lead to poor internal controls, accounting fraud and misappropriation of company assets. Inadequate segregation of duties could make fraud detection difficult. Examples of fraud include accepting cash from customers without recording the transaction in the company's books, deliberately under-reporting sales transactions or over-reporting payments to suppliers, misplacing invoices and receipts, hiding liabilities in off-balance-sheet accounts and filing misleading information to auditors and tax agencies.

Please write this article in your own words