An internal threat refers to the risk of somebody from the inside of a company who could exploit a system in a way to cause damage or steal data. These kinds of threats are particularly troubling, as employees are expected to be trusted individuals that are granted extended privileges, which can easily be abused.
To better understand internal threats, we will learn about what kind of damage an employee can do from the inside, alongside the unsafe practices that allow them to engender digital mayhem.
This lesson we’ll learn about:
- Employee sabotage and theft of data and/or physical equipment
- Unauthorised access by employees to secure areas and administration functions
- Weak cybersecurity measures and unsafe practices
- Accidental loss or disclosure of data
1. Employee Sabotage and Theft
Employees have the privilege of accessing a wide range of physical equipment inside of a company, with only trust to prevent them from damaging or stealing it. This means that hardware like hard drives, containing lots of important data, can be physically stolen from the company; otherwise, the data on it can be transferred to a USB flash drive and then revealed and duplicated online.
Additionally, employees could purposely damage the businesses equipment or data, such as by deleting the data, or smashing a hard-drive.
Alternatively, disasters like fires, floods, power loss and even terrorism can occur. This can, of course, destroy equipment and the data it stores. Some of these are naturally occurring, but they can also be caused on maliciously on purpose as part of an attempt to sabotage the business.
There have been numerous high profile cases of employee sabotage, most notably the Yahoo email leaks. Research further into this to discover just how many people were affected.
2. Unauthorised Access by Employees
As employees already have access to a system within a company, they may be able to obtain access to areas of these computers they shouldn’t, such as a colleague who leaves themselves logged in, or a room left unlocked providing access to a server.
They may also sometimes have, or maliciously obtain, administrative privileges that allow them to perform further administrative functions, such as changing the access rights of other users or deactivating network security tools.
These issues can be a key point for launching further attacks, such as the sabotage and theft we looked at previously or providing access for an external threat to cause harm.
Much like the previous section, there have been several cases (but not as high profile) of users getting enough privilege to demote those around them and take control of a network. Research some of these.
3. Weak Cyber Security Measures and Unsafe Practices
By not having appropriate digital and physical security, a company increases the chance of a vulnerability being exploited, especially from the issues risen previously like theft.
For example, if the server(s) for a company’s network are left in an unlocked room, anybody could walk into it and damage/steal property. Whether a disgruntled employee or a visitor walking into the business that hasn’t been properly security vetted.
Furthermore, these security vulnerabilities may be accidentally exploited by an ordinary employee, by doing something simple as viewing an untrustworthy website – a virus could be unintentionally downloaded that could affect the entire network.
Now that you know what some of these security vulnerabilities are within companies, research into how you would prevent some of these from occurring. We’ll also look into this in future lessons.
4. Accidental Loss or Disclosure of Data
As stated above, the same security vulnerabilities that allow malicious behaviour may also permit simple accidents to occur and cause a lot of damage.
For example, a person may carry their laptop to and from work. When doing so, they may forget it on the train back home one day – this means that anybody that gets a hold of the laptop may have access to all the information stored on there, potentially exposing important data.
Another example of this could be an employee simply accidentally deleting data from a folder or spilling a drink on a device.
Some of these accidents can be a result of the limited time invested into properly training and monitoring staff. Educating staff on how to keep their devices secure and acceptable use of the businesses IT systems, will prevent a wide range of threats.
Furthermore, by monitoring, such as with keyloggers, access logs and remote monitoring software, we can ensure poor practices are not being followed and can identify where the damage occurred.
There are plenty of examples of people forgetting laptops and other devices on public transport, try and find the worst example online of an employee forgetting something important on the train.
- Employees can physically steal or damage computer equipment without appropriate security measures.
- Sometimes the threat of damage to computer equipment can be from natural disasters, such as fire and flooding, or from threats that cannot be fully prevented such as power loss or terrorism.
- Employees or visitors may be able to get access to sensitive data without an appropriate user privilege system in place.
- Even with a user privilege system, if an employee gains access to administrative privileges they can cause harm, such as removing security software and changing access rights to other users.
- Without physical security for network servers and storage, employees can walk in and damage or steal equipment without consequence.
- Without or with weak antivirus software, any ordinary user could accidentally access an untrustworthy website and download malware that could spread throughout a network.
- Employees could quite simply forget something on a train, potentially permanently losing data or having it revealed online.
- Without proper staff training or monitoring, employees can access sites with malicious content on that could infect the network.