[BreachExchange] The Lurking Threat

Tue Feb 23 11:08:36 EST 2016

http://cloudtweaks.com/2016/02/the-lurking-threat-called-passivity/

What is lurking inside your company’s systems that is making them
vulnerable to attack? Hacking, phishing and other types of attacks are
often considered to be externally driven, with gangs of anonymous hackers
operating from halfway around the world using Internet connections to break
in and wreak havoc. But surprisingly, a significant proportion of network
security events happen on the inside. Depending on the particular
organization or industry, this percentage can range from 35% to 90%. In
addition, a significant portion of the vulnerability of any system starts
passively—in other words, with features and items that are not active
viruses or cracking tools, but whose mere presence eats away at the
defenses.

Consider busy employees. They have lots to do, and constant distractions
pull their attention away from practicing proper computer hygiene. In their
haste to get to a meeting or catch a flight, laptops are lost, phones get
misplaced and USB drives are borrowed. As convenient as these devices are,
much of the data and documentation stored on them is unencrypted. Few
people ever choose to assign a password to a Microsoft Word file; it takes
too much time. The same goes for other types of passwords, too. It is
time-consuming and annoying to change them every two weeks, especially if
they are difficult to remember. A proper password should be a string of 16
or more essentially unintelligible characters, but most of us just don’t
like to do that.

Dormant Data

Then there are those who are simply not around anymore. People leave, some
get fired and others simply get promoted or move elsewhere. This results in
many dormant user accounts lurking in the depths of the system. Still more
accounts may never have been activated. They sit there, with their default
passwords invisible due to inactivity, a fertile place for sophisticated
thieves to set up shop and establish a back door.

Some employees access files, directories or other areas by accident,
assigning documents to the wrong drives, clicking on the wrong link or
simply not knowing what they are doing. Such mistakes are not the fault of
the individual. Many people have never been able to bring their degree of
computer literacy up to an adequate level. Even those who are familiar with
password changing regimens, and who do not use a stranger’s USB drives, may
be unaware of sinister activities such as Wi-Fi website spoofing, for
example. This happens when the free Wi-Fi login for an honest-to-goodness
coffee shop is replaced or overshadowed by a sophisticated reproduction
working in the same hotspot, inviting workers to share everything on their
mobile devices with them.

These actions may fly under the radar, especially when security does not or
cannot maintain sufficient definitions of “correct” or “normal” activity on
a network. Security specialists themselves often do not have the resources
to adequately police internal activities, even when a budget has been
established.

Malignant Operators

It is evident that none of these human-sourced weaknesses are the result of
a specific virus or action. They are generally passive in nature, relying
on the fact that people are both goodhearted and under great pressure.
However, these activities are the types that offer safe harbor to malignant
operators, who either hack in and sniff out these soft spaces or already
work within the organization and are intent on sabotage or espionage.

Network security will always be an ongoing battle. The enemy is relentless.
That’s why a strategy must come from the top. It should focus not solely on
technical solutions, but also on human elements such as time management,
planning and communication, backed up with adequate and ongoing training.
For as distanced as these soft skills seem to be from the digital world of
computers, they are the levers by which the bad guys force open a crack and
move inside.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160223/53c3d929/attachment.html>