The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The insider versus external threat
1. The Insider versus External Threat
Zhi Hao Chen(30113181)
Pavan Geddam(30127867)
Sasidhar Bandla(30121080)
2. The Insider Threat
• What is insider threat?
An insider threat is generally defined as a current or former
employee, contractor, or other business partner who has or had
authorized access to an organization's network, system, or data and
intentionally misused that access to negatively affect the
confidentiality, integrity, or availability of the organization's
information or information systems. Insiders do not always act alone
and may not be aware they are aiding a threat actor (i.e. the
unintentional insider threat).
3. The Insider Threat
• Some characteristics of Insiders
at Risk of Becoming a Threat
1. Greed/ financial need
2. Reduced loyalty
3. Pattern of frustration and disappointment
4. Inability to assume responsibility for their actions
4. The Insider Threat
How to know who is insider
Acting differently
Download or copy more information from the company
than they should know
Working long hours than others
5. The Insider Threat
Decrease insider threat
• Training employees to recognize phishing and other
social media threat vectors
• Train continuously to maintain the proper levels of
knowledge skills and abilities
• Maintain staff values and attitudes that align with
organizational mission and ethics
• Improve usability of security tools
• Improve usability of software to reduce the likelihood
of system-induced human error
6. The Insider Threat
Defend your organisation from insider crime by:
• Effective supervision – set the tone from the top
• An anti-fraud strategy, tailored to the needs of the particular
organisation
• Listening to staff concerns and encouraging them to speak up
• Looking for weaknesses in controls and systems
• Technical controls such as server room audit trails and disabled
USB access to prevent data theft
• Effective pre-employment screening
• Disabling access privileges on termination of employment
• Be honest – report fraud, prosecute if necessary and give truthful
references for employees
7. External Threat
•External threats are anything
from your organization's outside
environment that can adversely
affect its performance or
achievement of its goals.
Ironically, stronger organizations
can be exposed to a greater level
of threats than weaker
organizations because success
breeds envy and competition to
take what your organization has
achieved.
8. External Threat
An external threat includes:
•individuals outside an organization
attempting to gain
unauthorized access to an
organization’s networks using the
Internet, other networks, or dial-up
modems.
•flooding a network with large
volumes of access requests so that
the network is unable to respond to
legitimate requests, one type of
denial-of-service attack.
9. External Threat
External Accidents
•Modern business computer systems are large and distributed. In
addition to an organization’s internal network, many important
components reside on the public Internet. This means that a complex
chain of events can affect an IT database in unpredictable ways. For
example, a heavy storm in one region of the country can cut power to a
server that stores software licenses for other servers. With licenses
unavailable, database backup software may not function at its
scheduled time, leaving the database open to irreversible corruption.
10. External Threat
External Attacks
•The most frightening attacks come from skilled and sophisticated
external hackers. These attackers can find network vulnerabilities or
socially manipulate insiders to get past outer network defenses. Since
an organization’s software applications maintain open connections to
IT databases, hackers seek to take control of these applications after
they get inside, often by seeking application passwords set to their
defaults
11. Insider Vs External Threats
•A threat originating outside a
company, government agency, or
institution. In contrast, an internal
threat is one originating inside the
organization.
•The relative susceptibility to
insider- and outsider-originated
attacks depends on many factors.
Let’s discuss some of them
12. Insider Vs External Threats
• Only 39 percent of survey
respondents said they were
victims of a cyberattack
• 16% were attacked from an
external source
• 13% were attacked from an
internal source
• 10% were attacked from both
internal and external sources
• 61% reported that they were
not attacked
13. Insider Vs External Threats
• Personnel security. Some organizations carefully screen all
personnel before they are allowed access to computing systems, to
determine whether their background is sufficiently unblemished to
merit trust in them. Good personnel security substantially diminishes
the threat of an insider attack.
• Network architecture. Networks that have traffic screening and
security management barriers generally provide less opportunity for
outsider attacks than do those that do not. Multiple entry points (as
opposed to a single entry point) into a network are more conducive
to outsider attacks.
14. Insider Vs External Threats
• Intrusion detection capabilities. Deploying intrusion detection
tools appropriately and taking the time to carefully investigate the
data they provide can also affect the relative proportion of insider
versus outsider attacks. Most of today's commercial intrusion
detection tools are better at discovering outsider attacks. Most
current attacks on networks and the systems therein do not occur at
a single point in time, they often occur over a period of days, weeks
and even months. Intrusion detection tools can help shut these
attacks off by enabling an organization to discover an attack early,
thereby enabling network and security administrators to change
packet-filtering rules, disconnect target machines from the network,
and take other evasive measures to prevent further, successful
attacks. The overall result is less likelihood of outsider attacks
(although insider attacks can also be reduced in a similar manner).