Translate

вторник, 15 ноември 2016 г.

Как да противодействаме на заплахите към информационната / кибер сигурност, предизвикани от "вътрешни" ("наши" хора) ? Част 1


Combating the Insider Threat
© 2015 Lancope, Inc.

Table of Contents

Chapter One
WHO IS ATTACKING YOUR NETWORK?
Chapter Two
INSIDER THREAT MOTIVES AND METHODS
Chapter Three
DETERRING INSIDER THREATS WITH TECHNOLOGY
Chapter Four
USING NETWORK LOGS TO THWART INSIDER THREATS
Chapter Five
BEYOND TECHNOLOGY
Chapter Six
SUMMARY & TOP 10 WAYS TO COMBAT INSIDER THREATS




Chapter One

Who is attacking your network?

Many organizations today are drowning in fears and concerns surrounding sophisticated cyber-attacks
such as Advanced Persistent Threats (APTs), DDoS, ransomware and zero-day exploits. While this constant onslaught of attacks can be difficult to keep up with, businesses and government organizations also need to be mindful of perhaps the most alarming type of attack out there – the insider threat.

According to a report by Forrester Research, insiders are the top source of data breaches, with 36 percent of breaches stemming from the inadvertent misuse of data by employees. Additionally, 25 percent of respondents in the Forrester report said that abuse by a malicious insider was the most common way in
which a breach occurred over the course of one year.

What does insider threat mean?

While the insider threat can take on several different forms, the main component is that the attack is initiated
from inside your network versus outside where most security technologies are focused. The insider attacker
is already on your network, so traditional defenses such as firewalls, antivirus and IDS/IPS will not be able
to detect his or her actions. According to a recent survey by SpectorSoft, 61 percent of IT professionals said
they could not deter insider attacks, and 59 percent said they were unable to even detect one.

So who is attacking your network? There are three main types of insider threats:
Each of these types of insider attackers has his/her own motives, methods and means of being thwarted.
In order to develop an effective insider threat management program, it is critical to understand each type.

• Negligent Insiders – Insiders who accidentally expose data – such as an employee who forgets their
laptop on an airplane.
• Malicious Insiders – Insiders who intentionally steal data or destroy systems – such as a disgruntled
employee who deletes some records on his last day of work.
• Compromised Insiders – Insiders whose access credentials and/or computer have been compromised
by an outside attacker.

Various Business and IT Trends Have Increased the Likelihood of Insider Attacks for Today’s Enterprises

Bring Your Own Device (BYOD)
Now that it has become commonplace for employees to bring smartphones and laptops/tablets in and
out of the office, using them for both work and pleasure, opportunities for said employees to steal sensitive
data are greater. As a result of BYOD, the likelihood of employees having their devices, and therefore
corporate data, stolen by malicious outsiders has also risen.

More Open Networks
In today’s fast-paced business environment, the use of outsourcing, contractors, third-party technology
platforms and cloud computing has exploded as a means of fostering greater business agility. However,
this dramatically opens up our corporate networks and sensitive data to countless other parties who may
not be as trustworthy or careful with our information as we would expect.

Social Engineering
In an era of APTs, today’s attackers know that the best way to infiltrate an organization without getting
caught is through its trusted insiders. Crafty and patient attackers are creating designer attacks for specific
organizations and individuals, and they do not mind taking the time to trick or bribe employees into
divulging the confidential details they need to carry out their attacks.
In fact, according to a report by Mandiant, 100 percent of the attacks it investigated used stolen credentials,
while only 54 percent of the compromised machines it investigated contained malware. Through a new type
of attack known as muleware, attackers are now even paying end users to help them with their attacks.

Няма коментари:

Публикуване на коментар