INTRODUCTION: The process of identifying security issues manually or by using automated tools is known as threat hunting. Threat hunters require advanced knowledge of cybersecurity tools, penetration testing, programming languages, etc. So that they can use their tools in detecting threats accurately. The experts may also have ample knowledge related [...]
The threat is something that exploits a system’s vulnerability that causes the data to breach and possibly harm our system. Threats can be intentional or accidental. Intentional threats are those which are caused due to some harmful decision or done purposely to damage the organization. These threats include theft of sensitive information, damage to the system resources, etc. On the other hand, accidental threats are those which are caused due to environmental hazards, computer failures, and human errors. Similarly, these threats can be physical or non-physical.
PHYSICAL THREATS:
Physical risk is the loss of sensitive data or physical damage to a computer system. It may also affect the infrastructure. It is classified into three types:
EXTERNAL THREATS
External threats include earthquakes, floods, and lightning etc. Different lightning protection systems are available to avoid lightning-related incidents. These systems are not 100% secure but reduce the chances and damage due to lightning incidents.
INTERNAL THREATS
Internal threats include humidity in rooms of software houses, unstable power supply, and fire, etc. Different measures are taken to avoid such risks:
Air conditioners can be used to reduce humidity.
Voltage controllers can be used to avoid unstable power supply.
Automatic fire detectors can be used to avoid fire incidents.
HUMAN THREATS
Human threats include intentional or unintentional errors, disruption, theft, etc. Locked doors and restricting access to computer rooms can avoid such threats.
NON-PHYSICAL THREATS:
Non-physical threats also known as logical threats damage the sensitive data and software on the computer system. It may also corrupt the system due to which business operations failed. Non-physical threats include viruses, trojans, keyloggers, worms, phishing, and unauthorized access to computers, etc. An organization can install anti-virus to protect the systems against different viruses. Organizations can also avoid accessing such websites that install unauthorized software on their systems as well as avoid the use of external storage devices.
TYPES OF THREAT:
There are a lot of computer security threats but we will discuss some of them here.
COMPUTER VIRUSES
A computer virus is the most well-known type of security threat. It is a malicious computer program written to infect the system and move from one device to another. It can replicate itself and alter the computer’s operations. Some viruses are written to delete the files from your systems or steal your data while others flow through the network making it impossible for the system to work properly. It first damages computer software and if you don’t take any precautions then can damage the hardware as well.
A system can get these viruses through different activities like downloading free files from different sites, installing software without reading the license agreement, opening email attachments or spam emails, etc. Now, these viruses can spread through various methods such as email attachments, sharing files with each other, inserting external storage devices like flash drives, discs, etc. If your computer gets infected with a virus then its performance gets slowed, frequent crashes and data loss, etc.
MALWARE
Malware is malicious software that is programmed to damage and steal information from our system without our consent. When a system is infected with malware then there are some symptoms you need to observe such as poor performance of the system, frequent crashing, and freezing, automatically opening and closing of programs, BSOD error, etc. Sometimes malware infects your system without any alert and silently steals your information. Malware includes different types of viruses, trojans, worms, adware, spyware, and ransomware, etc.
WORMS
The worm is a type of malware that is entered into our system through phishing attacks or software vulnerabilities. If a worm is installed on our system then it can infect the whole system and network. Worms can severely damage our system because they can steal our sensitive information, delete and modify the files in our system, install other malicious software, can replicate again and again to damage the entire system, etc.
BOTS AND BOTNETS
The bot is basically a computer that is already infected with malware and is controlled by a hacker whereas a collection of bots is known as botnets. Botnets are very beneficial for hackers in spreading ransomware. They spread undetected therefore contain millions of devices and help hackers in performing malicious activities such as spreading different types of malware, phishing attacks, sending spam, DDoS attack, etc.
RANSOMWARE
Ransomware is a type of malware that restricts us to access our own data and then demands payments so that we can access our files again. According to research in May 2017, almost 200k computers were infected with ransomware in just one day across 150 countries and caused damage of hundreds of billion dollars.
PHISHING AND SPAMMING
Phishing is a social engineering attack that is used to steal sensitive information from a user. In phishing, hackers send fake and spam emails, messages, etc. to the target. It is very successful as those emails appear to be authentic and from a reputable organization. Some emails instruct the user to update his bank details, after clicking on the link when the user enters the details then these details will automatically be forwarded to the hacker. In this way, they get all the information of a user.
SPYWARE THREATS
Spyware is a serious type of security threat. It is a type of program that monitors all of your online activities and without your permission install software on your system to access personal information. It targets our login credentials, personal information, browsing history, etc., and sometimes forwards this information to third parties. There are different types of spyware:
Browser Hijacker reset our browser bookmarks and redirects us to different sites. It also records our browsing history and then forwards this information to advertisers. Sometimes these Spywares become malicious and potentially slow down our system by generating pop-ups, passing data to third parties, etc.
TROJAN
Trojan horse is malware that hides its content to trick the user into thinking that it’s a harmless file. Mostly these are in the form of email attachments and look authentic. After downloading, when the user runs the file it begins to corrupt the system. These trojans can also come along with freeware so always download the software from authentic websites. There are different types of trojans:
Through backdoor trojans, hackers can access our system and download, execute and upload any file from your system. Downloader Trojans are programmed to download more trojans on a system. Rootkit Trojans are used to mask the malware so that they can give maximum damage to the system. All of these trojans can be recognized through device performance, its behavior, and frequent pop-ups.
INSIDER THREATS:
A malicious activity against a company is caused by the employee who can access the company’s database, its applications, and other sensitive information. This employee can be the current worker, temporary employees, contractors, partners who all can access the company’s assets. Sometimes insider threats refer to unintentional damage caused to a company. In 2019, almost 34% of data theft involves internal employees. That theft may be due to personal grudge, carelessness, financial advantage, etc.
The gallery
TYPES OF INSIDER THREATS:
There are different types of insider threats that can be intentional or accidental.
PAWNS
A pawn is actually an unintentional participant who makes a mistake such as typing the wrong email address due to which sensitive data is forwarded to the competitor, clicking on spam hyperlinks, lost personal laptop that contains the company’s data, or executing a file that contains a virus, etc. Companies are continuously working on these issues and mitigation steps but these cannot be prevented completely.
NEGLIGENT EMPLOYEES
This type of insider compromises the company’s security due to its carelessness. They know all the policies but unfortunately ignore them and lend their keycard to their colleagues, don’t care about installing security patches or updates, and misplace external hard drives that contain sensitive data.
COMPROMISED EMPLOYEES
The compromised employee is also an unintentional participant whose system is infected with malware. This may be due to phishing attacks, spam links, or clicking on links that automatically download malware on the system. The compromised system can be used to access databases or other systems to steal sensitive information regarding the company, its employees, and customers.
TURNCLOAKS
A turn cloak is someone who intentionally harms the company due to some motives. The motivation may be the personal grudge against a company or want financial reward from the competitors etc. They steal sensitive information and can leak it, harass colleagues, create violence in a company, or embarrass the employer.
WAYS TO PREVENT INSIDER THREATS:
There are several methods and tools available to secure your company data from unwanted access.
SECURITY POLICY
The first way to prevent computer security from insiders is to create a security policy for your company. This security policy should contain such methods and procedures that deal with misuse and manipulation of data as well as different guidelines to investigate the insiders. It also contains the consequences to cope up with the misuse.
For writing a security policy, first, read your previous policies regarding incident handling. Rework on the clauses that rely on trusting the employees blindly so that the incident handling team does not require any employees to contact the administration to get access to the suspected system as maybe that employee is a culprit.
Also, make sure that privacy policy contains the details that limit the access of company and employees as well as also contain consequences for mishandling this data like legal action. Separately specify which employees access what data, with whom they can share this data, and under which circumstances. Finally, make sure that privacy policy also contains consequences regarding misusing the company resources to avoid the allegations of unfairly applied penalties.
PHYSICAL SECURITY
One of the best methods to prevent your company from insider thefts is by keeping the employees away from the critical infrastructure. Keep this as your first priority whether you own physical security or not. Let’s consider the example of a red dot corporation where two gatekeepers enter the company through a garbage can and steal all customers’ and employees’ personal information. They illegally get access to bank accounts and credit cards and before getting arrested steal thousands of dollars. To deal with such problems, high-value systems should be isolated in restricted areas and strictly limit access to them. To limit the access different methods can be used some of which are given below:
KEY CARDS
Key cards can be used to limit access as they are very flexible and inexpensive as well as easy to use but there are certain disadvantages of key cards. They can be stolen, lost, someone can borrow it from a specific employee. The log will show that employees enter the restricted area at 10:00 Am but maybe someone else is using this card.
TWO FACTOR AUTHENTICATION
Two-factor authentication means something you know and something you have for example use of a keycard with a pin. When employees enter the keycard they are asked to enter the PIN to access the area. But this can also be problematic as employees can also borrow cards and PINs from their colleagues.
BIOMETRIC AUTHENTICATION
Biometric authentication is the best way to restrict the area from unwanted access. Different devices and fingerprint scanners are available for this purpose. Also, make sure that all of your employees have a lockable drawer to keep their sensitive information in it so that others cannot access it.
SCREEN NEW HIRES:
Background check of employees is another way to prevent insider threats but some companies consider it too expensive and time-consuming. If it sounds too expensive then consider outsourcing as it can save a lot of problems and thefts from your company in the future. Background checks do not mean it tells you the whole story about the employee for example it will tell you the current address of the employee but will not tell that any disgruntled employee or a con artist is living at the same address. To find such relationships services like Non-Obvious Relationship Awareness (NORA) can be approached. They combined information collected from different corporate databases in order to keep a check on employees so that they can give you more information.
MULTI FACTOR AUTHENTICATION:
In an organization, most of the employees use weak and shared passwords to access the data. On the other hand, Password cracking tools are becoming more advanced day by day making it possible to crack strong passwords and access sensitive information.
Try to implement multifactor and strong authentication methods to data-sensitive applications to solve this problem because if any person gets the credentials details, still he is unable to unlock the system due to multi-factor authentication.
Multifactor methods include smart cards, fingerprint readers, user IDs and passwords combined with tokens, etc. do not plug all the holes. There is an issue, once a session is established and you are stepped away from your system, an insider can access your system and steal sensitive information. To solve this problem windows stations can be used that automatically lock out the user after a specific time period.
SECURE DESKTOPS:
To secure desktops there are different services available that can lock all the desktops across the organization and allow the security manager to configure the operating system and its components like windows media player, internet explorer, etc. as all the employees are not responsible enough to do configuration.
Windows itself comes with different templates and active directories that lockdown specific parts of an employee’s systems. These services are very useful and applied on a need-only basis.
SEGMENT LAN’s:
The physical part of the LAN that is separated by routers and bridges is known as Segment LAN. Segment LANs use bridges to improve performance. These are smart devices that build routing tables and forward traffic to MAC addresses. Host-based detection systems need a prominent monitoring place on the internal defenses but it is very challenging. Network-based systems depend on LAN sniffers on the other hand host-based systems depend on agents.
SEAL INFORMATION LEAKS:
Sensitive information can be leaked from your organization through different ways like instant messaging, hard copies, emails, and employees discussing things with each other. So make sure that security policy contains restrictions on sharing confidential data and details which information with which employee. Technology can also help in this scenario by scanning the business plans for different phrases. Whenever these phrases are on the network, intrusion detection systems alert the systems. There are different email firewalls that scan all outgoing emails and their content and alerts if employees share something confidential. Tools like digital rights management restrict document distribution through access permission and rights. Combining the technology with security policy helps a lot in sealing the information leaks.
ANAMOLOUS ACTIVITIES:
Sometimes it happens that an employee breaks the trust of the company. Companies don’t expect it as they are too busy dealing with outsiders. You can collect data logs from your servers such as Windows event logs, antivirus reports, firewall logs, Unix syslogs, IDS alerts, and different audit trails. Generally, insiders are not careful as compared to outsider attackers because they don’t expect to be caught. Normally all the insiders are very easy to investigate. The main problem is that companies don’t have enough logging information because they don’t pay sufficient attention to the controller server that is deactivated by default. This is the reason for the unavailability of log material. After getting log files, the next difficult part is to sort all these files to track the suspicious activities. But it’s very hard to detect the specific person involved in stealing the data. Network forensic analysis tool is another method to detect anomalous activities by tracking the flow of data throughout the entire organization. Before applying these methods keep in mind that there are certain monitoring laws, analyze those laws so that you don’t break any of them.
IMPLEMENT PERIMETER TOOLS AND STRATEGIES:
Perimeter tools to the organization network help a lot in improving the security but it is a little expensive. Some organizations do not prefer to implement perimeter tools but it does not make any sense as these tools and strategies are always implemented on the public internet so why not the same goes with internal servers. Different steps are involved in implementing the perimeter tools and strategies, First step is to patch the web. The next step is to eliminate all the unused services and lock down the configurations. After covering the basics, more external tools can be added. One of those tools is a vulnerability assessment tool that costs a little bit but can scan organizations’ entire internet servers. So first scan critical servers like directory servers, web servers, internal emails and then move to other systems based on priority.
MONITOR MISUSE:
Another method to prevent the company from insider attacks is to monitor the employees directly. This can be done through keystroke logging, security cameras, etc. because a company’s sensitive information can never be too safe. Research shows that such monitoring is performed by almost one-third of all employees. Before implementing this method, check all the legal clauses regarding monitoring and available tools.
There are different web content filters available that block specific websites, competitors’ websites, and different hacking tool repositories. In case if you want complete details regarding a specific employee and its working then we have a lot of options such as URL history, keystroke recording, window title logging and application activity, etc.
These detection techniques help us to ensure the protection of the company’s sensitive information. Also aware of the employees of the security policy regarding the sharing of information and consequences in case of any violation. If your company doesn’t pay any attention to the security policy, you are compromising the data protection which could cost hundreds of dollars.
CONCLUSION:
Insider threats can highly affect your company’s financial state and also break your trust in your employees. Most companies trust their employees but it is essential to keep in mind that sometimes most trustworthy people betray us. Due to your blind trust, don’t let any employee steal your company’s sensitive data. Insider threats are more dangerous than outsiders so develop a comprehensive security system to prevent these threats. The IT security system is the most effective method to prevent these threats.
INTRODUCTION: A cyber threat is a malicious act that looks around to damage and steal data or disrupts digital life in general. Cyber threats are also known as the possibility ...