The Lurking Threat Called Passivity

The Lurking Threat

What is lurking inside your company’s systems that is making them vulnerable to attack? Hacking, phishing and other types of attacks are often considered to be externally driven, with gangs of anonymous hackers operating from halfway around the world using Internet connections to break in and wreak havoc. But surprisingly, a significant proportion of network security events happen on the inside. Depending on the particular organization or industry, this percentage can range from 35% to 90%. In addition, a significant portion of the vulnerability of any system starts passively—in other words, with features and items that are not active viruses or cracking tools, but whose mere presence eats away at the defenses.

threat-data

Consider busy employees. They have lots to do, and constant distractions pull their attention away from practicing proper computer hygiene. In their haste to get to a meeting or catch a flight, laptops are lost, phones get misplaced and USB drives are borrowed. As convenient as these devices are, much of the data and documentation stored on them is unencrypted. Few people ever choose to assign a password to a Microsoft Word file; it takes too much time. The same goes for other types of passwords, too. It is time-consuming and annoying to change them every two weeks, especially if they are difficult to remember. A proper password should be a string of 16 or more essentially unintelligible characters, but most of us just don’t like to do that.

Dormant Data

Then there are those who are simply not around anymore. People leave, some get fired and others simply get promoted or move elsewhere. This results in many dormant user accounts lurking in the depths of the system. Still more accounts may never have been activated. They sit there, with their default passwords invisible due to inactivity, a fertile place for sophisticated thieves to set up shop and establish a back door.

Some employees access files, directories or other areas by accident, assigning documents to the wrong drives, clicking on the wrong link or simply not knowing what they are doing. Such mistakes are not the fault of the individual. Many people have never been able to bring their degree of computer literacy up to an adequate level. Even those who are familiar with password changing regimens, and who do not use a stranger’s USB drives, may be unaware of sinister activities such as Wi-Fi website spoofing, for example. This happens when the free Wi-Fi login for an honest-to-goodness coffee shop is replaced or overshadowed by a sophisticated reproduction working in the same hotspot, inviting workers to share everything on their mobile devices with them.

These actions may fly under the radar, especially when security does not or cannot maintain sufficient definitions of “correct” or “normal” activity on a network. Security specialists themselves often do not have the resources to adequately police internal activities, even when a budget has been established.

Malignant Operators

It is evident that none of these human-sourced weaknesses are the result of a specific virus or action. They are generally passive in nature, relying on the fact that people are both goodhearted and under great pressure. However, these activities are the types that offer safe harbor to malignant operators, who either hack in and sniff out these soft spaces or already work within the organization and are intent on sabotage or espionage.

network security will always be an ongoing battle. The enemy is relentless. That’s why a strategy must come from the top. It should focus not solely on technical solutions, but also on human elements such as time management, planning and communication, backed up with adequate and ongoing training. For as distanced as these soft skills seem to be from the digital world of computers, they are the levers by which the bad guys force open a crack and move inside.

For more on this topic, go to businessvalueexchange.com, sponsored by Hewlett Packard Enterprise.

By Steve Prentice

Big Data Explosion

Developing Machine Learning-based Approach for Optimizing Virtual Agent (VA) Training

Optimizing Virtual Agent (VA) Training Achieve NLU model’s precision, recall & accuracy up to 78% The success of any Virtual Agent (VA) depends on the training of its Natural Language Understanding (NLU) model prior to ...
David Gevorkian

Website Accessibility: Compliancy, Laws and Best Practices

Key to Making Your Website Accessible The internet has changed the education sector in so many ways. With e-learning, more people around the globe are able to access high-quality education and advance their careers. E-learning ...
Patrick Joggerst

Session Border Control as a Service: Faster, More Secure and Dramatically Less Complex Enterprise Communications

Session Border Control as a Service As businesses are increasingly moving to cloud-based unified communications (UC) for improved collaboration and productivity, they must also ensure that their networks and systems are as secure as possible ...
Future Fintech

What’s the cloud forecast for 2020?

Tech Agnosticism In 2019, we saw how cloud computing transformed the way data is managed, the way applications are developed and deployed, and also the way IT teams operate. Organizations are starting to experience the ...
Tesla Twitter

The Tesla Story The World Is Ignoring

The Tesla Story The World Is Ignoring Bugatti is one of the most recognized names among luxury supercars. After the founder Ettore Bugatti died, the company nearly disappeared in 1952. Until Italian businessman Romano Artioli ...
Mining Data

Cloud Mining and the GPU Shortage

Cloud Mining Cryptocurrency seemed to take a jump this year to a new level of internet hype. Bitcoin hit $60,000 and Elon Musk’s tweeting about Dogecoin made millionaires out of memelords. Alongside this new wave ...