The Lurking Threat Called Passivity

The Lurking Threat

What is lurking inside your company’s systems that is making them vulnerable to attack? Hacking, phishing and other types of attacks are often considered to be externally driven, with gangs of anonymous hackers operating from halfway around the world using Internet connections to break in and wreak havoc. But surprisingly, a significant proportion of network security events happen on the inside. Depending on the particular organization or industry, this percentage can range from 35% to 90%. In addition, a significant portion of the vulnerability of any system starts passively—in other words, with features and items that are not active viruses or cracking tools, but whose mere presence eats away at the defenses.

threat-data

Consider busy employees. They have lots to do, and constant distractions pull their attention away from practicing proper computer hygiene. In their haste to get to a meeting or catch a flight, laptops are lost, phones get misplaced and USB drives are borrowed. As convenient as these devices are, much of the data and documentation stored on them is unencrypted. Few people ever choose to assign a password to a Microsoft Word file; it takes too much time. The same goes for other types of passwords, too. It is time-consuming and annoying to change them every two weeks, especially if they are difficult to remember. A proper password should be a string of 16 or more essentially unintelligible characters, but most of us just don’t like to do that.

Dormant Data

Then there are those who are simply not around anymore. People leave, some get fired and others simply get promoted or move elsewhere. This results in many dormant user accounts lurking in the depths of the system. Still more accounts may never have been activated. They sit there, with their default passwords invisible due to inactivity, a fertile place for sophisticated thieves to set up shop and establish a back door.

dormant-data

(Image Source: Shutterstock.com)

Some employees access files, directories or other areas by accident, assigning documents to the wrong drives, clicking on the wrong link or simply not knowing what they are doing. Such mistakes are not the fault of the individual. Many people have never been able to bring their degree of computer literacy up to an adequate level. Even those who are familiar with password changing regimens, and who do not use a stranger’s USB drives, may be unaware of sinister activities such as Wi-Fi website spoofing, for example. This happens when the free Wi-Fi login for an honest-to-goodness coffee shop is replaced or overshadowed by a sophisticated reproduction working in the same hotspot, inviting workers to share everything on their mobile devices with them.

These actions may fly under the radar, especially when security does not or cannot maintain sufficient definitions of “correct” or “normal” activity on a network. Security specialists themselves often do not have the resources to adequately police internal activities, even when a budget has been established.

Malignant Operators

It is evident that none of these human-sourced weaknesses are the result of a specific virus or action. They are generally passive in nature, relying on the fact that people are both goodhearted and under great pressure. However, these activities are the types that offer safe harbor to malignant operators, who either hack in and sniff out these soft spaces or already work within the organization and are intent on sabotage or espionage.

Network security will always be an ongoing battle. The enemy is relentless. That’s why a strategy must come from the top. It should focus not solely on technical solutions, but also on human elements such as time management, planning and communication, backed up with adequate and ongoing training. For as distanced as these soft skills seem to be from the digital world of computers, they are the levers by which the bad guys force open a crack and move inside.

For more on this topic, go to businessvalueexchange.com, sponsored by Hewlett Packard Enterprise.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website

CONTRIBUTORS

Digital Innovation Starts with a Digital Core

Digital Innovation Starts with a Digital Core

Digital Innovation A lot of times when the prevalent industry trends are discussed among industry folks, there are usually two ...
Big Data and Autism

Can Big Data Help Us Create a Medical Test for Autism?

Big Data and Autism Many mysteries surround autism spectrum disorder. Arguably, one of the largest is how to authoritatively diagnose ...
Protect Your Small Business

Protect Your Small Business from Future Threats

Protect Your Small Business The well-known ransomware called Wannacry hit hundreds of computers in May 2017. As a business leader, ...
3 Reasons SaaS Providers Must Have An App Store

3 Reasons SaaS Providers Must Have An App Store

SaaS Providers and APIs In the software-as-a-service (SaaS) industry, building an app store has moved from “nice to have” to ...
The Internet of (Retail) Things: How mPOS Systems Make Buying Stuff High-Tech

The Internet of (Retail) Things: How mPOS Systems Make Buying Stuff High-Tech

mPOS Systems On The Rise Modern society is increasingly connected — and mobile. Those realities have also carried over to ...
Bryan Doerr

Can You Afford the Risk of Not Going to the Cloud?

Risk of Not Going to the Cloud If you’re considering a migration to a public cloud environment, you’re most likely ...
Intel Targets Autonomous Cars and IoT With New Acquisition

Intel Targets Autonomous Cars and IoT With New Acquisition

Intel Targets Autonomous Cars To the casual observer, Intel may have looked like it was in trouble, after getting rid ...
What is Big Data And How Does It Work?

What is Big Data And How Does It Work?

Your technology is generating data whenever you use your smartphone, when you chat with your family and friends on Facebook, ...
The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a ...
Financial Management Finds a Welcome Home in the Cloud

Financial Management Finds a Welcome Home in the Cloud

Cloud Based Financial Management The most cautious person in any organization is likely to be the CFO. After all, they’re ...

NEWS

Amazon shortlists 20 cities for second headquarters

Amazon shortlists 20 cities for second headquarters

(Reuters) - Amazon.com Inc (AMZN.O) has short-listed 20 cities and regions, including one in Canada, for the construction of a ...
IBM shares rise after Barclays double upgrade

IBM shares rise after Barclays double upgrade

(Reuters) - Shares in International Business Machines rose nearly 2 percent on Wednesday, helped by a double-notch upgrade for the ...
Cogeco Peer 1 Adds Managed Microsoft Azure Services to Cloud Portfolio

Cogeco Peer 1 Adds Managed Microsoft Azure Services to Cloud Portfolio

Cogeco Peer 1 Adds Managed Microsoft Azure Services Flexible services optimize customer's Azure investments, handle the day-to-day management of the ...