Upton & Creese: The Danger from Within Flashcards
(Article: Upton & Creese: The Danger from Within)
What is the paper about (Introduction)?
- Insiders can do much more harm than external hackers can because they have much easier access to systems and a much greater window of opportunity may include suspension of operations, loss of intellectual property, reputational harm, plummeting investor and customer confidence and leaks of sensitive information to third parties including the media
- Many organizations still don’t have adequate safeguards to detect or prevent attacks involving insiders -> one reason: still in denial about the magnitude of the threat
- Most insider attacks remain unreported due to reputational damages
- Purpose of the research: significantly improve companies’ ability to uncover and neutralize threats from insiders
(Article: Upton & Creese: The Danger from Within)
COMMON PRACTICES THAT DON’T WORK AS CYBERSECURITY SAFEGUARDS: What is meant by Access Controls?
Access Controls: rules that prohibit people from using corporate devices for personal tasks (such as using Facebook)
(Article: Upton & Creese: The Danger from Within)
COMMON PRACTICES THAT DON’T WORK AS CYBERSECURITY SAFEGUARDS: What is meant by Vulnerability Management?
Vulnerability Management: security patches and virus checkers
(Article: Upton & Creese: The Danger from Within)
COMMON PRACTICES THAT DON’T WORK AS CYBERSECURITY SAFEGUARDS: What is meant by Strong Boundary Protection?
Strong Boundary Protection: Putting critical assets inside a hardened perimeter
(Article: Upton & Creese: The Danger from Within)
COMMON PRACTICES THAT DON’T WORK AS CYBERSECURITY SAFEGUARDS: What is meant by Password Policy?
Password Policy: mandating complex or frequently changed password means that they often end up on Post-it notes
(Article: Upton & Creese: The Danger from Within)
COMMON PRACTICES THAT DON’T WORK AS CYBERSECURITY SAFEGUARDS: What is meant by Awareness Policy?
Awareness Policy: simply requiring employees to read the company’s IT security policy annually
(Article: Upton & Creese: The Danger from Within)
Why is it an unappreciated risk?
- Insider threats come from people who exploit legitimate access to an organization’s cyberassets for unauthorized and malicious purposes or who unwittingly create vulnerability direct employees, contractors, third-party suppliers of data and computing services
- Attacks are growing
- External attacks may involve the knowing or unknowing assistance of insiders
(Article: Upton & Creese: The Danger from Within)
What is the cause of growth?
- Doors that leave organizations vulnerable to insider attacks are mundane and ubiquitous
(Article: Upton & Creese: The Danger from Within)
Causes of growth: What is meant by A DRAMATIC INCREASE IN THE SIZE AND COMPLEXITY OF IT ?
A DRAMATIC INCREASE IN THE SIZE AND COMPLEXITY OF IT
* Do you know which individuals are managing your cloud-based services, with whom you cohabit in those servers and how safe the servers are?
* How trustworthy are those who provide you with other outsourced activities such as call centers, logistics, cleaning, HR, and customer relationship management?
(Article: Upton & Creese: The Danger from Within)
Causes of growth: What is meant by EMPLOYEES WHO USE PERSONAL DEVICES FOR WORK ?
EMPLOYEES WHO USE PERSONAL DEVICES FOR WORK
* Insiders, often unwittingly, expose their employers to threats by doing work on electronic gadgets
* The devices can be as simple as flash drives or phone memory cards besides smartphones and tablets
(Article: Upton & Creese: The Danger from Within)
Causes of growth: What is meant by THE EXPLOSION IN SOCIAL MEDIA ?
THE EXPLOSION IN SOCIAL MEDIA
* Social media allow all sorts of information to leak from a company and spread worldwide often without the company’s knowledge
* Also provide opportunities to recruit insiders and use them to access corporate assets Romance scam: employee is coaxed or tricked into sharing sensitive data by a sophisticated conman posing as a suitor on a dating website
* Other strategies include using knowledge gained through social media networks to pressure employees
(Article: Upton & Creese: The Danger from Within)
WHY they do it: * Insiders who knowingly participate in cyberattacks?
- Insiders who knowingly participate in cyberattacks have a broad range of motivations:
1. financial gain
2. revenge
3. desire for recognition and power
4. response to blackmail
5. loyalty to others in the organization
6. political beliefs
(Article: Upton & Creese: The Danger from Within)
WHY they do it: What personality traits do Inside attackers often have ?
- Insider collaboration with organized crime and activist groups is becoming increasingly common
- Inside attackers often have some combination of these personality traits:
1. Immaturity
2. Low self-esteem
3. Amorality or lack of ethics
4. Superficiality
5. Tendency to fantasize
6. Restlessness and impulsiveness
7. Lack of conscientiousness
8. Manipulativeness
9. Instability
(Article: Upton & Creese: The Danger from Within)
How should we think about the problem?
- Organizations can no longer anticipate every risk because the technology environment is so complex and ever changing leaders of enterprises need everyone in the organization to be involved
(Article: Upton & Creese: The Danger from Within)
What should leaders do?
ADOPT A ROBUST INSIDER POLICY , RAISE AWARENESS, LOOK OUT FOR THREATS WHEN HIRING, EMPLOY RIGOROUS SUBCONTRACTING PROCESSES and MONITOR
