Archive for category Endpoint Security

Internal Attacks and their Impact on Organizations



The World of IT is not safe. With the growing techniques of hacking and information breach, it’s possible to decrypt almost all kinds of codes. However, considerable amount of effort is being invested in protecting your information from breaches. Numerous information security firms are there to ensure every client organization is safe from external attacks.


How stupid would you feel if despite all your safety measures and monetary investments your data gets leaked out just because an end user was not vigilant enough or had malicious intent?


Almost 40 percent of IT security breaches are perpetrated by people inside the company.” Estimates a Research conducted by the US Computer Emergency Response Team (Cert).


Well, Internal attacks are a real thing, and they can have devastating impacts on an organization in extreme cases. This is one of the reasons why insurance premiums for cyber-crimes are on the increase.




An individual or a group of employees with system privileges and technical expertise may attack an organization’s system internally, if they can benefit from the disruption of system or exploitation of organization’s assets. The internal attacks may also be unintentional in most of the cases.






  • Weak passwords


Generally, employees tend to be very careless about passwords. They may login to multiple sites with the same password, which can be exploited. Likewise, they keep their passwords simple, write them down in password hints, or give them over to unauthorized people or malicious websites. This non-skeptical casual behavior gives way to the success of phishing attacks.


Employees need to be trained on how their accounts can be exploited. Only then will they understand the importance of complicated passwords. Additionally, multi-factor authentications should be enforced for logging in to the system.





  • Falling victim to Phishing Attacks


Attackers use social engineering to obtain passwords or other sensitive information from employees, who if untrained about phishing will easily give into those attempts. This may give attackers login credentials to access a system.

This problem is recurrent worldwide, for which a clear information security policy is needed in every organization which should be followed strictly.


The end users are the weakest component of a network system. Therefore, there’s a strong need of training sessions for employees to enlighten them about why certain measures are necessary and how phishing works, otherwise they may dismiss the security measures as unimportant.



  • Fraud


Internal fraud can prove to be a very threatening act for an organization. It can be for monetary benefits or may harm an organization’s reputation if employees make fraudulent deals with people in the name of the organization.


Moreover, frauds may include misuse of sensitive information of the organization, leakage of private secrets or data of clients or even theft of intellectual property or plans of the organization, that could be sold to competitor organizations for monetary gains.


In extreme cases, some employees have been found to be working for external organizations who joined as intruders for leaking secrets of the company.


  • Misuse of gadgets


Misuse of office gadgets is a common problem in offices. Even though it does not compete to an intentional cyber-crime involving attacks and viruses, it may damage a system as much.


Office staff tends to visit inappropriate sites when they are ‘surfing the internet’. These sites can be malicious or may exploit vulnerabilities to drop malicious backdoors on a system. Likewise, office gadgets can also be used to pass confidential data to unauthorized users.


LexisNexis Industrial Relations Services conducted a survey last year that found almost one third of UK firms dealing with disciplinary cases of internet abuse.


These information leakage attacks can also be unintentional, but they still require considerable amount of effort, assets and time to limit the damage caused by them.

To prevent misuse of intellectual property or personal data, proper internet monitoring strategies need to be implemented.


  • Malicious downloads


The DTI’s latest InfoSec survey shows that 83% of the UK’s great firms have received infected e-mails or files, one-third of which carried 100 different viruses. Microsoft office or excel files are the new common means of zero-day exploits. Employees may compromise a system by downloading such unverified malicious files carrying viruses and malware.

Furthermore, downloads from the internet should be restricted to files from verified sources only. Without such restrictions and monitoring of their implementation, employees may download unneeded malicious software or games on the office gadgets which may compromise the system.





One of the most common practices against internal attacks is implementing an intrusion detection system. It should be configured to scan for both external and internal attacks. Moreover, access privileges of employees should be segregated, based on the requirement of their duties, to help protect against internal attacks.


Many kinds of software are available for automating the monitoring of online activities of employees to protect against internal attacks. Installation of updated anti-virus, firewalls and intrusion detection systems are some of the essential steps for keeping information security intact.




Staff training is essential to keep an organization internally safe. Also, system monitoring is crucial for ensuring an organization’s safety. However, the approach must comply with active laws such as the Data Protection Act.

When monitoring is implemented, staff must be informed about the monitoring along with their rights and claims regarding the policies. This ensures smooth implementation of security, without being offensive to your staff.

There can also be internal attacks which are deliberate cyber-attacks, which will be discussed later.

Carrier IQ

Carrier IQ also known as CIQ is a software that is installed not only on smartphones but also on tablets. Carrier IQ was developed to reduce the number of dropped calls, extend battery life and for the device and services to work efficiently at all times which will actually help understand the experience of mobile users. Operators want to develop and enhance the services all the time and this can only be done by knowing when exactly the mobile user is having a bad experience.

Historically operators use their network to solve problems but today’s network and devices are too complex to understand if you can’t see the device itself.  Carrier IQ examines a large amount of data from each device to capture and summarize what exactly is working and what is not. For example, the operators and the device manufacturers need to know where exactly was a call dropped or which applications drained the battery life of the device and most importantly they need to know how to solve the user’s problems when you call them.

Carrier IQ’s technology counts and summarizes problems. According to CIQ, it is not providing key strokes or tracking tools.  Carrier IQ’s technology is the user’s advocate because operators and handset manufacturers, for the first time are getting an understanding of the users day to day problems.

Developers, on the other hand, believe that CIQ is a low level software that is installed by Samsung and HTC at the command of the mobile carrier such as AT&T. According to them, it basically records metrics i.e. every key that is pressed, every touch on the screen, every application launched, every website visited or any kind of traffic entering or leaving the phone or every time the battery is changed, etc.

Carrier IQ calls this software the Mobile Intelligence Platform (MIP). CIQ works with mobile manufacturers such as Samsung and HTC to embed the agent within the Smartphone to track all the data. The biggest issue behind CIQ is the threat to privacy since the software works in a similar manner to a spyware.

Carrier IQ has recently gotten immense attention of the public. With growing concerns of threat to the privacy of users, CIQ is facing a lot of pressure not only from the general public but also has lawsuits filed against their software. Developers are coming up with new ways of disabling the software according to the wish of the users allowing them to control exactly what information they are willing to share.

Fired Employees Leaving With More Than Just Experience

With rampant downsizing in most organizations, corporations now face new frontiers in their efforts in keeping their data secured.

Uncertainty amongst employees leads to more dubious behavior. With most of today’s security products designed to counter external threats, how do you keep the EVIL WITHIN from jeopardizing your security and compromising the sanctity of your data?

Recent surveys conducted by (but not limited to) Symantec and Ponemon indicate that employee exodus has also resulted in tons of sensitive data being leaked out as well. The survey conducted around a thousand participants revealed that an overwhelming majority of employees took a copy of their work with them. According to the survey, CDs remained the most popular mode of sneaking out data with confessions from 53 percent of the participants. Next inline were USBs which had been used by another 43 % while 38% said that they had used Email.

While the more benign of the lot may just keep it as apart of their memory, the more enterprising may have other wily ideas.

, ,

The Need for Data Leakage Prevention (DLP)

Many years ago, I remember watching a clip on TV about someone inventing a toilet that once locked, would not open unless it senses that someone has used the washbasin first. Interesting and to some extent sickening – just makes you wonder, was it invented as a precaution or a necessity?

There probably aren’t many people out their, who have to be forced to wash their hands after the toilet but considering the stakes – the precaution was worth it.

Putting this in corporate information security perspective, most of our rules have less to do with legislation and more with common sense. Moreover a policy that isn’t implemented tends to remain more of an advice – which tends to be generally disregarded.

Data Loss Prevention (DLP) is a preventative technology, if you’d call it that, I consider it more of an amalgamation of existing little utilities packaged into an integrated software allowing centralized policy control and more importantly policy enforcing.

If you’re fed up being the Dutch uncle on information security issues that is once something appalling has occurred (people usually start seeking an advice once they’ve done the irrevocable). Maybe it’s now time for less advising and more enforcing of things, maybe its time for Data Loss Prevention (DLP).

, , , ,

Copyright © Rewterz. All rights reserved.