In a purely accidental breach an employee may inadvertently disable the personal firewall on their PC allowing any number of malicious applications to enter unhindered. If a personal firewall or content inspection is disabled on a PC, employees can surf to virtually any site on the net and inevitably get infected with malicious applications or dialers which are predominantly found on the most popular recreational sites such as pornography and file shares. Another example may be a salesman who wants to synchronize his PDA, which has wireless connectivity, with is PC. During the same process the modem functionality has been activated on the PDA enabling unauthorized access to his PC, especially if there is no security enabled on the wireless connection. These are just a few examples of the multitude of internal security breaches that can bypass the gateway and access the corporate network.
How does a company protect itself from its own users who intentionally or accidentally can cause serious damage?
In light of the fact that most employees either do not read the company’s security policy or forget its content as soon as they have read it and the fact that it is difficult to enforce this policy anyway other than the threat of terminating the contract with an employee. Companies have to invest in internal security systems that complement existing gateway security solutions and provide real time threat detection that minimizes the window of opportunity for threats to become major security breaches.
Most companies do not think twice when considering security solutions at the gateway to protect the perimeter and control all communications going in and out of the organization but for whatever reason do not place much importance on the threat from within. If we take the example above, of a salesman synchronizing his PDA with his PC we can see how easy it is to bypass the gateway and open an unsecured connection from within the organization rendering investment in the gateway as only a partial solution since too many holes still exist in the security apparatus that need plugging.
A recent study on digital security claimed that 90% of companies surveyed reported ‘Insider abuse of Internet access’ while 50% had experienced unauthorized access by insiders and 40% by outsiders. These figures are certainly not trivial and highlight a problem that is only increasing in its magnitude.
For many years now industry analysts have been saying that most threats originate within the network with estimates going as high as 80% of attacks originate internally. However, the perception of most organizations is that protecting the perimeter is paramount and that securing the internal network is only a secondary or even tertiary concern. This may be true since the most malicious attacks do come from the outside in many forms; DoS attacks, Viruses, Worms, SYN floods etc. and to make them even more difficult to detect many of the attacks are fragmented.
All of this means that securing the perimeter with intelligent security applications is still of paramount importance but no less important is securing the internal network to complement the security devices at the gateway. Some companies have started shifting their security budgets to a more balanced investment between the perimeter and the internal network and this should increase as more and more companies realize the threat from within. Simple, easy to use solutions that can run in the background and provide intelligent security threat alerts that can be acted on immediately either by individuals or by the solution itself is a step towards hermetically sealing networks both from within and at the perimeter. These types of solution are as necessary to have as a firewall or Anti Virus solution but they must be complimentary and have minimal financial overhead to an already tightly budgeted IT Security department to be cost effective.