The above is a real example of an event that actually took place in Israel and was reported by the BBC of a Trojan horse that was planted into a number of organizations by competitive companies and by parent companies. In some cases an e-mail was sent to a secretary asking her to click on a few items that basically released the application and installed it onto her machine. Once installed it ran in the background for over a year before being detected. In another company a CD was sent to an employee with the same Trojan embedded in it and without a second thought the employee’s curiosity caused him to run the CD and see what he had received. Of course without his knowledge the Trojan had installed itself onto his PC, gradually found its way around the network and transmitted data regularly to its target.

These are just a couple of examples where company networks have been easily infiltrated from within or by insiders and suffered major financial damage which in extreme cases have been difficult to recover from.

So far we have shown attacks that are premeditated where the intention is specifically to cause damage or steal information. However, there is the accidental damage by the ignorant or unaware employee or insider that does not realize he is causing any harm to the company. The example above is a combination of the two (accidental and intentional) where the attacker uses that employee’s ignorance in the hope that whoever receives the CD will in fact run it on his PC and forget about the company policy which prohibits the use of unapproved media. This is the exact reason for the prohibition but these prohibitions are difficult to enforce.


In a purely accidental breach an employee may inadvertently disable the personal firewall on their PC allowing any number of malicious applications to enter unhindered. If a personal firewall or content inspection is disabled on a PC, employees can surf to virtually any site on the net and inevitably get infected with malicious applications or dialers which are predominantly found on the most popular recreational sites such as pornography and file shares. Another example may be a salesman who wants to synchronize his PDA, which has wireless connectivity, with is PC. During the same process the modem functionality has been activated on the PDA enabling unauthorized access to his PC, especially if there is no security enabled on the wireless connection. These are just a few examples of the multitude of internal security breaches that can bypass the gateway and access the corporate network.

How does a company protect itself from its own users who intentionally or accidentally can cause serious damage?

In light of the fact that most employees either do not read the company’s security policy or forget its content as soon as they have read it and the fact that it is difficult to enforce this policy anyway other than the threat of terminating the contract with an employee. Companies have to invest in internal security systems that complement existing gateway security solutions and provide real time threat detection that minimizes the window of opportunity for threats to become major security breaches.