Home » Research | IT vs OT | When Facing The Insider Threat | What Happend | Free Software vs Open Source
How it is when facing the insider threat
by Priscilla F. Harmanus • The Netherlands • last update: 28 may 2020
What becomes more and more important is to know the starting point of an attack.
Insider threats are dangerous. Because often times these attackers know how the system is configured and know its weaknesses.
In insider threat is defined as an attack perpetrated by an user OR malicious code that is already is inside the defended perimeter of a system OR organization.
Many stories are published on the internet when it comes to the subject of insider threat, social engineering, dumpster diving and spear phishing. However, insider attacks are far more difficult to detect and prevent than external cyber attacks. Insider threat has become more cunning, high skilled and sophisticated. The knowledge that malicious attackers gain and the self-esteem boost that comes from successful hacking might become an addiction and a way of life. There are also studies found that there is a link between cybercrime and autism.
Although many attacks or bugs goes unnoticed or unreported, insiders who are discovered are often not pursued or prosecuted. When they’re caught, hackers often rationalize their services as being altruistic and a benefit to society: They’re merely pointing out vulnerabilities before someone else does. Regardless, if hackers are caught and prosecuted, the “fame and glory” reward system that hackers thrive on is threatened.
The same goes for malicious users. Typically, their internal activities operating within the Industrial environment goes unnoticed, but if they’re caught, the security breach may be kept hush-hush in the name of shareholder value or not wanting to ruffle any customer or business partner feathers. However, information security and privacy laws and regulations are changing this because in most situations breach notification is required. Sometimes, the person is fired or asked to resign. Although public cases of internal breaches are becoming more common (usually through breach disclosure laws), these cases don’t give a full picture of what’s really taking place in the average organization.
Hackers like insiders can compromise a seemingly unimportant system to access the network and use it as a launching pad for attacks on other systems, and many people would be none the wiser because they don’t have the proper controls to prevent and detect malicious use.
Many business owners and managers — even some network and security administrators — believe that they don’t have anything that a hacker wants or that hackers can’t do much damage if they break in. They’re sorely mistaken. This dismissive kind of thinking helps support the bad guys or the adversary and promote their objectives.
There is also a big difference between the IT and OT departments within companies. Also mentioned is that even when the ICS security awareness is present the implementation could be a problem. The main reason for this is that most companies are willing to reserve budgets for implementation of ICS Security.
Also at the start of a project, security is often not taking into the plan. Security by design is not a common approach when starting a project so security is added after the project is already in an advanced stage. Like Security Matters mentioned: awareness, assessment, define policy and implementation.
To be continued
» How it is when facing the insider » Detecting An Insider on YouTube
» Insider threat involving the Dutch Recycling and Machinery Industry | 21 may 2018 | Part 1 by Priscilla
» Insider threat involving the Dutch Airline Industry | 18 april 2020 | Part 1 by Priscilla
» Richard Stallman Talks About Ubuntu » Ubuntu The Spyware | 2012 - 2017 | modified by Priscilla
How to install proprietary closed software in Ubuntu
But then you really begin to feel you know that person too and that challenges the missing story on this blog.