There are a lot of opinions about hackers – who they are, what they want, where they come from, how they do what they do, what recourse we have. But what kind of thought is given to the “Insider Threat”? What’s the big idea?
It used to be that the only thing between you and your attacker was the perimeter of the network. Once the attacker got through the perimeter, it was GAME OVER. We practiced defense in depth, and did our best to keep the outside world OUT.
The dynamic of the traditional network has changed radically in the last decade. We are doing more and more work OUTSIDE the traditional network. The Internet of Things (IoT) has put more network capable devices inside our networks. Insider threats from disgruntled and malicious employees/contractors are ever-present. We are outsourcing our internal infrastructure to cloud providers.
Here is something to think about – the most successful attackers look EXACTLY like an insider.
That means the best attacks are staged from inside the network, or using methodologies that disguise attacker as a privileged network user. Just look at these statistics from Gartner which highlight who is letting the “bad guys” in:
What are the big gaping holes in the network perimeter?
- HTTP (internet traffic)
The perimeter of the network is not what it used to be. It barely exists. Work is being done inside and outside the organization, using services that are a hybrid of inside and outside infrastructure. The modern network is designed to allow the worker access anything they need to do their work, from anywhere, at any time, with any device.
Let’s address the new world risks. Deperimterization, Zero-Trust Model. It needs to be given that ANYONE can be a vector for attack at any time, anywhere. Don’t trust anything just because it is “inside” your firewall. 81% of breaches involve stolen or weak credentials. 70% of breaches involve compromised devices. We need to address the users, devices, and we need to layer security from the edge, to the endpoint.
Modern security needs to involve complicated passwords, multifactor authentication, and endpoint protection; in addition to traditional edge protection. In the event that something is compromised, cloud and local backups need to be available. Users need to bound to known, trusted devices; and devices which are new to the network need to be segregated from sensitive network resources.
Talk with us to see how we can secure your network and help you cope with the ever-evolving threat-landscape.
Visit our website here: https://traconsulting.com/
Call Us for a free analysis here: (562) 551 8TRA
Check out our LinkedIn here: linkedin.com/company/tra-it