Cyber threats & Responsibilities
Internal threatsInternal threats are by people who work for your organisation. The damage caused may be due to carelessness or ignorance. Leaving a laptop open and unattended, losing it, falling prey to a malicious outsider, etc.Internal threats, however, need not be due to carelessness/naivety alone. Insiders are more likely to have direct access to the systems and knowledge about how the organisation defends itself from the attacks. The means/motive/opportunity equation comes to the fore at this time. Staff, contractors and other personnel who already have access to the system have a better chance of penetrating the defence systems as they are already part way in.The internal vulnerability is often linked to other functions rather than IT. For example, Human Resources could impact the security of the system for failing to update the staff member’s job role or access rights. New staff, those moving roles and/or departments, and those leaving the organisation are also a risk to the stability and security of the system. Of these types of changes to staffing, the employees who are changing roles or leaving the organisation are a particular risk: changing a role does not mean it is appropriate to maintain the same level of access as before, and those leaving should also have their access removed at an appropriate time.
External threatsThe external influencers have to work harder to gain access to the information, including hackers gaining access to your systems, criminals stealing information for gain or other motives, cyber spies, etc.
Want to keep
Coventry University online course,
The Cyber Security Landscape
Internal-external threatsInternal-external threats are often perpetrated by people who don’t work for your organisation, but who have some connection with it. They could be the employees of suppliers or partner companies who have a lower level of access to some of your network, but not all of it.One of the high profile cases of cyber crime due to third-party access is that of the US retailer, Target.Target suffered a major data breach in 2013 in which the personal details of up to 110 million customers were stolen. One of Target’s suppliers, a heating and air conditioning company, had access to Target’s computer systems. An employee of that supplier had been spammed with a phishing email which resulted in their login details to Target’s network being stolen.According to reports, the criminals who had stolen the login data were then able to install software on Target’s computer network designed to capture the credit card details of store customers. Target had security systems that should have detected the installation of this software but for some reason it appears that they failed to act when the malicious software was installed. By allowing the heating company to connect to its computer networks, Target made itself more vulnerable to attack.
Your taskConsider your organisation and what vulnerabilities you may be facing internally and externally.This isn’t necessarily a task where you can or should comment here, as the vulnerabilities you may identify amount to a possible security breach. If you think you have identified an area of weakness in your organisation’s digital infrastructure, please notify the individual(s) within your organisation responsible for this activity.
ReferencesHartmann, K., and Steup, C. (2013) ‘The Vulnerability of UAVs to Cyber Attacks – An Approach to the Risk Assessment’. 5th International Conference on Cyber Conflict [online] Tallinn: NATO CCD COE. available from http://ccdcoe.eu/uploads/2018/10/26_d3r2s2_hartmann.pdf [27 August 2019]Maglaras, L., Ferrag, M., Derhab, A., Mukherjee, M., Janicke, H. and Rallis, S. (2018) ‘Threats, Countermeasures and Attribution of Cyber Attacks on Critical Infrastructures’. ICST Transactions on Security and Safety [online] 5 (16), 1-8. available from https://arxiv.org/pdf/1901.03899.pdf [27 August 2019]
The Cyber Security Landscape
Our purpose is to transform access to education.
We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.
We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.