Internal Security threats in Information System - threat protection at all stages of the chain
Session
Information Systems
Description
External threats are threats that come from outside the organization, where they are usually carried out by hacktivists from other countries, even competition. Common methods include ransomware, phishing attacks and hacking.
Insider threats originate from the organization itself and are usually carried out by a current or former employee, a contractor, a business associate, etc. Insider attacks can be malicious or unintentional. Common types of insider threats include unauthorized data transfer, abuse of employee privileges, and data sharing.
Insider threats have been a concern for organizations for a long time, but with digitalization and the growth of the network, they have become even more prevalent. Over the years, some of the largest and most expensive data breaches were caused by insider actors. The Tesla data theft case, which involved large amounts of highly sensitive data being transferred to unknown third parties by a malicious insider, clearly illustrates the danger of insider threats. Similarly, Suntrust Bank suffered a data security breach caused by an employee who stole the records of 1.5 million customers.
The goals of this paper are to identify vulnerabilities that consist of vulnerabilities in a system that can be exploited by attackers that can lead to dangerous impact.
This paper seeks to provide clarity on the different types of insider threats you should be aware of and the controls and processes that can be used to protect against them.
Keywords:
Data, Internal Data Security, Internal Threats, Protection from Data Security Threats, etc.
Proceedings Editor
Edmond Hajrizi
ISBN
978-9951-550-50-5
Location
UBT Kampus, Lipjan
Start Date
29-10-2022 12:00 AM
End Date
30-10-2022 12:00 AM
DOI
10.33107/ubt-ic.2022.106
Recommended Citation
Shabani, Amet and Rushiti, Fatos, "Internal Security threats in Information System - threat protection at all stages of the chain" (2022). UBT International Conference. 107.
https://knowledgecenter.ubt-uni.net/conference/2022/all-events/107
Internal Security threats in Information System - threat protection at all stages of the chain
UBT Kampus, Lipjan
External threats are threats that come from outside the organization, where they are usually carried out by hacktivists from other countries, even competition. Common methods include ransomware, phishing attacks and hacking.
Insider threats originate from the organization itself and are usually carried out by a current or former employee, a contractor, a business associate, etc. Insider attacks can be malicious or unintentional. Common types of insider threats include unauthorized data transfer, abuse of employee privileges, and data sharing.
Insider threats have been a concern for organizations for a long time, but with digitalization and the growth of the network, they have become even more prevalent. Over the years, some of the largest and most expensive data breaches were caused by insider actors. The Tesla data theft case, which involved large amounts of highly sensitive data being transferred to unknown third parties by a malicious insider, clearly illustrates the danger of insider threats. Similarly, Suntrust Bank suffered a data security breach caused by an employee who stole the records of 1.5 million customers.
The goals of this paper are to identify vulnerabilities that consist of vulnerabilities in a system that can be exploited by attackers that can lead to dangerous impact.
This paper seeks to provide clarity on the different types of insider threats you should be aware of and the controls and processes that can be used to protect against them.