Abstract
This white paper would help you to
understand how unsafe internet surfing and malicious insiders fetch data
security risks. Employees are unaware of online dangers stirring from their
usual web surfing at work and hackers/outsiders gamely wait for web users to
click the malicious links set up by them on various websites, this helps them
to infect users PC and gain and allow them to access users PC and take over
the control. Another threat we have talked about is Insider threat, which is
even more dangerous because the data is accessible to them, to which they
misuse or steal for personal gains or grudges. The outsider and insider attack
eventually put the companies into financial losses, sensitive information
loss, and image damaging media attention.
Contents
Data attacks and data theft protection
The internet is one of the
world's greatest inventions with the great amount of information and knowledge
available with just a few taps on the keyboard. Website surfing is not only
accumulating information for you, but it’s also accumulating threats, malware,
Virus and other web threats every time you inappropriate content and website.
These malicious websites may infect your PC and get you into problems.
The reports and surveys amass
the data on employees surfing internet at work and spending valuable productive
time on surfing non-work related websites. Online threats due to cyber loafing
have increased the number of incidences of network and password hacking, virus,
malware and malicious software infected user’s computer.
There is a world of web
threats which can damage individuals or organizations. Web threats are malware
programs that take place while using surfing internet. Cybercriminals get the
benefits by stealing information and infecting the PC.
Cyber strolling at work can
cost huge financial and data loss, which can put an organization into legal
complications down the line. Out of all time wasting activities at work,
employees spend the most time on internet surfing. Every day numbers of cyber
crimes and attacks are increasing and taking place in bulk. Kaspersky Lab data
shows the number of browser-based attacks in 2012 was 1,595,587,670.
Internet users visit malicious websites without realizing that they are
inviting risks to their computer and data security.
Social
networking sites are like second nature when it comes to communication and
expressing feeling. Sharing photos, videos, and important information on social
networking accounts are the best. Are your photos and personal information
safe? Employees at work, surf social networking sites quite often. In 2013, 87%
of the web user population had used Social networking. 66% of users access it
from their PC and the other 34% access it from their mobile devices.
Clickjacking
Clickjacking is a combination
of two words - Click and Hijack, which it meant by mere clicking, access to
control a computer gets into the hands of hackers. Users are tricked by
clickjackers with a link is installed on to the website, which looks authentic
and once the user click the link, the malicious activities start and it gets
into the user’s PC to take control of PC. This allows to remotely access
computer files which can be misused by hacker for personal gains. Social
networking sites, online shopping websites, and online news sites are targeted
by hackers to post links to share, update or to get freebies.
Software Download
In 2012, 3782 vulnerabilities
were discovered out of which 1290 were high risk per the National Institute of
Standards and Technology, National Vulnerability Database. One of the biggest threats
to security is the application and software download at operating systems.
Opening malicious websites or downloading PDF or suggested software such as
Flash drive, Adobe reader or Flash or Oracle Java are some of the software to
exploit user PCs. Employees visit websites at work and end up visiting
malicious websites or pages unintentionally or follow instructions to download
software or click PDF to open.
Malware-Hosting Sites
As per a report, pornography
downloaded at work has been reported by 80% of companies. 70% of all Internet
porn traffic occur during the 9-5pm work day. Therefore, employees at work,
visit porn websites the most. Malware-hosting sites use porn to lure and direct users to
download code or software to view the videos, which in reality is a piece of
malware disguised as a code. Once the video codecs are installed, the concealed
malware succeeds in entering into the user’s computer to infect with malware.
Employees without realizing
the danger of opening mail and clicking mentioned links in the email from the
unknown sender. Phishing attacks are made to get sensitive information like
bank credentials, passwords, and usernames. Phishing attacks are performed by
hacker by sending mail which looks trustworthy and genuine, which suggests to
them to click links or download attachments and later asks for usernames and
passwords to proceed further. Sometimes fake mails stating ‘make money’,’
lottery won’ or information required for security reasons. Such mails trick
innocent and unaware users to release confidential information.
Risks of Web Threats
Employees surfing the
internet at work put company security into risk. Symantec and the Ponemon
Institute conducted a survey which revealed 53% employees don’t believe their
web surfing can risk company data security. Internet surfing at work not only
drains productive hours, but put company’s security into danger. In 2013, 253
data breach incidences were reported by Norton and a total number of incidences
exposed 552,018,539 breaches.
Data breach can cost huge
amounts, it not only cost money but brings negative media attention, which
directly impacts customers' and clients' trust. It risks the business
efficiency and effects the position in business competition. The average cost
of data breach incidences cost on average $130-136 per incidence. Data breach incidences
attract litigation against the company for not keeping data safe. The market
value of the organization goes at stake. Companies have extremely confidential
information of client’s customers, including bank details, financial
information, social security information etc. such data theft may put the
company into a bankrupt state.
Data security is the top
priority and most critical to safeguard, in fact the existence of a company
relies on keeping their own and customers’ data safe and secure. Employees
surfing the internet and visiting sites, clicking links, downloading documents
or PDF are major loopholes in the data security. Employees unknowingly give PC
access to hackers. Dangerous virus and malwares infect the computers and take
all the stored information. Later this data is misused for their personal gain
and profit.
Insiders play major roles in
data attack activities. Intentional and unintentional Insider threats are very
important to take under control. These insiders are employees, and employees
have access to client information as well as to the company’s confidential
information. As per CERT, data theft by insiders is carried for their personal
gains, trade secrets, personal identification information and customer
information. Now cloud based storage services are provided online accounts to
migrate corporate data into their personal accounts. In a few seconds employees
can move their hard drive information into their personal cloud accounts, IT
teams find it difficult to stop this ongoing data theft.
Data theft and data attack
are the top priority of organizations, but how do they combat these serious
offenses? Dealing with insiders and outsiders is very important and urgent
requirement. There are many anti-virus, anti-spyware, anti-malware, and
firewall protection, but these can’t stop data theft by insiders, their
personal cloud folders and personal emails allow them to transfer company
confidential information. Data theft and attack can be controlled by blocking
websites and filtering content. This prohibits unwanted surfing of the
internet, where hackers wait for their prey to conduct fraud and infect a PC to
steal information for their personal benefits. Data theft can be controlled by
employee PC Monitoring, which allows recording activities and viewing in-depth
PC activities.
Data Theft: A serious security risk
Data theft at organizations
is a grave issue and a major security risk as per several IT professionals. In
a recent study by Verizon Data Breach Investigations Report 2014, states Local
area network (LAN) access as the top form of insider threats/misuse (71%). An
insider threat is defined as a current or former employee, contractor, or other
business partner who has or had authorized access to an organization's network,
system, or data and intentionally misused that access to negatively affect
confidentiality, integrity, or availability of the organization's information
or information systems as per CERT.
RSA Conference 2008 submits a
report on insider threats, in which the reason behind thefts, business loss and
the ways data is stolen, is explained. The malicious insider is who misuse or
steals the data for personal gains or to sabotage the organization. There are
specific types of insider threats experienced by various organizations:
· Unauthorized access.
· Theft of IP.
· Theft of other information.
· Fraud.
The information theft or
modification is done by insiders for many other reasons such as financial
gains. For financial gains insiders steal customer information, personally
identifiable information and trade tricks, the act is performed during working
hours using unauthorized access. These employees download Information or data
into their personal accounts, emails, via malicious code, or take printouts.
Unintentional Insider Threats
As per CERT, unintentional
insider threats to data security are at 40%, which means employees unknowingly
put the company's security at risk. Unintentional insider threat is defined as
a current or former employee, contractor, or other business partner who has or
had authorized access to an organization's network, system, or data and through
action or inaction without malicious intent unwittingly cause harm to the
confidentiality, integrity, or availability of the organization's information
or information systems.
A total of 11,698 incidences
were reported, the motive of insiders behind data theft is financial (72%),
Espionage (18%), Grudge (10%), Convenience (4%) and Fun (3%). As per The
Recover Report, Mishcon de Reya, the two most common scenarios involve insiders
taking data are 1) To start their own competing company (30%), 2) To help
secure employment with a rival (65%). The CERT Insider Threat Center has
brought to notice that more than 70% of IP theft is carried out by insiders
within 30 days of announcing their resignation.
Desktops are the most
important and valuable asset and most regularly compromised asset as well.
Insiders attack desktops because it has the stored data and information of
clients, organizations, copying data by using removable disks or copying data
to their cloud accounts. Desktops are the most affected asset within insider
misuse 26% of data theft by insiders is carried via computers.
Cloud based services are file
hosting services that allow sharing files and storing data on an online server.
Some popular services are Dropbox, Box, SkyDrive, Google Drive and Octopus.
Employees download and install these services and store confidential data which
can be accessed from anywhere and anytime. IT professionals believe cloud based
storage services are the biggest threat to security. If employees intentionally
or unintentionally store data in their personal accounts, they could fall under
the data breach or security breach activity. Sharing files with cloud based
services is very easy, one just needs to share a link and that can be accessed from
any browser.
Content Filtering and User PC monitoring: the Solution
Content filter is very
important to companies because malicious websites and unwanted content surfing
bring threats to data security. Companies provide unrestricted internet to
their employees, this encourages employees to access for their personal
reasons. The non-work related internet surfing during working hours not only
kills productivity, but also weakens the information security system of the
organization. Malware and virus writers put up malicious links on social
networking websites or torrents to download, which brings up the virus, malware
and damages the company network. Data attacks by internet based threats are
growing rapidly year by year.
It’s critical to halt the
intrusion of malware, virus, scareware and many other issues occurring due to
non-work related surfing at work. Content filtering is a tool to blacklist
unwanted websites and inappropriate content for the process or organization,
now next time when an employee tries to visit the blacklisted websites, content
filtering tool will deny the access. The risk of web threats can be mitigated
by the increased adoption of content filtering solutions at work.
Risks attached to application
downloads can now be minimized by smart and modern content filtering
applications. Application Filters permit users to block unwanted applications.
This would help in curtailing data attacks due to malware or virus infecting
PC.
Social Network Filtering is
crucial at work as well. Hackers, malware and virus writers are rigorously
working to enter organizations point of network to steal information. For this
they are phishing employees by updating comments and links on social networking
sites and allure them to like or share the link. The hidden virus in the simple
link gives access to the hackers to take control of the PC which has sensitive
information. Therefore, it’s important to prohibit social networking sites at
work.
User PC Monitoring: An advanced Solution
Monitoring employee PC
activities is an effective way to control the ongoing data theft and data
attacks to network security. User PC monitoring allows to view the activities
performed on user PC, which means employers can view websites visited, view
chat conversation, downloads, and documents saved. Employees can remotely
record the monitor and capture screens. By viewing employees' PCs one can keep
data attacks and data theft incidences under control.
Tech savvy employees have
ways to visit even restricted websites covertly without leaving trails behind
to be caught by their managers. Even after filtering websites and denying the
access, still employees can visit unauthorized websites by using web proxies. The
proxy makes content available on the internet secretly, therefore employees can
go to websites which many harm network or computer. Data in such cases is not
safe and secure. Content filtering is not the standalone solution to prevent
data theft and data attack risks.
Cloud Services
There are numerous cloud
services, so if famous and popular services are even blocked employees have
several other cloud services in the market for free cloud accounts. As we have
discussed 70% of employees have personal accounts at work to store official data.
Many unintentional insider threats also store data into cloud based storage
services and fall prey to hackers, scammers and insider threat. These unaware
acts of data breach by non malicious insider also pose the same threat to the
information security which malicious intenders’ pose. Hence it becomes
important to know your employees’ desktops.
Unblocked Website Surfing
By blocking various
categories, which may risk security, leaves employees with an option to surf
unblocked and unfiltered websites to suffice their internet addiction.
Employees surf available websites and content on the internet without realizing
that these websites can also bring cyber threats and risks to security. There
are many innocent websites which are targeted by hackers. The simple and
genuine looking links, button, or PDF’s have hidden virus encrypted codes to
infect the users PC which allows fetching data stored from the employee
desktop. The data breach cost per incidence bring huge financial loss and
attracts lawsuits files against company for data breach compensation. Hence
network security is the most important and critical part of the business.
Monitor Employee PC activities
Employees are the interface
of the company, a very important and critical source who carry their work using
assets such as desktops, laptops and more. Sensitive and confidential data are
available to them; therefore data security becomes vulnerable. Increasing web
based threats have obscured IT data breach preventions. Content Filter and web
blocking are a good attempt to halt the invasion of virus or malware from
malicious websites into PCs, but they are unable to protect the information
security internally. Yes, the insider threat of data theft by removable disk or
cloud services. Many safe and unblocked websites have malicious links, which
prompt users to click or download genuine software like Adobe Flash or PFD
downloads, but the hidden malicious viruses or malware enters the PC and take
control of a user's PC to hack data.
Employee LAN Monitoring tools
assist in viewing the employees' PC, and completely broadcast the employees’ PC
activities. Standing over shoulders or auditing employees PC activity everyday
to view PC activities and software downloads is not possible or a good idea.
Therefore, it’s advised to enable user PC activity monitoring; this allows
employers to view activities of all the employees.
Employee PC activity
monitoring tools help employers in knowing how much time employees are spending
on work related activities. What all websites they are surfing, employers can
view the live screen of employees PC, in case the employer or manager suspect
employee’s action, the freeze mouse option gives power to freeze employee’s
mouse instantly to avoid security risk and threats.
Application and software
download check employees PC to avoid the data theft incidences by insider
threats, such software and downloads are threat to data security. The employer
can remotely access employees PC and uninstall unwanted and unsafe downloads
and applications. Monitoring tool gives insight of all activity such as log
in/log out from the PC, documents saved, web pages, websites visited, temporary
history, Open ports, email activities, IM/Chat conversation and more.
The activity logs provide the
in-depth details of various activities, gives base data to prepare reports to
identify data theft and data attack activities in the company. This helps in
identifying the holes in network security and helps in building policies and
awareness programs for employees.
No comments:
Post a Comment