Are IT security people defending against the wrong enemy? asks the training body SANS. It is easy, while evaluating attack vectors, researching competitors and gauging the threat from organised crime or foreign adversaries, to conclude that external attacks should be the primary focus of defense. This conclusion would be wrong. The critical element is not the source of a threat to IT and industrial control systems, but its potential for damage, according to the foreword of a SANS paper.
Some 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced. And nearly half (49 percent) said they were in the process of developing a formal incident response plan with provisions to address insider threat. As the paper warns, survey results are promising in that they indicate organisations recognise insider threat as the most potentially damaging. Interestingly, there is little indication that most organisations have realigned budgets and staff. SANS suggests that a bigger threat is the accidental insider; a legitimate user whose log in has been stolen or who has been manipulated into giving an attacker access through other means.
Comment
Edgard Capdevielle, CEO of Nozomi Networks, says: “No-one wants to believe that an employee would act maliciously but trust isn’t a strong enough security defense. Mistakes can happen too and when it comes to ICS and critical infrastructure, security measures must not be built on blind faith. Technological advances now enable real-time monitoring and early detection of potential attacks to industrial operations, offering new weapons to combat escalating cyber threats – regardless of who is behind them, or whether they’re motivated by malice or mistake.”
For the 23-page survey in full visit https://www.sans.org/reading-room/whitepapers/awareness/defending-wrong-enemy-2017-insider-threat-survey-37890.
