Common Internal Cyber Threats to Organisations
Summary
TLDRThis video script discusses both external and internal cybersecurity threats to organizations. While external threats like malware and hacking are commonly acknowledged, internal threats, often stemming from employees or trusted insiders, can be equally dangerous. The script outlines various internal risks, including unintentional data disclosures, misuse of portable devices, data leaks, and human errors like bypassing security measures. It emphasizes the difficulty of defending against insider threats due to their knowledge of company systems and the need for effective preventive measures, such as blocking untrusted websites and controlling access to external storage devices.
Takeaways
- 😀 External threats to cybersecurity include attacks like malware, hacking, and botnets, but they are not the only risks organizations face.
- 😀 Internal threats, often harder to mitigate, arise from insiders who have knowledge of the organization's systems and vulnerabilities.
- 😀 A significant portion (27%) of cybersecurity attacks are caused by current employees, according to the 2018 PWC survey.
- 😀 Unintentional disclosures of information, such as sending emails to the wrong person or losing devices, are common and can lead to cybersecurity risks.
- 😀 Human errors, like visiting untrustworthy websites or deleting important data, can also open the door for cyberattacks.
- 😀 Employees often overlook security measures, which can create vulnerabilities, such as leaving doors open or ignoring security protocols.
- 😀 Portable storage devices (e.g., USB flash drives) can be used to bring malware into the organization or steal sensitive data.
- 😀 Banning or restricting portable storage devices can help mitigate the risk of malware and data theft in organizations.
- 😀 Employees may intentionally leak information or steal it for financial gain, revenge, or other malicious purposes.
- 😀 Bypassing or disabling security controls (e.g., turning off firewalls or leaving doors open) is a deliberate action that can create security holes.
- 😀 Preventative measures, like encryption, employee training, and blocking untrusted websites, can help reduce the risk of internal cybersecurity threats.
Q & A
What are external threats in cybersecurity?
-External threats are cyber threats that originate outside the organization, such as man-in-the-middle attacks, malware, hacking, and botnets. These are often the most dominating types of cyber risks.
Why are internal threats harder to protect against than external ones?
-Internal threats are harder to protect against because they involve insiders who have knowledge of the organization's systems and security measures. These insiders are trusted employees who may unintentionally or deliberately exploit weaknesses in the system.
What was the finding of the 2018 PWC survey on cybersecurity attacks?
-The 2018 PWC survey found that 27% of all cybersecurity attacks were carried out by employees who were currently working for the organization, highlighting the significant role of internal threats.
What is an unintentional disclosure of information?
-An unintentional disclosure occurs when sensitive information is accidentally shared, such as sending an email to the wrong recipient or losing a device containing confidential data. These disclosures are typically caused by human error rather than malicious intent.
What are examples of unintentional information disclosures by employees?
-Examples include sending important information to the wrong person, losing a device or sensitive documents, or deleting important data by mistake. These incidents are typically caused by carelessness or lack of attention.
Why are portable storage devices considered a security risk in organizations?
-Portable storage devices like USB drives and external hard drives pose a security risk because they can carry malware into the organization or facilitate the unauthorized transfer of sensitive data out of the company. Employees might bring in infected devices or covertly steal information.
What is one way organizations can prevent security risks from portable storage devices?
-Organizations can prevent risks by banning the use of portable storage devices and blocking USB ports to prevent unauthorized access or data transfer.
How can an employee unintentionally cause a cybersecurity breach by visiting untrustworthy websites?
-An employee may unknowingly visit websites that contain malware or phishing attempts, leading to malware being downloaded onto the organization’s network. These sites often have fake advertisements or malicious downloads that are easy to fall for.
What is the risk associated with employees overriding security controls?
-Employees may override or disable security controls, either intentionally to facilitate their own actions or unintentionally due to frustration. This could leave systems vulnerable to attacks, such as bypassing door security measures or disabling antivirus programs.
What are the consequences of employees leaving passwords unsecured?
-When employees write down their passwords and leave them in unsecured places, it can give attackers an easy way to access sensitive systems or information. This may happen either due to negligence or difficulty in remembering complex passwords.
Outlines
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowMindmap
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowKeywords
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowHighlights
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowTranscripts
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowBrowse More Related Video
Environmental Scanning Techniques , SWOT, ETOP, PESTEL, QUEST, business environment, micro and macro
MK Organisasi dan Manajemen Bisnis - Lingkungan Bisnis
External and Internal Validity
SWOT & PESTEL Analysis HD
Mewaspadai Ancaman Terhadap Kedudukan NKRI | PKn Kelas XI
Código Fuente #02 | Ferrovial - Juan Cobo & Dimitris Bountolos | #CódigoFuente
5.0 / 5 (0 votes)
