As a result of the onslaught of various computer attacks, enterprises have invested millions of dollars in securing their computer networks. Computer attacks can be classified into two broad categories namely, external or remote attacks and internal or user-based attacks. External computer attacks are the ones that make the headlines. Such attacks are planned and executed by remote cyber-criminals that do not belong to the network being attacked. Initiators of external security breaches sometimes do not have a specific target--they just seek to wreck havoc.
Other perpetrators represent established organizations or nation states, and typically have a clear target and a clear mission. External attackers are limited in the size and scope of their damage. This is because they do not have insider knowledge about the networks that they seek to infiltrate. In the cyberworld, the more knowledge an attacker has about the target, the more collateral damage can be done. Fortunately, most of the time companies do a good job of concealing this insider knowledge from the potential external dangers.
On the other hand, company insiders who are supposedly trusted by their employers to use their computer networks for authorized purposes are the root-cause of internal attacks. Internal security breaches are more difficult to detect because there are hardly ever any trace marks that leave a trail of the security breach. Internal security breaches are far more costly than external security breaches.
This is because the insider employee will know exactly what he is looking for, and exactly where it can be found. In addition, the insider will be able to easily gain access to that information because they are deemed to be trustworthy--making matters worse!
One example of such a breach is an employee in a bank who steals credit card information from a computer in order to sell it onto other parties. Another example might be a government employee carrying out cyber-espionage--leaking operational secrets from classified computer systems to foreign nation-states.
These breaches never go detected; therefore the damage costs cannot be calculated. Companies should look to add new sophisticated technologies to their cyber-fortress walls to address the insider threat. Afterall, aren't internal security breaches the most damaging?