Securing the Endpoints: The 10 Most Common Internal Security Threats
Who’s gaining access to your internal network? New criminal tactics and new kinds of malware are probing networks for vulnerabilities—and increasingly, finding them. We identify the top candidates for security breaches inside your own company.
Tue, June 19, 2007
CIO — A recent buzzword in security is endpoint: any device that can connect to the corporate network, ranging from a desktop workstation to a laptop, PDA or even cell phone. As the number of endpoints increases, firewalls and antivirus software are no longer adequate protection.
New tactics by criminals and new kinds of malware are probing networks for vulnerabilities. And increasingly, they are finding them.
Fundamentally, experts say, endpoints are receiving more attention because of a sea change in the way computer networks are attacked.
In any attack, the first step is to get inside the organization’s security perimeter. Traditionally, that has been done through an external threat, such as an infected e-mail message. Although there are still plenty of virus-laden e-mails, they are becoming less effective as attack vectors.
“Generally, security companies have done an excellent job on external threats,” says Bill Piwonka, vice president of product management at Centennial Software, a maker of security software and sponsor of the blog WatchYourEnd.com.
One result is that e-mail viruses are becoming less effective. “From January 2006 to January 2007, the rate of infected e-mails fell from about one in 40 to one in 330,” says Ron O’Brien, a senior security analyst at security software maker Sophos. “As a vector for infection, e-mail has declined.”
“In the past,” Piwonka says, “the greatest threats were from outside, through the Internet or e-mail. Now you’ve got hackers and malicious intent of people trying to gain access to organizations in other ways. They are looking at ‘where are the other points of vulnerability for our systems and data?’”
Says O’Brien, “The average user has become educated enough not to click on an attachment in unsolicited e-mail. So malware writers have shifted means of distributing viruses, Trojans and worms.” Much of that activity has focused on steering people to infected websites, but a growing percentage involves other kinds of threats, such as phishing. According to Kaspersky Labs’ Viruslist.com, as of January 2007, phishing attacks were more common than viruses in e-mail messages.
However, an increasing number of attacks are attempting to bypass the firewall and antivirus programs by coming at the corporation from unsecured angles. While external threats are as virulent as ever and need to be guarded against with firewalls and other defenses, it is more important to pay attention to internal weaknesses.
“The fact there are now so many pluggable devices absolutely creates new areas of exposure,” says Piwonka.
Of course, internal and external threats can work synergistically. For example, peer-to-peer networks are an internal problem, because they are deliberately installed on corporate systems, but they are a threat because they can be exploited externally to breach security.