Blog post

Internal or external threats, who threatens more?

by Danka Mihailovic
There is an ongoing debate in the cybersecurity world on what kind of threats and actors can jeopardize the company’s security more. While both threats - internal and external, are recognized as important and potentially devastating, they create very different security requirements.
Internal threats
In 2017. Snap Inc., the company famous for its Snapchat app was targeted in a phishing attack by a cheat pretending to be Evan Spiegel, the company’s CEO. The company stated that a single person was to blame for emailing the attacker payroll information of around 700 employees.
On a higher level, internal security vulnerabilities can affect millions of people. Maybe the most striking example comes from the credit - reporting giant Equifax which exposed sensitive financial information of nearly half of the US population. The huge data breach was caused by a series of errors inside the company -  failing to keep software up to date and lacking internal controls.
The internal threats come from within the organization mostly when cyber-criminals attain the credentials of an employee or admin and gain access to the network. In some cases, a data breach can be caused by malicious employee or ex-employee, but often come as a result of negligence or accidental mistakes.
According to an Insider Threat report by Cybersecurity insiders, experts view phishing attempts as the biggest vulnerability while the other threats include weak/reused passwords, unlocked devices, bad password sharing practice, and unsecured WiFi networks. The main enabling risk factors include too many users with excessive access privileges, an increasing number of devices with access to sensitive data, and the increasing complexity of information technology.
Shred-it’s 2018 State of the Industry Report also identified employee negligence as a major security concern for U.S. businesses and that the risk of a data breach is higher when employees work remotely. Workers continue to turn to pen and paper to take confidential business notes and they are often losing computers and mobile devices or leaving them vulnerable to theft.
The newest 2019 Verizon Data Breach Investigation Report which aggregate data only from confirmed breaches showed that 34% of data leaks involved internal actors. That percentage should be taken seriously, but it’s hard to overlook the fact that 69% of attacks were perpetrated by outsiders. According to the same report, the only field of business which had the majority of breaches being associated with internal actors is healthcare.
External threats
Internal threats have the potential to make harm to companies, but the external attackers in most cases take advantage of those vulnerabilities and make the final damage to the company. Even when the company’s staff is fully trained and the possibility for human errors is minimized, that won’t stop malicious attackers from trying to break in.
In late 2018. British Airways was hacked. Financial and personal data from around 380.000 BA customers have been stolen and it is believed to be the work of Magecart, a cybercriminal operation. This group became infamous for injecting card skimming script into e-commerce domains and extracting confidential data.
External hackers are looking for a way to gain access to your site, software or network. The most common types of cyber attacks include DDoS (distributed denial of service), malware, man-in-the-middle-attacks, and phishing.  
Unlike the majority of data breaches that are caused by internal actors, outsider attacks don’t happen by accident. Attacks are intentional and mostly financially motivated (71%) or with the aim of gaining a strategic advantage (25%).
It’s not always a black and white situation
Quantitatively, the minority of major breaches can be called insider breaches, but those numbers shouldn’t be taken for granted. The source of the greatest risk for the company comes from the insiders as they often access sensitive information without evidence of intrusion. These vulnerabilities are harder to detect. Having the best technology sometimes won’t keep your business safe if you are having a malicious or negligent insider.
Both threats are equally devastating and shouldn’t be roughly separated when thinking about necessary security measures. Grey areas exist, meaning that it’s not always easy to determine if a data breach was caused by insiders or outsiders. If an external cybercriminal organization wanted to gain access to the company’s network and bribed an employee to provide a password, then it’s not a black and white situation. Both, internal and external actors, are to blame for causing a data breach. To keep the outsiders OUT, the company needs to keep the insiders IN.
However, these threats create very different security requirements. Minimizing internal threats means continuous staff training and implementation of rigorous security procedures. Outsiders can be successfully mitigated by adopting cyber policies which are more question of proper IT and software solutions and periodic vulnerability assessment.
Security is more of an ongoing and repeating process rather than a one-time solution. The worst thing the company can do when protecting its business is to underestimate or overestimate any of these threats.


Want to team up with Abstract?

Reach out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.