Security Threats

The word 'threat' in information security means anyone or anything that poses danger to the information, the computing resources, users, or data. The threat can be from 'insiders' who are within the organization, or from outsiders who are outside the organization. Studies show that 80% of security incidents are coming from insiders.

Security threats can be categorized in many ways. One of the important ways they are categorized is on the basis of the “origin of threat,” namely external threats and internal threats. The same threats can be categorized based on the layers described above.

External and Internal Threats

External threats originate from outside the organization, primarily from the environment in which the organization operates. These threats may be primarily physical threats, socio-economic threats specific to the country like a country's current social and economic situation, network security threats, communication threats, human threats like threats from hackers, software threats, and legal threats. Social engineering threats like using social engineering sites to gather data and impersonate people for the purpose of defrauding them and obtaining their credentials for unauthorized access is increasing. Theft of personal identifiable information, confidential strategies, and intellectual properties of the organization are other important threats. Some of these physical threats or legal threats may endanger an entire organization completely. Comparatively, other threats may affect an organization partially or for a limited period of time and may be overcome relatively easily. Cybercrimes are exposing the organizations to legal risks too.

Some of the important external threats are illustrated below in Figure 3-2.

Figure 3-2. External threats

Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:

• Weak Security Policies, including:

• Unclassified or improperly classified information, leading to the divulgence or unintended sharing of confidential information with others, particularly outsiders.

• Inappropriately defined or implemented authentication or authorization, leading to unauthorized or inappropriate access.

• Undefined or inappropriate access to customer resources or contractors/suppliers, leading to fraud, misuse of information, or theft.

• Unclearly defined roles and responsibilities, leading to no lack of ownership and misuse of such situations.

• Inadequate segregation of duties, leading to fraud or misuse.

• Unclearly delineated hierarchy of “gatekeepers” who are related to information security, leading to assumed identities.

• Weak Security Administration, including:

• Weak administrative passwords being misused to steal data or compromise the systems.

• Weak user passwords allowed in the system and applications, leading to unauthorized access and information misuse.

• Inappropriately configured systems and applications, leading to errors, wrong processing, or corruption of data.

• Non-restricted administrative access on the local machines and/or network, leading to misuse of the system or infection of the systems.

• Non-restricted access to external media such as USB or personal devices, leading to theft of data or infection of the systems.

• Non-restricted access to employees through personal devices or from unauthenticated networks and the like, leading to data theft.

• Unrestricted access to contractors and suppliers leading to theft or misuse of information including through dumpster diving or shoulder surfing.

• Unrestricted website surfing, leading to infections of viruses, phishing, or other malware.

• Unrestricted software downloads leading to infection, copyright violations, or software piracy.

• Unrestricted remote access leading to unauthorized access or information theft.

• Accidentally deleting data permanently.

• Lack of user security awareness, including:

• Identity theft and unauthorized access due to weak password complexity.

• Not following company policies, such as appropriate use of assets, clean desk policy, or clear screen policy, leading to virus attacks or confidential information leakage.

• Divulging user IDs and/or passwords to others, leading to confidential information leakage.

• Falling prey to social engineering attacks.

• Falling prey to phishing and similar attacks.

• Downloading unwanted software, applications, or images or utilities/tools leading to malware, viruses, worms, or Trojan attacks.

• Improper e-mail handling/forwarding leading to the loss of reputation or legal violations.

• Improper use of utilities like messengers or Skype and unauthorized divulgence of information to others.

• Inappropriate configuration or relaxation of security configurations, leading to exploitation of the systems.

• Entering incorrect information by oversight and not checking it again or processing the wrong information.

• Ignoring security errors and still continuing with transactions, leading to the organization being defrauded.

Some of the important external and internal threats are collated in Table 3-1 for easy reference.

Table 3-1. External and internal threats

External Threats Internal Threats

Physical Threats Human Threats

Natural disasters like cyclones, hurricanes, floods, earthquakes, etc.

Frauds, misuse of assets or information

Fire Errors or mistakes by the employees

Terrorist threats like bombs, hostage situation

Espionage, Shoulder surfing

Hardware destruction Social Engineering by the employees

Physical intrusion Exploitation of lack of knowledge or ignorance of fellow employees

Sabotage Use of weak administrator passwords or passwords of others and gaining unauthorized access

Theft of the assets and Intellectual Property sensitive assets/information


Network Threats Policies not executed or followed

Sniffing or Eavesdropping Improper segregation of duties leading to fraud or misuse

TCP/IP issues like snooping, authentication attacks, connection hijacking

Malware infection threats due to infected media usage or unauthorized software downloads

Spoofing Internal Application Issues

Man in the middle attack Invalidated inputs

Denial of service attacks Misconfigured application leading to errors or wrong processing

SQL injection Inappropriate error or exception handling leading to issues

Exploitation of default passwords

on network equipment being unchanged

Parameter manipulations; Manipulation of Buffer Overflows

Exploitation of weak encryption Unauthorized access

Software Issues Other Issues

Defects leading to errors Unrestricted access to USB leading to pilferage of information

Defects being exploited System or data corruption may be due to power surges, temperature control failure or for other reasons

Malware like Viruses, Worms, Trojans, Back doors

Hardware failure due to malfunctioning

Bots or Botnets Infrastructure like UPS failure due to improper maintenance Invalidated inputs

Authentication attacks Exploitation of misconfigurations


Table 3-1. (continued)

External Threats Internal Threats

Session Management related issues

Inappropriate error handling or exception handling by the applications

Buffer overflow issues

Cryptography wrongly handled by applications

Parameter manipulations

Operating system related issues – security flaws in the operating system

Human Threats

Social engineering

Attack by hackers/man in the middle Blackmail, extortion


Compliance Threats

Note: The legal requirements pertaining to information and communication can lead to closure of the organization or huge penalties

Next >