The word 'threat' in information security means anyone or anything that poses danger to the information, the computing resources, users, or data. The threat can be from 'insiders' who are within the organization, or from outsiders who are outside the organization. Studies show that 80% of security incidents are coming from insiders.
Security threats can be categorized in many ways. One of the important ways they are categorized is on the basis of the “origin of threat,” namely external threats and internal threats. The same threats can be categorized based on the layers described above.
External and Internal Threats
External threats originate from outside the organization, primarily from the environment in which the organization operates. These threats may be primarily physical threats, socio-economic threats specific to the country like a country's current social and economic situation, network security threats, communication threats, human threats like threats from hackers, software threats, and legal threats. Social engineering threats like using social engineering sites to gather data and impersonate people for the purpose of defrauding them and obtaining their credentials for unauthorized access is increasing. Theft of personal identifiable information, confidential strategies, and intellectual properties of the organization are other important threats. Some of these physical threats or legal threats may endanger an entire organization completely. Comparatively, other threats may affect an organization partially or for a limited period of time and may be overcome relatively easily. Cybercrimes are exposing the organizations to legal risks too.
Some of the important external threats are illustrated below in Figure 3-2.
Figure 3-2. External threats
Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:
• Weak Security Policies, including:
• Unclassified or improperly classified information, leading to the divulgence or unintended sharing of confidential information with others, particularly outsiders.
• Inappropriately defined or implemented authentication or authorization, leading to unauthorized or inappropriate access.
• Undefined or inappropriate access to customer resources or contractors/suppliers, leading to fraud, misuse of information, or theft.
• Unclearly defined roles and responsibilities, leading to no lack of ownership and misuse of such situations.
• Inadequate segregation of duties, leading to fraud or misuse.
• Unclearly delineated hierarchy of “gatekeepers” who are related to information security, leading to assumed identities.
• Weak Security Administration, including:
• Weak administrative passwords being misused to steal data or compromise the systems.
• Weak user passwords allowed in the system and applications, leading to unauthorized access and information misuse.
• Inappropriately configured systems and applications, leading to errors, wrong processing, or corruption of data.
• Non-restricted administrative access on the local machines and/or network, leading to misuse of the system or infection of the systems.
• Non-restricted access to external media such as USB or personal devices, leading to theft of data or infection of the systems.
• Non-restricted access to employees through personal devices or from unauthenticated networks and the like, leading to data theft.
• Unrestricted access to contractors and suppliers leading to theft or misuse of information including through dumpster diving or shoulder surfing.
• Unrestricted website surfing, leading to infections of viruses, phishing, or other malware.
• Unrestricted software downloads leading to infection, copyright violations, or software piracy.
• Unrestricted remote access leading to unauthorized access or information theft.
• Accidentally deleting data permanently.
• Lack of user security awareness, including:
• Identity theft and unauthorized access due to weak password complexity.
• Not following company policies, such as appropriate use of assets, clean desk policy, or clear screen policy, leading to virus attacks or confidential information leakage.
• Divulging user IDs and/or passwords to others, leading to confidential information leakage.
• Falling prey to social engineering attacks.
• Falling prey to phishing and similar attacks.
• Downloading unwanted software, applications, or images or utilities/tools leading to malware, viruses, worms, or Trojan attacks.
• Improper e-mail handling/forwarding leading to the loss of reputation or legal violations.
• Improper use of utilities like messengers or Skype and unauthorized divulgence of information to others.
• Inappropriate configuration or relaxation of security configurations, leading to exploitation of the systems.
• Entering incorrect information by oversight and not checking it again or processing the wrong information.
• Ignoring security errors and still continuing with transactions, leading to the organization being defrauded.
Some of the important external and internal threats are collated in Table 3-1 for easy reference.
Table 3-1. External and internal threats
External Threats Internal Threats
Physical Threats Human Threats
Natural disasters like cyclones, hurricanes, floods, earthquakes, etc.
Frauds, misuse of assets or information
Fire Errors or mistakes by the employees
Terrorist threats like bombs, hostage situation
Espionage, Shoulder surfing
Hardware destruction Social Engineering by the employees
Physical intrusion Exploitation of lack of knowledge or ignorance of fellow employees
Sabotage Use of weak administrator passwords or passwords of others and gaining unauthorized access
Theft of the assets and Intellectual Property sensitive assets/information
Network Threats Policies not executed or followed
Sniffing or Eavesdropping Improper segregation of duties leading to fraud or misuse
TCP/IP issues like snooping, authentication attacks, connection hijacking
Malware infection threats due to infected media usage or unauthorized software downloads
Spoofing Internal Application Issues
Man in the middle attack Invalidated inputs
Denial of service attacks Misconfigured application leading to errors or wrong processing
SQL injection Inappropriate error or exception handling leading to issues
Exploitation of default passwords
on network equipment being unchanged
Parameter manipulations; Manipulation of Buffer Overflows
Exploitation of weak encryption Unauthorized access
Software Issues Other Issues
Defects leading to errors Unrestricted access to USB leading to pilferage of information
Defects being exploited System or data corruption may be due to power surges, temperature control failure or for other reasons
Malware like Viruses, Worms, Trojans, Back doors
Hardware failure due to malfunctioning
Bots or Botnets Infrastructure like UPS failure due to improper maintenance Invalidated inputs
Authentication attacks Exploitation of misconfigurations
Table 3-1. (continued)
External Threats Internal Threats
Session Management related issues
Inappropriate error handling or exception handling by the applications
Buffer overflow issues
Cryptography wrongly handled by applications
Operating system related issues – security flaws in the operating system
Attack by hackers/man in the middle Blackmail, extortion
Note: The legal requirements pertaining to information and communication can lead to closure of the organization or huge penalties