The 10 Most Common Internal Security Threats

The 10 Most Common Internal Security Threats

Who’s gaining access to your internal network? New criminal tactics and new kinds of malware are probing networks for vulnerabilities — and increasingly, finding them. We identify the top candidates for security breaches inside your own company

Of course, internal and external threats can work synergistically. For example, peer-to-peer networks are an internal problem, because they are deliberately installed on corporate systems, but they are a threat because they can be exploited externally to breach security.

And there are a lot of vulnerabilities.

"In 2006 we did a survey of 30 customers of different sizes, from a few hundred workstations to tens of thousands of workstations all around the world," says Amir Kolter, CEO of security software vendor Promisec. "That was almost 200,000 endpoints."

According to Kolter, the results were depressing. "All of [the customers] had internal threats," he says. "The total number of threats was higher than we ever expected." In addition, the number of companies with a given vulnerability was often much higher than the percentage of computers showing that vulnerability. Thus, says Kolter, while only 4 percent of the total endpoints surveyed had peer-to-peer software installed, 22 percent of the companies surveyed had one or more endpoints with this vulnerability.

While the percentages of computers with problems may seem low, keep in mind that it takes only one vulnerable computer in an organization to compromise the entire network.

Some of what Promisec found were the old vulnerability standbys: versions of Windows without the latest patches, antivirus software that needed signature files updated, and so on. However, some of the endpoint threats Promisec found were less traditional, and less obvious.

Promisec found 10 major areas of problems. Not all the companies had all the problems, but all of them had at least one. In some cases the endpoint threat could be completely eliminated, such as computers without the latest security updates. In others, such as unsecured USB devices, the solution is to control the vulnerability, typically with software-enforced policies.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about BillCentennial SoftwareEndPointsExposureGartnerGartnerKasperskyMicrosoftSophosYankee Group

Show Comments