Note : From IT Security Discussion Forum, and this is their answers.
Is internal security as important or more important than external?
Anyone have a strong opinion?
Internal fraud affects every organisation, but how it is managed varies significantly from business to business. Getting a handle on fraudulent staff behaviour requires collaborative input from multiple functions including…
Barry Schrager • I would say that internal security is just as important as external security. Unfortunately, many organizations are oblivious to the internal threat, but it is real. Insiders already have access to the systems and, according to the Ponemon Institute; they are the top cause of data breaches.
This is reinforced by the 2010 Packetmotion Survey of US Government Agencies where 59% responded that employees represented the greatest threat and the 2012 Information Week Strategic Security Survey where 52% said Authorized Users or Employees pose the greatest threat to the company.
The 2010 Verizon Data Breach Investigation Report showed that insiders accounted for 48% of data breaches for the year. And, finally, in December 2011, the Manhattan District Attorney indicted 55 in a “widespread insider Cyber Fraud scheme” which included employees working at three or four different organizations, but working together.
We really would like to be oblivious to the insider threat, but it is real.
Joshua Levitsky • It used to be that inside and outside the network were easily defined for me. Then one day over 12 years ago I realized that AOL made a VPN tunnel exposing our machines to the public. There was a worm problem and I found that basically a machine would connect to AOL and then get infected and it would then try to infect others on the LAN. Between events like that and that anyone visiting the office could plug anything in to the network I quickly realized you have to watch the inside network because you can easily have an attack from the inside. In my work I actually put monitored firewalls on all endpoints. I wish I could have 802.1x authentication for workstations. In my mind having anything that connects have to authenticate would be a good step towards protecting the network. You really can’t know your employee’s motivations. There will always be a human who will do something malicious but if you treat employees right and you put in security to minimize what’s possible then I think that’s best.
Fred Luchetti • Internal is far more important. The external network is not plagued by the same issues that the internal one is. The internal network has a component that the external one never will: wetware. The human link is the weakest one in any security model and as such needs to have protocols and training in place to ensure security where external networks have no such weakness.
Allison Dolan • Which is more important – your right leg or your left leg?
Robert Fragola • Barry, thank you for helping to educate this group about the importance of maintaining internal security. All to often, our security professionals focus on external attack vectors, while internal hackers are having a field day diverting funds, engaging in Industrial Espionage and generally weakening the integrity of the z/OS platform.
Darrell Drystek • The most robust sophisticated technical controls are vulnerable, if the human firewall is weak.
Robert Fragola • True, but technology is available to proactively scan for and identify vulnerabilities, so that they can be remediated before being exploited. This idea of finding and fixing security problems is the cornerstone of PC security and is an ongoing process that can no longer be denied in the mainframe world.
Michael Egenlauf • I believe that internal is just as important as external. I have seen plenty of companies pour budget into building up the castle walls only to show that once you are inside, you can go wherever you want, download whatever you want , email huge databases of custoemr information out using the company email, dropbox or thumb drives. But also with what Darrel said above, the “human firewall” is weak. If someone can social engineer an employee, only the internal controls are what can help you from being on the front page of the paper for an breach.
Richard H Harris • My view is that internal security is rather like an immune system and external security a bit like dressing up warmly to go out in harsh conditions. If your immune system is compromised, then dressing up warmly may make you feel more comfortable in the short-term but you’re still going to suffer in the long run – yet without the warm clothing you’ll freeze quite quickly. There seems to me to be more focus on external than internal. Is that because the threat is perceived as more imminent? Do you see that also? Or is internal security just spoken about less? Anyone have any UK stats they’d like to share?
Michael Egenlauf • I feel that external is focused on more heavily because that is where the perceived threat is. Internal threat have always been secondary. The industry says things like “well we did a background check when we hired them, and now they have high level admin access, obviously we trust them so why do we need to worry about what they are doing?” Then when one of those people get wind of layoffs and decides to cause some havoc no one even realizes it till it’s too late.
Tom Secreto • Anything that I have ever read has indicated that well over 50% (more like 70+%) of all security breaches were internal. This makes so much sense because of my extensive I.T. experience has shown me so many organizations with very poor security policies and major systems very open. Quite often large systems would even still have default security values and user accounts for systems maintenance.
Also with all of the focus on external security as mentioned above hackers are not stupid, they know that if they can gain access to the internal network even by paying off someone they have it made.
Bjorn Soland • In my business (Operating bank infratructures) we see a clear trend where external threats are getting more focus than internal. The main reason is that we see new and very sophisticated attacs, almost on a daily basis.
Robert Edwards • External security is on a time share basis for all internal security systems. Each internal system has a responsibility to ensure that the external security is implemented and mitigated to its lowest common denominator. It the responsibility of the System Owner to ensure that physical security is being applied to their system in regards to access, media, etc. Internal security can then be more centered on the confidentiality, integrity and availability of the system itself.
What do you think ??