Читать книгу You CAN Stop Stupid - Ira Winkler - Страница 50

A threat is a person or entity that will do you harm if provided with the opportunity. While the common assumption is that threats are malicious people or groups, they are just one type of threat. There is a wide variety of threats that any given organization has to address.

As opposed to listing all possible threats, we focus on categorizing them. Threats can be malicious or malignant. A malicious threat is one that intends to do you harm. A malignant threat is one that causes harm by its mere existence.

Malignant threats can further be broken down into “who” threats and “what” threats. There are many examples of malignant “who” threats. Users accidentally delete or enter the wrong data. Administrators make mistakes. Travelers lose their laptops or USB drives. Workers are careless on factory lines. There is no malicious intent on the part of any of these people, but ultimately these users are still malignant threats.

Besides the “who” malignant threats, there are also “what” malignant threats. Computers crash. Machinery breaks. Power outages occur. Natural disasters, such as hurricanes, earthquakes, floods, and tsunamis, cause incredible damage. Consider the deaths and damage caused by Hurricane Katrina, for example. A large hurricane causes tens of billions of dollars of damage. That does not include its impact to businesses within the area that lose revenue and suffer other losses. And of course, how users react to such “what” threats is also a “who” factor, which has the potential to compound the malignant threat.

Beyond malignant threats, we also need to consider malicious threats. There are two types of malicious threats: outsider threats and insider threats.

Outsider malicious threats are generally people with criminal intent. These people target your users with the intent to exploit them. Either they intend to get your users to commit actions on their behalf or they essentially assume the identity and access of your users. For example, an outsider might attempt to trick employees into sending them sensitive information. Alternatively, outsiders might steal credentials through phishing attacks and then use those credentials, appearing to be your own user, to steal information.

We can further breakdown malicious outsider threats by the scope of their ability and resources. Nation-states have nearly unlimited resources and ability. When North Korea targeted Sony, they poured an incredible amount of resources into finding a way into Sony's corporate network. They eventually compromised administrator credentials and, once in, had a large enough team to quickly scour the Sony network to both steal information and create massive damage.

On the lower end of malicious outsider threats, you have opportunists who take what is easily available. From an IT perspective, low-skilled hackers target people randomly with tools available on the Internet. If they are successful in gaining a foothold, they take whatever they find available.

Beyond the malicious outsider threats, we have malicious insider threats. These can be employees within an organization, users, business partners, customers, or any other type of user who deals with your organization. Some of these users steal equipment, software, or materials for personal use. Other malicious insiders sabotage the organizations' products, services, or reputation. Others actively try to undermine the morale or productivity of other users.

People often focus on malicious outsiders when they think of threats. But from the perspective of reducing UIL, one of the primary threats is the user. That might sound counterintuitive, but consider the following points. The DBIR reports that 28% of incidents are the result of malicious insiders. Add to that the number of malicious outsider threats that are attempting to exploit the user in some way, and the user as a malignant “who” threat that unwittingly (or uncaringly) enables those attackers. Then add to that the number of other ways that users function as a malignant “who” threat and accidentally or unknowingly initiate loss. Obviously, it is important to address malicious outsider threats. However, it is equally important to address users, as they have the potential, intentional or otherwise, to be involved in your organization experiencing vast amounts of loss.