Blurry line between internal, external threats
The stunning attack on Saudi oil company Aramco looms as another reminder that despite the huge mindshare that external security threats command, internal threats are just as significant, if not more.
The attack destroyed data on about 30,000 computers (about three-quarters of the total) across the vast company and was apparently made possible by internal actors. There are countless ways this could've happened. Experts are fond of noting that a bunch of USB flash drives could've been left in the vicinity of the company in hopes that an employee would eventually use one at work, unwittingly deploying rogue code. The bad guys are exploiting new internal access avenues, notes CSO.
Just as a would-be criminal can purchase all the rogue code they need to carry out traditional hack attacks on networks, so can they purchase insider access through illicit underground hacker networks. Some may be skeptical of the internal threat, as a study from Verizon has found that only 4 percent of data breaches involve insiders.
One expert was quoted by CSO and said that, "We're starting to grapple with the fact that it is a blurry line. The traditional sense of insider attack is somebody who is already an employee who is disgruntled and goes rogue for some reason. But it really doesn't matter whether an attack starts on the inside or the outside. It doesn't matter if an insider is malicious or inadvertently compromised [by an outside attack], because the result is the same."
- here's the article