Think about Security from the Inside Out

Thinking about Security from the Inside Out | Innovation Insights | Wired.com:Historically, IT security has been all about defending against external threats. However, the recent cyber-attack against oil giant Saudi Aramco reinforces the need to give equal weight to internal threats as well. On August 15, 2012, an insider at Saudi Aramco used privileged access to the company’s network to release a computer virus called Shamoon. The virus infected roughly 75 percent of employee desktop computers, wiping them clean and replacing the files with a picture of a burning American flag. The company immediately took action once it knew what was going on. Saudi Aramco disabled its internal network to stop the virus from spreading, but it was too little, too late. The attack is regarded as one of the most destructive acts of computer sabotage to be inflicted upon a private company to date. Despite speculation that third-party perpetrators were involved due to similarities with various other incidents, the nature of the attack was such that the perpetrator had to be an insider. . . Intelligence officials insist that the Saudi Aramco hack should serve as a wake-up call to other organizations. No longer are we to protect our data solely from external threats. Networks must be protected from potential threats inside and out, and this will force a profound change in network management strategies. . . "


Follow @zqure