Internal Network Security

CPS 411, Essentials: IT Network Practitioners, Darren Dayton

Boise State University [email protected]

Boise, Idaho 9/29/2024

Abstract— This paper will attempt to inform the reader about internal threats to network

security, including insider threats, vulnerabilities through the internet, user error creating

vulnerabilities, and mitigation strategies to improve the security posture of the

organization as a whole.

Index Terms— Internal threats, insider threats, mitigation strategies, vulnerabilities,

network security

I. INTRODUCTION Now, admittedly insider threats are

not the only things considered internal

Internal threats can be defined in a
threats, but they are some of the most
number of ways, as there are a number of
prevalent. Other internal threats may include
different threats that can be considered
phishing and other forms of social
internal. The best definition I’ve found
engineering, data sharing outside the
comes from the CISA directly: “Insider
company, shadow IT, unauthorized devices,
threat is the potential for an insider to use
and physical theft of company devices. [2]
their authorized access or understanding of

an organization to harm that organization.” Mitigation of these threats is

[1] paramount for security, as these threats can

escalate quickly from a minor annoyance to

a major incident.

II. SOCIAL ENGINEERING

Starting with the one most likely to

be familiar for anyone reading this, social

engineering has as many forms as people As an example of a social

can think of, because the concept itself is engineering-based breach, in 2022 and 2023

based on convincing people of something. Mailchimp was targeted multiple times, and

at least one attempt was successful. Social

There are a number of useful bits of
engineering worked on an employee of
software that can help mitigate this to a
Mailchimp, and as a result at least 133
certain extent, such as antivirus and
accounts were compromised, which
antimalware recognizing suspicious emails
included businesses like WooCommerce,
and links, but the only real way to deal with
Statista, Yuga Labs, Solana Foundation, and
this threat is security awareness training.
FanDuel. That might not sound like a lot but
Regardless of what a program tells them, or
realize that each of these businesses is now
what their training tells them, people will
potentially compromised, as well as any
occasionally decide to do the wrong thing,
businesses they have access to, etc. [3]
and then it becomes the company’s problem.
Mailchimp is one of the largest web
Here’s a chart showing the rising
services in existence. They don’t do mail
cost of inside threats[3]:
service for individual accounts; they serve

email for businesses. They are worth

something around $12 billion, have more

than 1500 employees, and operate more than over 100 Gb of data, including customers’

13 million accounts. information, both personal and financial,

Tesla’s production secrets, and customer

III. DATA SHARING
complaints about the vehicles. In all over
Data sharing outside the company is
75,000 individuals were exposed, which
an unfortunate fact of life. Even data that
could result in up to a $3.3 billion fine for
definitely should not be shared may
the company. It is unknown exactly how the
occasionally be shared, whether through
breach happened, but it is thought likely that
carelessness or malice. Usually it’s the
their credentials were not revoked when they
former, with a reply all being hit instead of
were fired. [3]
reply, an incorrect email address, etc.

Nothing can really be done about IV. SHADOW IT

these things as far as training, because Shadow IT is a bit of a misnomer, really.

human errors are very much a factor in It just means software or services that the

business. However, there are some software employee finds easier to use, or more

possibilities in the form of things like DLP, efficient, etc. than what they are supplied

or Data Loss Prevention, software that can with by the company. This is a failing of the

track, secure, and block sensitive company to provide software that is able to

information from being sent. complete the job as required, usually.

As an example of the more malicious This is possible to mitigate by an

side of things, in May 2023 Tesla was open conversation between employees and

informed by a German news outlet that their employer on the requirements of the job,

information had been leaked. Investigation though this doesn’t happen as often as it

revealed two former employees that leaked should.

 Estimates of shadow IT issues from 2022 Yahoo claimed that a then employee

Gartner are that nearly 50% of all stole sensitive research data, including

cyberattacks stem from shadow IT, cost an strategies against their competitors, an

average of $4.2 million each to repair, and analysis of said competitors, the source code

an estimated 30-40% of large companies’ IT of their AdLearn engine, and up to 570,000

budgets go to mitigating shadow IT use. [4] other files. This was done allegedly via two

external USB devices that the employee had

I was unable to find a specific
brought in and connected to his corporate
example of an actual breach caused by
laptop.
shadow IT assets, so in the references I

included an interesting read with multiple Mitigation in this regard is easier

statistics about shadow IT. [5] than with shadow IT, but still difficult to

completely negate. Employee monitoring

V. UNAUTHORIZED DEVICES
software, USB device management
Unauthorized Devices are easy
software, real-time user activity alerts, and
enough to understand what they are: devices
keyloggers could have helped prevent some
that aren’t approved and/or provided by your
or all of the data theft. [3]
organization. However, the issue is that they
VI. THEFT
are basically the other side of the coin with

shadow IT: they are the physical items used As opposed to the data theft depicted

without proper vetting. in the last section, this section is as regards

physical theft of company devices, whether

And unlike with shadow IT, I found
by employees or not. The hardest part about
multiple examples of breaches caused by or
this, and one of the reasons it is difficult to
using unauthorized devices. For instance, in
mitigate, is the fact that the theft isn’t
necessarily permanent. If someone notices a step as well, though other tracking methods

missing device, they tend to report it. But if are also encouraged.

they merely lose track of it for a time, it

This issue is more about physical
might go unreported, all the while the data
security than anything else and should be
on the device was stolen, or a virus was
treated with the same respect and effort that
installed, or a number of other attacks could
we do our homes and businesses. Lock the
be started because of the “temporary” theft.
doors, lock the windows, use security

As an example, and to show that any cameras, guards, etc. Train employees to

sector can have this issue, in Ottawa, lock up devices with sensitive data, or to not

Ontario, Canada in May 2018, a government travel with those devices unless absolutely

employee’s laptop was stolen from their necessary.

locked vehicle. It contained protected health

VII. CONCLUSION
information (PHI) for over 80% of all the
In conclusion, mitigating risks to the
citizens in the Northwest Territories,
internal network is both important, and
including names, birth dates, home
difficult to do. Focusing on security while
communities, healthcare numbers (think
maintaining an open communication policy
your health insurance number) and in some
with employees is a fine balancing act, and
cases their medical condition. [6]
even if you do everything right human error
The device was new, so the
can still upend the entire operation.
encryption process either failed or was

missed. The best way to mitigate this sort of

attack vector is encryption. Enabling remote

wipe and/or disable functions is a helpful

 REFERENCES

[1] CISA, “Defining Insider Threats,” Cybersecurity and Infrastructure Security Agency CISA,
2023. https://www.cisa.gov/topics/physical-security/insider-threat-mitigation/defining-insider-
threats (accessed Sep. 29, 2024).
[2] Andrada Coos, “Top 5 Internal Data Security Threats and How to Deal with Them,”
Endpoint Protector Blog, Mar. 05, 2020. https://www.endpointprotector.com/blog/top-5-internal-
data-security-threats-and-how-to-deal-with-them/ (accessed Sep. 29, 2024).
[3] L. Pryimenko, “Top 5 Real-Life Examples of Breaches Caused by Insider Threats,” Ekran
System, Feb. 28, 2024. https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-
caused-breaches (accessed Sep. 29, 2024).
[4] K. Lake, “What Is Shadow IT?,” JumpCloud, Oct. 14, 2022.
https://jumpcloud.com/blog/shadow-it (accessed Sep. 29, 2024).
[5] K. Shuler, “45+ Shadow IT Statistics for 2023,” quandarycg.com, May 16, 2024.
https://quandarycg.com/shadow-IT-statistics/ (accessed Sep. 29, 2024).
[6] A. Team, “4 Recent Data Breaches that Originated on the Endpoint - Absolute Blog | The
Leader in Endpoint Visibility and Control,” Absolute Blog | The Leader in Endpoint Visibility
and Control, Aug. 26, 2019. https://www.absolute.com/blog/4-recent-data-breaches-that-
originated-on-the-endpoint/ (accessed Sep. 29, 2024).