Internal vs External threat

Businesses have two types of environments: internal and external. Internal environments are controlled by the company, and may include elements such as organizational structure and workforce. External environments, however, exist outside of the company and are not within its range of control. As such, businesses may be vulnerable to the many threats that external environments can pose.

INTERNAL THREATS: 
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself and not your enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
            -Sun Tzu: The Art of War

Define “Internal Threats” :
Damage done to an organization by a trusted person who has/had access to a trusted area of the organizations infrastructure. 

Define “External Threats” :

individuals outside an organization attempting to gain unauthorized access to an organization’s networks using the Internet, other networks, or dial-up modems.                           

External threats include: 

lone hackers, organized crime groups, and government entities, as well as environmental events such as weather and earthquakes.

External threats can be countered by implementing security controls on the perimeters of the network, such as firewalls, that limit user access and data interchange between systems and users within the organization's network and systems and users outside the network, especially on the Internet.

Internal And External Threats:

While a business continuity plan (BCP) should be focused on restoring the financial institution's ability to do business, regardless of the nature of the disruption, different types of disruptions may require a variety of responses in order to resume operations. Many types of disasters affect not only the financial institution but also the surrounding community. The human element can be unpredictable in a crisis situation, and it should not be overlooked when developing a BCP since employees and their families could be affected as significantly as, or more significantly than, the institution. Therefore, institution management should consider various internal and external threats and determine the impact they may have on the entire institution, including employees. While the type and severity of internal and external threats may be different for each financial institution, this section discusses four primary categories of threats that should be considered when developing the BCP. These threats include malicious activity, natural disasters, technical disasters, and pandemics.

Fraud, Theft, or Blackmail:

Since fraud, theft, or blackmail may be perpetrated more easily by insiders, implementation of employee awareness programs and computer security policies is essential. These threats can cause the loss, corruption, or unavailability of information, resulting in a disruption of service to customers. Restricting access to information that may be altered or misappropriated reduces exposure. The institution may be held liable for release of sensitive or confidential information pertaining to its customers; therefore, appropriate procedures to safeguard information are warranted.

Sabotage:

Personnel should know how to handle intruders, bomb threats, and other disturbances.  The locations of critical operation centers should not be publicized, and the facilities should be inconspicuous.  A disgruntled employee may try to sabotage facilities, equipment, or files.  Therefore, personnel policies should require the immediate removal from the premise of any employee reasonably considered a threat and the immediate revocation of their computer and facility access privileges.  Locked doors, motion detectors, guards, and other controls that restrict physical access are important preventive measur

Vandalism and Looting:      

Vandalism and looting represent a threat because individuals often seek financial gain by exploiting security weaknesses exposed during an emergency or disaster situation. In the event of an area-wide disaster, the financial institution's security staff may be unable to reach the damaged facility and it may be difficult to obtain services from outside security personnel without prior notification. Therefore, management should address these potential threats before a disaster occurs by implementing alternate security measures to protect both the physical and logical assets of the financial institution

Terrorism:

The risk of terrorism is real and adequate business continuity planning is critical for financial institutions in the event a terrorist attack occurs. Some forms of terrorism (e.g., chemical or biological contamination) may leave facilities intact but inaccessible for extended periods of time. The earlier an attack is detected, the better the opportunity for successful treatment and recovery. Active monitoring of federal and state emergency warning systems, such as those of FEMA and the Centers for Disease Control (CDC), should be considered.

Terrorism is not new, but the likelihood of disruption and destruction continues to increase. The loss of life, total destruction of facilities and equipment, and emotional and psychological trauma to employees can be devastating. Collateral damage can result in the loss of communications, power, and access to a geographic area not directly affected by the attack.

Terrorist attacks can range from bombings of facilities to cyber-attacks on the communication, power, or financial infrastructures. The goal of cyber-terrorism is to disrupt the functioning of information and communications systems. Unconventional attacks could also include the use of chemical, biological, or nuclear material. Bio-terrorists may employ bacterial or viral agents with effects that are delayed, making prevention, response, and recovery problematic. While the probability of a full-scale nuclear attack is remote, it is necessary to address the readiness to deal with attacks on nuclear power plants and industries using nuclear materials and for attacks initiated by means of "dirty" nuclear devices, which are weapons combining traditional explosives with radioactive materials.

Natural Disasters:

Fire:

A fire can result in loss of life, equipment, and data.  Data center personnel must know what to do in the event of a fire to minimize these risks.  Instructions and evacuation plans should be posted in prominent locations, should include the designation of an outside meeting place so personnel can be accounted for in an emergency, and should provide guidelines for securing or removing media, if time permits.  Fire drills should be periodically conducted to ensure that personnel understand their responsibilities.  Fire alarm boxes and emergency power switches should be clearly visible and unobstructed.

All primary and back-up facilities should be equipped with heat or smoke detectors.  Ideally, these detectors should be located in the ceiling, in exhaust ducts, and under raised flooring.  Detectors situated near air conditioning or intake ducts that hinder the build up of smoke may not trigger the alarm.  The emergency power shutdown should deactivate the air conditioning system.  Walls, doors, partitions, and floors should be fire-resistant.  Also, the building and equipment should be grounded correctly to protect against electrical hazards.  Lightning can cause building fires, so lightning rods should be installed as appropriate.  Local fire inspections can help in preparation and training.

Given government regulations to control ozone depletion, Halon fire suppression systems are being replaced with alternative fire suppressant systems.  Current systems utilize clean agents and include Inergen, FM-200, FE-13, and carbon dioxide.  Additionally, dry pipe sprinkler systems are being used that activate upon detection of a fire and fill the pipe with water only when required.  Consequently, the risk of water damage from burst pipes may be minimized.  These systems should be the staged type, where the action triggered by a fire detector permits time for operator intervention before it shuts down the power or releases fire suppressants.  Personnel should know how to respond to these automatic suppression systems, as well as the location and operation of power and other shut-off valves.  Waterproof covers should be located near sensitive equipment in the event that the sprinklers are activated.  Hand extinguishers and floor tile pullers should be placed in easily accessible and clearly marked locations.  The extent of fire protection required depends on the degree of risk an institution is willing to accept and local fire codes or regulations.

Floods and Other Water Damage:

A financial institution that locates an installation in or near a flood plain exposes itself to increased risk and should take the necessary actions to manage that level of exposure.  As water seeks the lowest level, critical records and equipment should be located on upper floors, if possible, to mitigate this risk.  Raised flooring or elevating the wiring and servers several inches off the floor can prevent or limit the amount of water damage.  In addition, institutions should be aware that water damage could occur from other sources such as broken water mains, windows, or sprinkler systems.  If there is a floor above the computer or equipment room, the ceiling should be sealed to prevent water damage.  Water detectors should be considered as a way to provide notification of a problem.

Severe Weather:

A disaster resulting from an earthquake, hurricane, tornado, or other severe weather typically would have its probability of occurrence defined by geographic location.  Given the random nature of these natural disasters, institutions located in an area that experiences any of these events should consider including appropriate scenarios in their business continuity planning process.  In instances where early warning systems are available, management should implement procedures prior to the disaster to minimize losses. 

Air Contaminants:

Some disasters produce a secondary problem by polluting the air for a wide geographic area. Natural disasters such as flooding can also result in significant mold or other contamination after the water has receded. The severity of these contaminants can affect air quality at an institution and even result in evacuation for an extended period of time. Business continuity planning should consider the possibility of air contamination and provide for evacuation plans and the shut down of HVAC systems to minimize the risks caused by the contamination. Additionally, consideration should be given to the length of time the affected facility could be inoperable or inaccessible.

Hazardous Spill:

Some financial institutions maintain facilities close to chemical plants, railroad tracks, or major highways used to transport hazardous materials.  A leak or spill can result in air contamination, as described above, chemical fires, as well as other health risks.  Institutions should make reasonable efforts to determine the types of materials being produced or transported nearby, obtain information about the risks each may pose, and take steps to mitigate such risks.

Technical Disasters:

Communications Failure:

The distributed processing environment has resulted in an increased reliance on telecommunications networks for both voice and data communications with customers, employees, electronic payment system providers, affiliates, vendors, and service providers. Financial institutions lacking diversity in their telecommunications infrastructures may be susceptible to single points of failure in the event a disaster disrupts their critical systems.

Customers:

Customer reliance on institutions for account information creates a critical need for timely recovery of communications systems. Institutions should establish alternate forms of communication in the event local phone systems become inoperable including a plan for how customers will be advised of alternate means to contact the institution. One alternative form of voice communication involves the use of voice over Internet protocol (VoIP), which is the transmission of phone conversations through the Internet or Internet protocol networks. VoIP technologies also operate on both wireless Internet and cellular networks. While VoIP may become a viable solution when local phone systems are inoperable and the Internet is accessible and functioning, management should realize that preplanning may be required to ensure timely implementation of this technology.

Employees:

In addition to restoring data communication lines with customers, restoration of communications with employees is also critical to any BCP.  To make it easier for employees to contact the institution during a disaster, management could distribute pre-established toll-free phone numbers to employees.  This method of communication would enable employees to report their status using a centralized location and obtain current information about operational restoration.

Calling trees may prove useless during an area-wide disaster since employees may have evacuated to unknown locations and standard telecommunications systems may be inoperable. Therefore, as an alternative to voice landlines, institutions should consider text messaging via cell phones, wireless personal digital assistants, two-way radios or satellite phones, text-based pagers, corporate and public e-mail systems, and Internet based instant messaging systems. In addition, secure connections may be established through a virtual private network (VPN) using a standard Internet connection and a laptop computer. Management should also ensure they have an adequate supply of batteries to operate the wireless devices and laptop computers. 

Electronic Payment System Providers:

Communications failures with electronic payment system providers may prevent the use of electronic forms of payment, such as debit and credit cards and electronic funds transfers.  Therefore, cash needs become critical when customers and employees do not have access to funds electronically, and cash is in short supply during an area-wide disaster.  It may be difficult to obtain additional supplies of cash and take delivery of sensitive documents when transportation and telecommunications services are limited.  As such, management should carefully analyze funding needs if they anticipate, or when they become aware of, a pending disaster to ensure that liquidity needs are met in a timely manner.

Affiliates, Vendors, and Service Providers:

The restoration of communication with affiliates, vendors, and service providers is also paramount to the timely recovery of an institution.  Alternate methods of communication and procedures for accessing, downloading, and uploading information should be pre-established with the institution's technology service providers, correspondents, affiliates, and third-party vendors to ensure continuity of service.

Power Failure:

The loss of power can occur for a variety of reasons, including storms, fires, malicious acts, brownouts, and blackouts and may result in widespread failure of the power grid and inoperable power distribution centers.  A power failure could result in the loss of computer systems; lighting, heating and cooling systems; and security and protection systems.  Additionally, power surges can occur as power is restored, and without proper planning, can cause damage to equipment.  As a means to control this risk, voltage entering the computer room should be regulated to prevent power fluctuations.  In the event of power failure, institutions should use an alternative power source, such as an uninterruptible power supply (UPS), gasoline, kerosene, natural gas, or diesel generators.  A UPS is essentially a collection of standby batteries that provide power for a short period of time.  When selecting a UPS, an institution should make sure that it has sufficient capacity to provide ample time to shut down the system in an orderly fashion and ensure that no data is lost or corrupted.  Some UPS equipment can initiate the automated shut down of systems without human intervention.

If processing time is more critical, an organization may arrange for a generator, which will provide power to at least the mission critical equipment during extended power outages.  Management should maintain an ample supply of fuel on hand, such as propane, natural gas, or diesel fuel, and arrange for replenishment.  One potential advantage of natural gas is that it is supplied by a pipeline, avoiding the need to ship it in and maintain it onsite.  It is important to note that if a disruption is significant enough it may result in the inability to obtain additional fuel.  Further, fuel pumps and delivery systems may not be operable.  Therefore, proper planning involves careful consideration of which equipment and facilities should be powered up and whether certain operations should be scaled back.

It is also important to ensure that alternative power supplies receive periodic maintenance and testing to maintain operability.  Moreover, management should discuss with local authorities the ordinances relative to the location of generators and the storage and delivery of fuel.

Equipment and Software Failure:

Equipment and software failures may result in extended processing delays and/or the inability to implement the BCP.  The performance of preventive maintenance enhances system reliability and should be extended to all supporting equipment, such as temperature and humidity control systems and alarm or detecting devices.

Transportation System Disruptions:

Financial institutions should not assume regional or national transportation systems will continue to operate normally during a disruption. Air traffic or trains may be halted by natural or technical disasters, malicious activity, or accidents. In instances of area-wide disasters, delivery of essential services may be diverted for humanitarian and other emergency efforts. This can adversely affect cash distribution, fuel delivery, check clearing, and relocation of staff to back-up sites. Institutions should investigate the option of using private, ground-based carriers (e.g., messenger services, trucking companies, bus companies) to ensure the continuation of these vital functions.

Water System Disruptions:

Essential necessities, such as water, could be limited or non-existent during a disaster.  HVAC systems may be dependent upon water to operate, and initial supplies of drinking water for employees may be quickly exhausted or difficult to find since new shipments may be delayed due to transportation problems.  Institutions should plan for potential disruptions in water services by determining the impact of such a disruption on business operations and maintaining adequate reserves on hand.

Economic Threats:

According to Bank of Biz/ed, the economy can be considered an external threat to businesses because, no matter how hard a company works or how good its products are, economic conditions dictate a business's profit and success. Economic downturns can decrease the demand for goods or services on the consumer market. On the other hand, a robust economy will inspire more consumer spending and business growth. According to the Economic Development Research and Training Center, studying economic trends, such as household spending or consumer demand reports, can help companies track economic patterns in their external environments.

Competitors:

Competition is a significant external threat to businesses and is a product of the marketplace. A competitive market requires knowing who your competitors are. Competition serves as an external threat because businesses compete with other organizations for the same customers. In turn, this challenge can cause one company to flourish and the other to flop.

Global Environment:

The global environment can be risky for companies that rely on horticulture, agriculture or other types of natural resources. Weather patterns are examples of global environmental threats that can impact a company's resources, projects and profitability. Businesses track and trend weather patterns and global changes to monitor what types of environmental risks are out there.

Political Factors:

 political decisions or changes can threaten businesses. Foreign investments, for instance, can be threatened by political decisions to go to war with other countries. Or government-funded agencies can have their businesses impacted by budget cuts or budget deficits.

New Technology:

The technological field, with all of its advancements, can serve as a potential external threat to businesses. Technological changes can give companies a competitive advantage, leaving others behind. For instance, travel agencies were exposed to a technological threat when the Internet gave customers the ability to do their own research and make their own travel plans from their computers, thereby eliminating the need for travel agencies. Technological changes should be monitored to determine if there are any direct threats to a business.

Read more: External Threat Examples | eHow.com
http://www.ehow.com/list_6506620_external-threat-examples.html#ixzz2G6aX2K00

http://www.ehow.com/list_6506620_external-threat-exmples.html#ixzz2G6a5LKGH

Internal  threats:                           

three simple and relatively inexpensive steps your company can take to better defend against internal threats:
1\ Deploy 'intrawalls' (firewalls between departments)
Firewalls are commonplace and have been deployed as a frontline defense against the threats and attacks found on the Internet.
By using an "intrawall," or departmental firewall, all outgoing connections that don't serve a specific business need of that department can be blocked, creating "trusted zones" throughout a network. Setting a firewall policy to block protocol-specific traffic successfully prevents unwarranted disclosure of valuable information through unneeded channels.

2\ Identify containment points: A department firewall or router can also serve as a network containment device. In the event that a worm or other network traffic flood occurs, the department can be quarantined from the rest of the company, effectively isolating the problem to a certain area. This isolation will not only prevent further infestation, it will also aid in reducing the amount of cleanup necessary to restore the network to normal function.

With this implementation, uninfected portions of the network can be temporarily disconnected so that they can sit out a giant worm episode. Wireless, remote access, telecommuter and distributed enterprise branch offices represent the new edges of the network that require added layers of intrawall-type defense.

3\ Deploy antivirus software throughout the company: Performance of server-based virus-screening technology has also come a long way. New edge-based virus screeners are capable of inspecting as many as 100 e-mails per second. Screening POP3, SMTP, FTP and HTTP traffic for viruses at strategic points in the network helps reduce the effects of backdoor infections via modem pools and VPN tunnels.

Perhaps the most overlooked threat in a security program is the threat posed by employee behavior ,Whether the security threats are malicious or due to inadvertent employee error, the results are the same: loss of revenue and productivity, and potential liability for the company.

Malicious insiders, including disgruntled employees and employees who have been recently terminated, are also a worry. “Many companies have focused their energies on dealing with the threat posed by hackers and malicious code , Other internal security threats include contractors and outside service providers. “Depending on the situation, contractors or outside vendors can have as much knowledge and access as the in-house IT staff

“The threat here is the same as the threat from an employee, except that they may be harder to detect if your own staff does not supervise them.”

                                

http://www.computerworld.com/s/article/92748/Three_steps_for_defending_against_internal_threats?taxonomyId=17&pageNumber=1

http://www.techrepublic.com/article/a-multilayered-strategy-helps-neutralize-internal-security-threats/1051506

External threats:

Protect against external threats:

Outside threats (eavesdropping, password guessing, misconfigurations, information slips) are real and many; follow these simple steps to reduce your risk:

* Inventory your network and get a list of all listening services and daemons running on each computer.    
* Disable and remove unneeded services.         
 * Make sure all your systems are fully patched, both OS and applications. This single step will significantly reduce the number of properly configured services that can be exploited.
* Make sure remaining services and daemons are running in a least-privileged context.
* Require that all service/daemon accounts use strong passwords. * Google-hack your own network. It essentially automates the Google-hacking process and adds many of Foundstone's own checks .      
* Install services on nondefault ports.

Of course, consider testing your network with a vulnerability analysis scanner, either the free or commercial variety. There are many excellent ones that find the low-hanging fruit. Always have management permission first, test during off-hours, and accept the risk that you'll probably knock some important service offline during the scan.

And of course, don't forget that your risk of malicious exploits mainly comes from client-side attacks

    

http://www.infoworld.com/d/security-central/protect-against-external-threats-270?page=0,0