There was a question on a security forum recently that asked “do I need to encrypt traffic on my internal sites?” The answer to that is yes. The simplest answer is that it is easy to implement and provides substantial security improvements. But protecting your internal network shouldn’t stop at just implementing HTTPS, you have to treat the enterprise like any other part of your network and default to a secure posture.
Insider Attacks
In 2016 27% of hacks were caused by a user with approved access to the internet. That could be a disgruntled employee or a self inflicted wound. They also state that hacks that are a result of insider threats have an average cost 50% higher than external threat actors. This is a result of the lack of internal controls for security when a user is “behind the firewall”. Unfortunately folks make the mistake of thinking “we are behind the firewall, it’s safe.” As the SEI report proves, you are not entirely secure within the walls of the enterprise.
There is the example of an iRobot employee stealing data, starting a competing firm with the exact product and winning a $280,000,000 government contract. iRobot won the court case, but it cost them $2,900,000 to do that.
Then there is the example of a disgruntled employee at Fannie Mae who put a logic bomb on a script that would have rm -rf’d everything had it not been detected. Although this was an odd one, they fired the employee and let them continue with machine access until the end of the day. Serious lack of security controls, thankfully they detected it.
You may be thinking, “but these are all big corporations, this does not happen at organizations like ours”. In 2008 an employee at a small architecture firm saw a job posting that looked suspiciously like their job. Naturally they decided to go to work after hours and delete all data on the company servers. Luckily the employee got caught and they were able to restore the data. But this cost a large amount of money as they did not have backups but relied on forensic disk analysis.
CIA Triad (No, not THAT CIA)
Good security is achieved when you treat your internal network like an external network. By applying the principles of the CIA Triad when configuring your systems and networks, you increase the security of your organization.
Confidentiality: Running HTTPS on your internal sites and forcing SSL in your internal communications (email, apps, etc).
Integrity: Using appropriate access controls for data such as LDAP and AD. No shared users, etc.
Availability: Keeping your systems up to date with automated patching.
Conclusion
I hope this helps you to better understand that the threats from inside the organization are as dangerous as those from outside actors. But applying the same security principles you use on your forward facing networks can protect your enterprise “behind the firewall”.
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
