Protecting Your File Transfer Service from Internal Threats
Every year since 2010, Ponemon Institute conducts a research entitled "Cost of Cyber Crime Study". One of the main goals of the study is to quantify the economic impact of cyber attacks. This information is meant to help organizations determine the appropriate capital investment for countering these attacks or minimizing their impact.
The results of this year's study are already out. And if there's one outstanding piece of information every company should be concerned with, it is that the costs resulting from cybercrimes are on the rise.
Now, there are different types of cyber crimes. Some are naturally more costly than others. Once the estimated costs of each type of crime were obtained, it was easy for them to be ranked. Interestingly, these rankings varied from one surveyed country to another. In the US, one of most expensive cyber crimes are those from malevolent insiders.
That's right. Your employees or people who have direct access to the insides of your organization have the potential of inflicting greater harm to your business than other threat agents.
In this post, you'll learn how file transfers can be very vulnerable to these inside threats and why it is something you should be very concerned about.
Alarming statistics on cyber crime
Before we proceed with a discussion on internal threats, let me share with you some interesting highlights from this benchmark study of US organizations.
The average annualized cost of cybercrime has now reached $8.9 million;
That amount above translates to a 6% increase over last year (2011) and a 38% increase over 2010 results;
The number of attacks organizations are experiencing per week is growing: from 50 per week in 2010, 72 in 2011, and an astounding 102 in 2012.
Accounting for over 78% of annual cybercrime costs per organization, the most expensive cybercrimes are caused by malicious code, DoS (denial of service), stolen or hijacked devices, and malevolent insiders.
When measured annually, information theft makes up 44% of total external costs.
Take note especially of the last two items written in bold, as these are crucial in appreciating the importance of securing file transfers.
What you need to know about internal threats
It is easy to see why internal threats can inflict greater harm to a company. We often trust colleagues, employees, contractors, technicians, consultants, trading partners, and other people who come in contact with us every day in the workplace (let's call them "insiders") than people who don't.
That is why we spend so much on firewalls, Intrusion Detection and Prevention Systems, and VPNs. We focus too much on keeping external threats out, that we leave ourselves vulnerable within.
Let me ask you this. What makes you think these insiders will never turn against you, when there are actually quite a number of things that can motivate them to do so? Allow me to mention a few:
The perception of having been treated unfairly
This is actually very common. Disgruntled employees may want to get back at your company by stealing and then disclosing sensitive information to competitors or simply sabotaging your systems.
Other people don't have to feel unjustly treated to be tempted into divulging confidential information to your competitors. The thought of instantly getting rich or overcoming a personal financial crisis can be enough motivation for some people to disclose secret formulas, employee salaries, supplier information, or other company secrets.
Allure of the black market
Competitors aren't the only entities interested in all the information insiders have access to. Your company's database can contain volumes of personal information, whether belonging to employees or customers, that can be sold to buyers in the black market.
Remember that insiders not only know the intricacies of your systems, they also have easy access to them. Once they've developed a motive, it would be easy for these individuals to carry out their malicious intentions successfully.
So what has all these got to do with file transfers?
Insider threats to file transfers
Data-in-transit and man-in-the-middle attacks
Remember that statistic I showed you earlier on information theft? Information theft is the highest external cost resulting from cybercrime.
Depending on what was stolen and who benefited from it, information theft can either put you at a serious competitive disadvantage (if what was stolen was a trade secret and the beneficiary was your competitor) or cost you investor and customer confidence and possibly investors and customers themselves (if what was stolen was a large volume of personal information and the beneficiaries were identity thieves).
The level of motivation for stealing information is also very high.
Most people can't get any financial gain if they cripple you with a DoS or deliberately infect your systems with a virus. But they certainly can earn a lot of money if they steal confidential information and sell them to whoever finds them valuable, like your competitor or an organized syndicate of identity thieves.
File transfer systems may attract malevolent insiders because of two reasons:
They usually contain a great deal of information, and
Common file transfer systems (usually FTP servers) are grossly insecure.
Nefarious individuals can steal sensitive data from your file transfer systems by attacking either one of two areas: the network through which your transmitted files traverse or your server's storage devices themselves.
Data-in-transit is usually compromised through a man-in-the-middle attack using a sniffer like Ettercap, NAI Sniffer, Wireshark, or TCPDump.
My next post will contain a more thorough discussion on sniffing, man-in-the-middle-attacks, and data-in-motion encryption. It will also include excerpts of an experiment where I compared sniffing results on an FTP connection and FTPS and SFTP connections, so stay tuned for that.
In the meantime, let me just say that a man-in-the-middle attack can enable an attacker to acquire a user's username and password if the user is using an insecure protocol like FTP, which unfortunately carries these login credentials in plaintext.
Sniffers like Ettercap are best employed in a LAN because they have to be a part of the same network as the target machines to be effective. Suffice to say, it would be much easier to use them and launch MiTM attacks from within your network. Hence, it wouldn't be surprising for a man-in-the-middle-attack to be carried out by someone who has access to your internal network.
Viruses are another serious threat to file transfer systems. Once an infected file gets uploaded to your server, it can infect the files there. And then when infected files are downloaded from the server, the infection can spread to client machines.
The thing about viruses is that they don't always have to be uploaded by nefarious individuals. Infected files can also be inadvertently uploaded unknowingly by innocent insiders.
Sometimes, insiders themselves don't need the motivation to perform malicious acts in order for malicious acts to be carried out. Nefarious individuals (whether outsiders or insiders) can exploit vulnerabilities caused by employees who don't handle confidential data properly or don't follow security policies.
Communicating or sharing data over non-secure channels, writing usernames and passwords on post-its and sticking them conspicuously on desktops, or even using easy-to-guess passwords are just some common practices that can provide attackers an opening to your systems.
Countermeasures for protecting file transfers
Let's now take a look at some of the countermeasures you can implement to protect your file transfer system.
Use secure file transfer protocols
A truly secure file transfer protocol is one that can prevent attackers from viewing any sensitive information transmitted during a file transfer session, such as usernames and passwords. Plain FTP is already out because it transmits usernames and passwords in plaintext. Better alternatives to FTP are FTPS and SFTP, which both encrypt files during transmission. Click the following link to understand the key differences between FTP, FTPS, and SFTP.
Employ antivirus software
Of course, the best way to fight a virus is by using an antivirus. Established antivirus software like Kaspersky and Avast are the best choices because they have been in the market long enough and constantly update their antivirus databases. It's not always possible or easy to integrate an antivirus software with your file transfer system, so look for a system that supports this kind of integration. Click that link to read about one.
Implement strict password policies
Usernames and passwords are the most common form of access control mechanism. Since they are often the only keys to your system, it is important to make sure they function as they should. Weak passwords or passwords that have been in use since forever won't prevent skillful attackers from breaking in.
I suggest you adopt the password requirements of PCI-DSS. It's a very comprehensive list of password policies. Click that link to learn more about it.
Encrypt data stored in your server
Attackers may also attempt to acquire files stored in your file transfer server. To prevent them from getting any valuable information, protect your files with data-at-rest encryption such as OpenPGP.
The countermeasures we just mentioned can already go a long way in protecting your file transfer system from internal threats. All those countermeasurs are supported by JSCAPE MFT Server. Note that not all file transfer clients support secure file transfer protocols like FTPS and SFTP. For best results, I recommend you use a client that supports both. If you're looking for one that's free, check out AnyClient.
Download JSCAPE MFT Server