December 15, 2015. Welcome to Part 2 of “Why Internal & External Security Assessments Combined are Vital.” In the Part 1, we looked at the mistake that companies make in running these assessments, and what each on its own brings to the table. In this post, we look into the reasons why your company should be running internal AND external assessments, and how they are vital to your company’s security.
As explained in Part 1, most companies only run either an internal or external assessment. This is not the way it should be done. Times have changed, and so have the threats. They can come from anywhere, from an employee naïvely clicking a malicious link in a tweet sent from the outside, to a full on Distributed Denial of Services (DDoS for short) from a hacker in a foreign country, to leaked PII etc. The threats can originate externally and impact internally or they can originate internally and work in tandem with external threats.
To demonstrate the effectiveness of both internal and external security assessments, here’s a quick example from us: We had a client for whom we ran both assessments. Internal assessment found that one of the laptops connected to the internal network was compromised – due to weak wifi security and was hosting illegal file torrents. We found internal and external unauthorized traffic. We also detected that the illegal file information was being “advertised” on social media. We combined the internal and external investigation results and removed the compromised laptop, strengthened the wifi network and actively worked to take down the fraudulent social media account. The General Manager of the client issued a nasty memo to his company regarding this, and when we came back after about a month to do follow-up assessments, nothing major was found. Sometime the weakest link is the actual employee.
More real world examples next time…