The enemy within – the cyber threat in every office

High-profile hacking cases dominate the headlines, but while the main aims of modern cyber cyber criminals are unchanged - stealing information and denial of services - hackers are finding new ways of bypassing security measures. Over the course of three features, cyber experts explore the new threats presented by hijacking internal servers, data leaks by authorised employees, spoofing, mobile technology and "unkillable" malware.


The enemy within – the cyber threat in every office

Emblem of Anonymous, a well known group of 'hacktivists'

Checking the IP address of a website to ensure it is hosted by the correct owner and ensuring only authorised users have access to corporate data are well-established security measures. However, in the first of three special cyber attack features, cyber security expert Dr Guy Bunker explains that they are ones that clever cyber criminals can readily bypass.

Bunker is the senior vice president with Clearswift, a provider of gateway and network-based email and web security, and Product Liability Prevention (PLP) technology.

Clearswift provides solutions for militaries, military contractors and governments, and its solutions are incorporated in OEM products, including BAE Systems' NephronMaxx content filter.

Hijacking internal servers

Bunker sees an increasing trend towards hijacking internal servers to launch denial of service attacks in the same way hackers build up botnets from privately-owned computers, but using corporately owned devices.

"The other side of this is setting up fake websites that to all intents and purposes look real," says Bunker. "They're hosted on the company's infrastructure, and if you look up IP addresses it looks like the genuine site, but it's controlled by the cyber criminals."

Insider access

"Companies also need to be aware of the number of third parties with whom they share their sensitive data."

But Bunker believes the main threat to corporate data is the way individuals use data, rather than outsider hacking - a recent Clearswift report titled 'Enemy Within' identified that 58% of data theft is down to people that have legitimate access to the information.

"Some of it is inadvertent, such as sending it to the wrong email address," he says. "Corporate data can also easily be taken outside in a Bring Your Own Device (BYOD) environment or on unmanaged USB storage devices that are then lost - while there is a policy to report valuable laptops, USB sticks are overlooked."

Companies also need to be aware of the number of third parties with whom they share their sensitive data across the entire value chain.

"The bigger the final product a manufacturer makes, say aircraft, the more access is given to their suppliers and all their customers," says Bunker. "Hackers will attack the weakest point in this chain rather than the tier one company."

Discover, stop and block

Bunker believes the best way to tackle this is education and awareness. Audit and compliance officials also need to catch up with the idea of the value chain, to identify where the threats can come from and therefore where the risks need to be minimised. To support this, Clearswift's products support prevent data loss prevention (DLP) through a discover, stop and block approach.

"Hackers will attack the weakest point in this chain rather than the tier one company."

"We discover a piece of information that shouldn't be shared, stop it, block it and inform the right people that it's occurred," he says.

"Instead of stopping the communication altogether we use Adaptive Redaction to identify and remove information that breaks policy, such as replacing most of a credit card number wrongly included in a purchase order with stars."

As well as this visible element, Adaptive Redaction works on invisible information in revision history and document properties, and active components such as embedded macros and active objects then strip all of that out.

"It works on the way in and out," says Bunker. "Within Nato for example, they want to receive no active content within their communications."

The threat of spoofing

But hijacking servers and people with legitimate access are far from the sole source of new cyber threats. In part two of our special features, Giles Peeters, defence director with Track24 Defence, discusses the dangers of spoofing, or creating fake situational awareness data, on military systems.

Defence group link

Related content


The future for armoured vehicle technology

The variety of models currently out for tender demonstrates a lack of consensus on future vehicle designs, especially in key areas such as mobility and protection.

Video feature: Latest in Defence on WildCat robot and smart material for armour

This edition of Latest In Defence investigates a cat-like military robot, high-tech body armour that protects soldiers in a new way and a military project to simulate attacks against helicopters.