“The ways that the networks can be compromised five years ago internally, certainly still exist. It’s just that today, that list is really growing, and that’s why this is ongoing research,” said Derek Manky, a project manager for cyber-security and threat research at Fortinet.
Manky said that the company has more than 100 researchers worldwide who monitor network activity.
“It’s really an ongoing case again of all this data that we’re seeing worldwide, all this feedback we’re getting, all the new threats that we’re seeing and how those threats can potentially affect systems,” he said.
According to the researchers, the top 10 internal network vulnerabilities are:
- USB drives
- laptops and netbooks
- wireless access points
- miscellaneous USB devices (digital cameras, MP3 players, etc.)
- employees borrowing others’ machines or devices
- the Trojan Human (attackers who visit sites disguised as employee personnel or contractors)
- optical media (CDs, DVDs, etc.)
- lack of employee alertness
- smartphones
- e-mail
Some potential security threats such as smartphones can be dangerous in part because people don’t see them as threats. And even though they can house viruses, the devices can threaten networks in ways people may not think of.
“If you have any sort of confidential information and you have access to that, even if the document doesn’t leave the quarantined area and you take a picture of that with a smartphone, you can send that over [a] 3G network. You can just keep it on the smartphone and walk out with it,” Manky said.
But when it comes to locking down networks and implementing security protocols, Manky said the government may be in a different position than the private sector when it comes to enforcement.
“They have a heavier hand. They can enforce this and say, ‘OK, across all agencies, we are banning this until we can think of what’s going on with this.’ So that is a good thing in my view because if you can properly enforce something, and you can take action on that, then it’s a step forward,” he said.
But there could be drawbacks. In addition to policy “turf wars,” Manky admits that different sectors of government can cause confusion if they’re trying to enforce the same thing but have different ideas on how to go about it.