As you are no doubt aware, a decent percentage of attacks that occur on an organization’s infrastructure are initiated by people internal to the organization. Most of these attacks are unsophisticated.
Internal attacks are often initiated by disgruntled employees. In the past the tools that disgruntled employees could use to carry out these attacks were limited. Unless they have some level of skill, most people aren’t able to install hacking tools on locked down corporate desktops.
Three trends will make the future of attacks against network infrastructure by disgruntled employees a “may you live in interesting times” affair.
Trend 1: Gen-Y and millennials are far more computer literate as a cohort than their fellow Gen-X and Boomer employees. This doesn’t mean that they know the details of how to compromise a network, but it does mean that they are more likely to be able to locate “script kiddie” type automated exploit tools that take a lot of the complexity out of exploiting a network.
Trend 2: BYOD means that a lot of people are no longer using locked-down corporate desktops. A disgruntled user in an organization that has a BYOD policy is going to be able to install and deploy an automated exploit tool on an organizational network with a lot less effort than a disgruntled user of a locked down corporate desktop.
Trend 3: A growing culture of hacktivism, popularized by the efforts of “Anonymous” is going to mean that more of these disgruntled computer literate Gen-Y and millennial employees are going to lash out using hacking tools. In the past the automated “trash the network when I get fired” attack was the purview of the dyspeptic systems administrator. In the coming years we’re going to see a lot more “digital apple cart tipping” from disgruntled computer literate employees.
The takeaway from this is that if you do choose to implement BYOD at your organization, you need to, more than ever, remember that your internal network infrastructure is as “hostile” a network environment as the unfiltered internet. Chances are, someone is going to install the LOIC client on their BYOD laptop just to see what it does to the executive Exchange server.