Page 104 - Data Science class 11
P. 104

newsfeed, to see if that impacted what the users post back. The newsfeed was curated with the purposeful intention
        to see if that ultimately impacted the way a user interacted with the rest of the network. Was the consent taken from
        the users before conducting this experiment? The answer to this is “No”.
        There must be a universal framework for what companies can and cannot do with the data they collect from people,
        as it is necessary to follow Data Ethics.
        One of the reasons why ethical norms are necessary in research: Norms promote knowledge, truth, and avoidance of
        error. For example, they prohibit fabricating, falsifying, or misrepresenting research data to promote the truth, and
        reduce error or flaws.

        1.5 insiDEr anD oUtsiDEr thrEats

        Employees, former employees, contractors, business partners, or vendors—anyone with legitimate access to an
        organisation’s networks and systems, who deliberately exfiltrate data for personal gain or accidentally leak sensitive
        information, could be a threat. Let us now learn, what the two kinds of threats are:

        1.5.1 What is an insider threat?
        The National Institute of Standards and Technology (NIST of USA), Special Publication 800-53, defines an insider
        as “an entity with authorised access that has the potential to harm an information system or enterprise through
        destruction, disclosure, modification of data, and/or denial of service.” NIST promotes U.S. innovation and industrial
        competitiveness by promoting measurement science, standards, and technology in ways that enhance economic
        security and upgrade our quality of life.
        Employees know all the ins and outs of a company’s infrastructure and cybersecurity tools. Hundreds of malicious
        and inadvertent insider attacks have already occurred, that had unwarrantedly harmed companies. Apart from such
        attacks often leading to financial and reputational losses, such losses may even ruin a company’s business.
        Insider attacks are particularly threatening for three reasons:
           • Insiders act maliciously most of the times. That’s why it’s harder to detect their harmful activities than it is to detect
          external attacks.
           • Insiders know flaws in an organisation’s cybersecurity.
           • Insiders know the location and nature of sensitive data they can misuse.
        Insiders cause enormous threat to a company’s data, even though they are not always deliberately a threat.

        Sources of Insider Threat
        Three major sources of insider threats are:
           • Negligent or inadvertent user
           • Criminal or malicious insider

           • User credential theft
         Here ‘user’ is anyone who has authorised access to an organisation’s sensitive data: employees, system administrators,
        third-party contractors, etc. They can misuse that access to carry out an insider attack.

        Distinct Types of Insiders
           • The Malicious Insider: Malicious Insiders are the ones who intentionally steal data. It could be an employee or
          contractor who may exfiltrate valuable information (like Intellectual Property (IP), Personally Identifiable Information
          (PII), or financial information), to gain financial incentive or a competitive edge. A malicious insider may also be the
          one who holds a grudge for being let go or furloughed.
           • The Negligent Insider: Negligent insiders are ordinary employees who have made a mistake. It could be an employee
          who might have sent an email containing sensitive data to the wrong person, emailed company data to personal
          accounts to complete some work during the weekend, fallen prey to a phishing or spear phishing attack, or lost their
          work device.

          102   Touchpad Data Science-XI
   99   100   101   102   103   104   105   106   107   108   109