Internal Threats: Groups and Examples

Human Threats

  • Misuse of assets or information
  • Mistakes by employees
  • Espionage (= spying)
  • Employee Social Engineering
  • Employees' lack of knowledge
  • Weak password breaking
  • Theft
  • Unfollowed policies / rules

Human Threats – Con't

  • Fraud due to role abuse
  • Malware from infected devices
  • Disallowed software downloads

Internal Application Threats

  • Invalidated inputs
  • Misconfigured apps
  • Wrong error handling in apps

Internal Application Threats – Con't

  • Variable manipulation & abuse
  • Unauthorized access

Other Threats

  • Data theft from USB disks
  • System corruption: power surge
  • Hardware failure due to errors
  • Infrastructure failure: bad maintenance