Blog Posts Tagged with "Insider Threats"
Security Gets Messy: Emerging Challenges from Biometrics, New Regulations, Insiders
October 11, 2018 Added by:Steve Durbin
Information security professionals are facing increasingly complex threats—some new, others familiar but evolving.
Comments (0)
How Full Admin Rights Could Pose a Threat to Your Business
August 28, 2018 Added by:Andrew Avanessian
Having unrestricted admin rights in place poses a significant risk of privilege escalation attacks and lateral movement.
Comments (0)
STOP, Collaborate and Listen: Where Employee Vulnerabilities Put Data at Risk
September 07, 2016 Added by:Ron Arden
Whether it is the company’s trade secrets, product designs, financial data or the personal information of customers, businesses must protect high value information from landing in the hands of the wrong individual or threat group.
Comments (0)
Insider Threat: Why Negligence Is More Dangerous Than Malevolence
August 26, 2016 Added by:Eric Aarrestad
When addressing the risk of Insider Threats, we must look beyond those who are intentionally doing harm and place equal emphasis on those who are simply doing their job.
Comments (0)
Managing Insider Threats in Today's Digital Age
April 05, 2016 Added by:Steve Durbin
Most research on the insider threat focuses on malicious behavior. However, insider negligence and insider accidents comprise a greater and growing proportion of information security incidents. Chief Information Security Officers (CISOs) who limit their thinking to malicious insiders may be gravely miscalculating the risk.
Comments (0)
Out with the Desktop PC, In with the Thin Client: Let’s Start the Conversation
July 30, 2013 Added by:Allan Pratt, MBA
Whether by accident or on purpose, the PC is now becoming an attack vector. Employees can bring USB drives from home – that are infected without their knowledge – and infect their office machines as well as the network. Malicious individuals can do the same.
Comments (3)
2013 - Year of the D(efense)
December 26, 2012 Added by:Matthew McWhirt
Many of the security incidents encompassing 2012 could have been mitigated, and some even fully prevented, if fundamental information security best practices had been reviewed and assessed, and controls encompassing incident response phases had been fully vetted...
Comments (0)
CFAA Does Not Bar Misappropriation when Employee Authorized
September 27, 2012 Added by:David Navetta
The CFAA only permits claims for accessing a protected computer “without authorization” and “exceeds authorized access” “only when an individual accesses a computer without permission or obtains or alters information on a computer beyond that which he is authorized to access...”
Comments (0)
Clipboards, Confidence, and Information Security
September 17, 2012 Added by:Tripwire Inc
How do you teach paranoia and suspicion? We often hire people because of their willingness to help others, their good communication skills, their ability to be responsive, etc. As we work through securing our humans, we need to strike a balance – trust but verify, assist but not unquestioningly...
Comments (1)
Data is the New Perimeter for Cloud Security
September 12, 2012 Added by:Mike Gault
The security market in 2012 is estimated at $60 billion, yet adding more layers of perimeter security may be completely useless against a determined sysadmin working on the inside. The end result is that your data might or might not be secure – you simply have no way to prove it...
Comments (0)
Lessons for CEOs from the Saudi Aramco Breach
August 27, 2012 Added by:Jeffrey Carr
Most security operations centers are monitoring for an APT-style attack and their defensive tactics are geared towards interrupting it by use of an "intrusion kill chain". The attack on Saudi Aramco didn't fit this model, and hence would have been completely missed by most of the world's largest companies...
Comments (1)
Employee Fired for Spying on Management with RAT
August 08, 2012 Added by:Jeremy Sobeck
An executive discovered that an unauthorized remote access tool (RAT) on his computer. This type of attack requires very little sophistication. The company assumed the worst: confidential files had been stolen, malware had been installed, and the fired employee still had remote access to their systems...
Comments (0)
Why Does Data Leak?
August 06, 2012 Added by:Danny Lieberman
Data is leaked or stolen because it has value. The financial impact of a breach is directly proportional to the value of the asset. The key attack vector for an event is people - often business partners working with inside employees. People handle electronic data and make mistakes or do not follow policies...
Comments (0)
Army Translator Re-Sentenced for Possession of Classified Docs
August 06, 2012 Added by:Headlines
The defendant took classified documents from the U.S. Army without authorization. While assigned to an intelligence group in the 82nd Airborne Division of the U.S. Army at Al Taqqadam Air Base, he downloaded a classified electronic document and took hard copies of several other classified documents...
Comments (0)
Critical Vulnerability in SAP Message Server: A Worldwide Scan
July 04, 2012 Added by:Alexander Polyakov
Two buffer overflow vulnerabilities in SAP Message Server can be exploited remotely so that exploit code can be executed. Out of 1000 companies that use SAP worldwide, randomly selected in the course of the research, 4% expose SAP Message Server to the Internet. This can lead to critical consequences...
Comments (0)
Insider Threats Confound Enterprise Security Efforts
June 20, 2012 Added by:Headlines
"The majority of staff within any organization are trustworthy and honest. But businesses must understand the scale of the threat posed by the small proportion of staff who act dishonestly and defraud their employer and the numerous ways in which an organization can be targeted"...
Comments (1)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider