Tag: Insider Threat

How insider fraud can be detected and avoided in the enterprise

The CERT/CC defines insider fraud as “an insider’s use of IT for the unauthorized modification, addition or deletion of an organization’s data (not programs or systems) for personal gain or the theft of information that leads to an identity crime.” The U.S. Secret Service defines identity crime as “the misuse of personal or financial identifiers in order to gain something of value and/or facilitate some other criminal activity.”

Information targeted for fraud covers a wide range of personal data, including personal identification data, personal financial data, and personal medical data. Understanding the insider threat requires understanding what motivates people to behave, whether that behavior is positive or negative.

Read more about IT sabotage and insider threats, and learn about the preventative measures organizations can take, on TechTarget.

One in five employees share their email password with co-workers

Small to medium-sized businesses are hit with nearly 4,000 cyber attacks per day — and that number is only expected to grow, according to a new report. Small businesses are even more likely to be targeted by malicious hackers, but the actions of small business employees and leaders reveal little is actually being done to address the negligence towards security.

Chicago, IL-based IT consultancy for SMBs, Switchfast surveyed over 600 small business leaders and small business employees about their cyber security habits. Cyber attacks have huge consequences for business. The survey found that three out of five (60 percent) of small businesses that suffered a breach are likely to go out of business within six months.

Read more about the findings of the new Switchfast survey on TechRepublic.

Machine Identities Need Protection, Too

Machine identities should have as much protection as human credentials, though most organizations lag far behind in shielding computers and devices from prying eyes, according to a recent study. The study, conducted by Forrester Consulting on behalf of Venafi, reports that, while 96% of IT executives said that machine identities should be protected, 80% said they have trouble delivering that protection.

And the issues aren’t just with protecting data on the systems from hackers on the Dark Web; 61% of those responding said their biggest concern from poor machine identity protection comes from internal data theft.

Read more about the findings of the new study on DarkReading.

IT Professionals Think They’re Better Than Their Security

Computer professionals may think their enterprise security is good, but they think their skills are better. In fact, almost half think they could pull off a successful insider attack, according to a new report by Imperva.

Indeed, 43% of the 179 IT professionals surveyed said they could successfully attack their own organizations, while another 22% said they would have at least a 50/50 chance at success. When it came to the attack surface, only 23% said they would use their company-owned laptops to steal information, while nearly 40% said they would rely on their personal equipment.

Read more about the findings of the new Imperva report on DarkReading.

How to improve security without treating your users like criminals

Applying cybersecurity principles within an organization is of critical importance. However, it can be a double-edged sword depending on how you proceed. If your controls are too restrictive and punitive your users will resent jumping through hoops, or may even seek ways to circumvent those controls.

On the other hand, if your policies are too lenient, you run the risk of exposing the business to harm, and putting your company and its confidential data (and perhaps your own career) in jeopardy.

Read some first-hand perspective tips on how you can work cooperatively with your users to build appropriate security procedures without interfering with their work—or worse—making them feel like criminals, on TechRepublic.

Why the human factor is an evergreen problem in cybersecurity

The human factor is a key concern for businesses trying to keep networks secure, according to Kaspersky Lab’s State of Industrial Cybersecurity 2018 survey. With 40% of Internet Connection Sharing (ICS) computers undergoing attacks every six months, companies must try and find ways to end dangerous employee behaviors, said the press release.

Human employees are a huge problem in all of cybersecurity, with most cyberattacks designed to take advantage of human errors rather than flaws in software. Whether it’s clicking on malicious links or accepting fraudulent emails, nearly half (49%) of organizations in all sectors face critical security consequences due to employee errors, according to the release.

Read more about the findings of the new Kaspersky Lab survey on TechRepublic.

White Hat to Black Hat: What Motivates the Switch to Cybercrime

A new report aims to shed light on what motivates security professionals to choose black hats over white ones as part of a broader study on the overall cost of cybercrime.

To learn more about the organizational cost of cyberattacks and what lures hackers to the “dark side,” Malwarebytes and Osterman Research teamed up and polled 200 security pros. They found security-related costs are enormous and growing, partly due to a spike in breaches and partly due to a proportion of industry experts donning “gray hats” and dabbling in cybercrime for money.

Read more about the findings of the recent survey on DarkReading.

Cyber hygiene training is infrequent and inconsistent

Finn Partners Research released findings from its Cybersecurity at Work study that examined the level of cyber risk that employees pose to their organizations.

The in-depth study, which surveyed 500 full-time office employees across the US, found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize. This security slip-up is significant due to the installation of malware on their devices and the harvesting of sensitive corporate data.

Read more about the findings of the study by Finn Partners Research on Help Net Security.

How pervasive is the insider threat in your company?

The pervasiveness of the insider threat is something every company worries about. And according to the conclusions reached by Dtex Systems based on threat assessments from several global organizations, 100 percent of companies have blind spots that enable the continued presence of the insider threat. No argument there.

Every company that provides their employees with decision-making authorities gives their employees the power to make decisions that undermine the company. What stops wholesale anarchy are unified goals, awareness training, and, above all, trust. No company can bring the insider threat down to zero percent. But there are many that bring it close to zero.

Read more about the Dtex 2018 Threat Report, which serves to bring to the forefront those areas where companies can invest their resources to bring down the threat posed by their trusted insiders, on CSO.

72% of CEOs Steal Corporate IP from Former Employers

Higher security budgets and advanced new tech won’t protect your data from a CEO who decides to bring it outside the enterprise – and it turns out many have a habit of doing just that.

There remains a great disparity between how business leaders claim to approach cybersecurity and how they act, researchers found in Code42’s 2018 Data Exposure Report, which surveyed 1,034 security and IT leaders (CSOs, CTOs, CISOs, CIOs) and 600 CEOs and business leaders.

Read more about the startling findings of the Code42 report detailing the cybersecurity behavior of security and IT leaders on DarkReading.