Tag: Insider Threat

White Hat to Black Hat: What Motivates the Switch to Cybercrime

A new report aims to shed light on what motivates security professionals to choose black hats over white ones as part of a broader study on the overall cost of cybercrime.

To learn more about the organizational cost of cyberattacks and what lures hackers to the “dark side,” Malwarebytes and Osterman Research teamed up and polled 200 security pros. They found security-related costs are enormous and growing, partly due to a spike in breaches and partly due to a proportion of industry experts donning “gray hats” and dabbling in cybercrime for money.

Read more about the findings of the recent survey on DarkReading.

Cyber hygiene training is infrequent and inconsistent

Finn Partners Research released findings from its Cybersecurity at Work study that examined the level of cyber risk that employees pose to their organizations.

The in-depth study, which surveyed 500 full-time office employees across the US, found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize. This security slip-up is significant due to the installation of malware on their devices and the harvesting of sensitive corporate data.

Read more about the findings of the study by Finn Partners Research on Help Net Security.

How pervasive is the insider threat in your company?

The pervasiveness of the insider threat is something every company worries about. And according to the conclusions reached by Dtex Systems based on threat assessments from several global organizations, 100 percent of companies have blind spots that enable the continued presence of the insider threat. No argument there.

Every company that provides their employees with decision-making authorities gives their employees the power to make decisions that undermine the company. What stops wholesale anarchy are unified goals, awareness training, and, above all, trust. No company can bring the insider threat down to zero percent. But there are many that bring it close to zero.

Read more about the Dtex 2018 Threat Report, which serves to bring to the forefront those areas where companies can invest their resources to bring down the threat posed by their trusted insiders, on CSO.

72% of CEOs Steal Corporate IP from Former Employers

Higher security budgets and advanced new tech won’t protect your data from a CEO who decides to bring it outside the enterprise – and it turns out many have a habit of doing just that.

There remains a great disparity between how business leaders claim to approach cybersecurity and how they act, researchers found in Code42’s 2018 Data Exposure Report, which surveyed 1,034 security and IT leaders (CSOs, CTOs, CISOs, CIOs) and 600 CEOs and business leaders.

Read more about the startling findings of the Code42 report detailing the cybersecurity behavior of security and IT leaders on DarkReading.

More than 40% of reported security breaches are caused by employee negligence

According to 2018 research conducted by Shred-it, more than 40% of senior executives and small business owners report that employee negligence or accidental loss was the root cause of their most recent data security breach.

The same State of the Industry Report reveals that 96% of consumers view employee negligence as at least a minor contributor to data breaches at US companies. Executives, owners, employees, and even consumers all agree that negligent behavior is a security vulnerability, yet the problem persists.

Read more about the new research showing that employees are often the root cause of business security breaches on TechRepublic.

6 Ways to Tell an Insider Has Gone Rogue

Insiders with legitimate access to enterprise systems and data are responsible for far more data breaches than many might realize. Granted, very often the breaches are accidental or caused by an individual’s negligence or failure to follow policy – but when a malicious insider is responsible, the results can be disastrous.

The key to dealing with insider threats is to keep an eye on all those accessing your most sensitive data in a way that does not intrude on privacy. “There are many critical behavior red flags that you can look for in order to accurately and quickly pinpoint insider threats,” says Christy Wyatt, CEO of Dtex Systems.

Read about six signs that an insider has gone rogue or is headed that way, on DarkReading.

 

Apple employee accused of stealing self-driving car secrets

A former Apple employee has been accused of stealing the company’s trade secrets in relation to self-driving cars. According to court documents, Xiaolang Zhang was hired by Apple in 2015 to work as a hardware engineer as part of the iPad and iPhone maker’s autonomous vehicle development team.

Apple has remained tight-lipped about its own research efforts, but due to his role, the engineer had broad access to “secure and confidential internal databases containing trade secrets and intellectual property for the project,” according to the court filing.

Read more about how a former Apple employee allegedly stole trade secrets that may have ended up in the hands of a Chinese rival company, on ZDNet.

Former NSO employee steals, flogs Pegasus mobile hacking tool for $50 million

A former employee of Israeli cybersecurity contractor and software developer NSO Group stole Pegasus spyware used for mobile surveillance and attempted to sell it for $50 million.

As reported by local publication Globes (in Hebrew), the senior programmer — hired in November 2017 — stole the software, worth hundreds of millions of dollars, and attempted to sell the code on after being dismissed from his position for an unrelated reason.

Read more about the theft and attempted sale of Pegasus, one of the most sophisticated forms of mobile spyware known to exist publicly, by a disgruntled NSO employee, on ZDNet.

How connected and secure is the modern workplace?

In collaboration with Microsoft, Ingram Micro Cloud UK commissioned market research firm YouGov to survey 1,000 workers employed by small and mid-size businesses with 50 to 250 employees in the UK, to understand what they want from the modern workplace and how well-placed businesses are to satisfying their requirements.

According to the research, IT teams no longer have the control and the command they once had when facing the modern workplace. This is due to 85 per cent of Millennials who admit to procuring their own workplace technologies such as instant messaging, Skype, file hosting and sharing tools that aren’t supported or provided by their employer, raising major security issues.

Read more about the findings of the new survey on Help Net Security.

7 Questions for Evaluating your Security Posture against Insider Threats

Insider threats top the list of the most dangerous cyber risks for organizations worldwide. It doesn’t take much effort for insiders to steal your sensitive data, while such activities are hard to discover and impossible to prevent. Unfortunately, lack of visibility into user behavior is one of the key reasons why companies suffer from data breaches that involve either human negligence or malicious intent.

To combat insider threats, you need to adopt a holistic approach to data protection. This may be time-consuming and require you to allocate more resources to cyber securityThere are various threat detection techniques, but each company is unique and needs a thoughtful approach.

Read which seven questions you should ask yourself in order to evaluate your current security posture, on Tripwire.