Tag: Insider Threat

IT Professionals Think They’re Better Than Their Security

Computer professionals may think their enterprise security is good, but they think their skills are better. In fact, almost half think they could pull off a successful insider attack, according to a new report by Imperva.

Indeed, 43% of the 179 IT professionals surveyed said they could successfully attack their own organizations, while another 22% said they would have at least a 50/50 chance at success. When it came to the attack surface, only 23% said they would use their company-owned laptops to steal information, while nearly 40% said they would rely on their personal equipment.

Read more about the findings of the new Imperva report on DarkReading.

How to improve security without treating your users like criminals

Applying cybersecurity principles within an organization is of critical importance. However, it can be a double-edged sword depending on how you proceed. If your controls are too restrictive and punitive your users will resent jumping through hoops, or may even seek ways to circumvent those controls.

On the other hand, if your policies are too lenient, you run the risk of exposing the business to harm, and putting your company and its confidential data (and perhaps your own career) in jeopardy.

Read some first-hand perspective tips on how you can work cooperatively with your users to build appropriate security procedures without interfering with their work—or worse—making them feel like criminals, on TechRepublic.

Why the human factor is an evergreen problem in cybersecurity

The human factor is a key concern for businesses trying to keep networks secure, according to Kaspersky Lab’s State of Industrial Cybersecurity 2018 survey. With 40% of Internet Connection Sharing (ICS) computers undergoing attacks every six months, companies must try and find ways to end dangerous employee behaviors, said the press release.

Human employees are a huge problem in all of cybersecurity, with most cyberattacks designed to take advantage of human errors rather than flaws in software. Whether it’s clicking on malicious links or accepting fraudulent emails, nearly half (49%) of organizations in all sectors face critical security consequences due to employee errors, according to the release.

Read more about the findings of the new Kaspersky Lab survey on TechRepublic.

White Hat to Black Hat: What Motivates the Switch to Cybercrime

A new report aims to shed light on what motivates security professionals to choose black hats over white ones as part of a broader study on the overall cost of cybercrime.

To learn more about the organizational cost of cyberattacks and what lures hackers to the “dark side,” Malwarebytes and Osterman Research teamed up and polled 200 security pros. They found security-related costs are enormous and growing, partly due to a spike in breaches and partly due to a proportion of industry experts donning “gray hats” and dabbling in cybercrime for money.

Read more about the findings of the recent survey on DarkReading.

Cyber hygiene training is infrequent and inconsistent

Finn Partners Research released findings from its Cybersecurity at Work study that examined the level of cyber risk that employees pose to their organizations.

The in-depth study, which surveyed 500 full-time office employees across the US, found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize. This security slip-up is significant due to the installation of malware on their devices and the harvesting of sensitive corporate data.

Read more about the findings of the study by Finn Partners Research on Help Net Security.

How pervasive is the insider threat in your company?

The pervasiveness of the insider threat is something every company worries about. And according to the conclusions reached by Dtex Systems based on threat assessments from several global organizations, 100 percent of companies have blind spots that enable the continued presence of the insider threat. No argument there.

Every company that provides their employees with decision-making authorities gives their employees the power to make decisions that undermine the company. What stops wholesale anarchy are unified goals, awareness training, and, above all, trust. No company can bring the insider threat down to zero percent. But there are many that bring it close to zero.

Read more about the Dtex 2018 Threat Report, which serves to bring to the forefront those areas where companies can invest their resources to bring down the threat posed by their trusted insiders, on CSO.

72% of CEOs Steal Corporate IP from Former Employers

Higher security budgets and advanced new tech won’t protect your data from a CEO who decides to bring it outside the enterprise – and it turns out many have a habit of doing just that.

There remains a great disparity between how business leaders claim to approach cybersecurity and how they act, researchers found in Code42’s 2018 Data Exposure Report, which surveyed 1,034 security and IT leaders (CSOs, CTOs, CISOs, CIOs) and 600 CEOs and business leaders.

Read more about the startling findings of the Code42 report detailing the cybersecurity behavior of security and IT leaders on DarkReading.

More than 40% of reported security breaches are caused by employee negligence

According to 2018 research conducted by Shred-it, more than 40% of senior executives and small business owners report that employee negligence or accidental loss was the root cause of their most recent data security breach.

The same State of the Industry Report reveals that 96% of consumers view employee negligence as at least a minor contributor to data breaches at US companies. Executives, owners, employees, and even consumers all agree that negligent behavior is a security vulnerability, yet the problem persists.

Read more about the new research showing that employees are often the root cause of business security breaches on TechRepublic.

6 Ways to Tell an Insider Has Gone Rogue

Insiders with legitimate access to enterprise systems and data are responsible for far more data breaches than many might realize. Granted, very often the breaches are accidental or caused by an individual’s negligence or failure to follow policy – but when a malicious insider is responsible, the results can be disastrous.

The key to dealing with insider threats is to keep an eye on all those accessing your most sensitive data in a way that does not intrude on privacy. “There are many critical behavior red flags that you can look for in order to accurately and quickly pinpoint insider threats,” says Christy Wyatt, CEO of Dtex Systems.

Read about six signs that an insider has gone rogue or is headed that way, on DarkReading.

 

Apple employee accused of stealing self-driving car secrets

A former Apple employee has been accused of stealing the company’s trade secrets in relation to self-driving cars. According to court documents, Xiaolang Zhang was hired by Apple in 2015 to work as a hardware engineer as part of the iPad and iPhone maker’s autonomous vehicle development team.

Apple has remained tight-lipped about its own research efforts, but due to his role, the engineer had broad access to “secure and confidential internal databases containing trade secrets and intellectual property for the project,” according to the court filing.

Read more about how a former Apple employee allegedly stole trade secrets that may have ended up in the hands of a Chinese rival company, on ZDNet.