Blog Posts Tagged with "Insider Threats"
April 05, 2016 Added by:Steve Durbin
Most research on the insider threat focuses on malicious behavior. However, insider negligence and insider accidents comprise a greater and growing proportion of information security incidents. Chief Information Security Officers (CISOs) who limit their thinking to malicious insiders may be gravely miscalculating the risk.
July 30, 2013 Added by:Allan Pratt, MBA
Whether by accident or on purpose, the PC is now becoming an attack vector. Employees can bring USB drives from home – that are infected without their knowledge – and infect their office machines as well as the network. Malicious individuals can do the same.
December 26, 2012 Added by:Matthew McWhirt
Many of the security incidents encompassing 2012 could have been mitigated, and some even fully prevented, if fundamental information security best practices had been reviewed and assessed, and controls encompassing incident response phases had been fully vetted...
September 27, 2012 Added by:David Navetta
The CFAA only permits claims for accessing a protected computer “without authorization” and “exceeds authorized access” “only when an individual accesses a computer without permission or obtains or alters information on a computer beyond that which he is authorized to access...”
September 17, 2012 Added by:Tripwire Inc
How do you teach paranoia and suspicion? We often hire people because of their willingness to help others, their good communication skills, their ability to be responsive, etc. As we work through securing our humans, we need to strike a balance – trust but verify, assist but not unquestioningly...
September 12, 2012 Added by:Mike Gault
The security market in 2012 is estimated at $60 billion, yet adding more layers of perimeter security may be completely useless against a determined sysadmin working on the inside. The end result is that your data might or might not be secure – you simply have no way to prove it...
August 27, 2012 Added by:Jeffrey Carr
Most security operations centers are monitoring for an APT-style attack and their defensive tactics are geared towards interrupting it by use of an "intrusion kill chain". The attack on Saudi Aramco didn't fit this model, and hence would have been completely missed by most of the world's largest companies...
August 08, 2012 Added by:Jeremy Sobeck
An executive discovered that an unauthorized remote access tool (RAT) on his computer. This type of attack requires very little sophistication. The company assumed the worst: confidential files had been stolen, malware had been installed, and the fired employee still had remote access to their systems...
August 06, 2012 Added by:Danny Lieberman
Data is leaked or stolen because it has value. The financial impact of a breach is directly proportional to the value of the asset. The key attack vector for an event is people - often business partners working with inside employees. People handle electronic data and make mistakes or do not follow policies...
August 06, 2012 Added by:Headlines
The defendant took classified documents from the U.S. Army without authorization. While assigned to an intelligence group in the 82nd Airborne Division of the U.S. Army at Al Taqqadam Air Base, he downloaded a classified electronic document and took hard copies of several other classified documents...
July 04, 2012 Added by:Alexander Polyakov
Two buffer overflow vulnerabilities in SAP Message Server can be exploited remotely so that exploit code can be executed. Out of 1000 companies that use SAP worldwide, randomly selected in the course of the research, 4% expose SAP Message Server to the Internet. This can lead to critical consequences...
June 20, 2012 Added by:Headlines
"The majority of staff within any organization are trustworthy and honest. But businesses must understand the scale of the threat posed by the small proportion of staff who act dishonestly and defraud their employer and the numerous ways in which an organization can be targeted"...
June 14, 2012 Added by:Headlines
"Though organizations profess a commitment to RBSM... this security practice is still in its infancy. To establish an effective... program, certain barriers need to be addressed. These include securing adequate resources, having employees with the necessary expertise and designating strong leaders..."
June 12, 2012 Added by:Headlines
Manning is accused of the largest intelligence leak in U.S. history while deployed to Iraq as a military intelligence analyst, including installing unauthorized software onto government computers to extract classified information and transmitting the data to the whistle-blowing group WikiLeaks...
May 30, 2012 Added by:Headlines
“Bo Zhang may have thought that he left no fingerprints when he engaged in his high-tech thievery—stealing proprietary government software worth nearly $10 million using little more than a mouse—but he was mistaken. He was caught in his tracks and now he will be punished for his cyber-thievery"...
May 25, 2012 Added by:Headlines
Laird stole the funds through a number of means: opening credit accounts in her father’s name without authorization; making redemptions from CD accounts of five customers; opening checking accounts in other names and wroting checks to pay her personal bills and expenses...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015