Insider Threat News, Articles and Updates

What is the threat posed by privileged users?

Accounts with legitimate access to not only sensitive information but also complete control over the system are put in the best position to act maliciously.

How poor privileged account management enables serious security breaches

There is a tendency for companies to simply lose track of their privileged accounts; 70 percent of organisations failed to fully discover all of the privileged accounts on their systems.

Is your company a cyber-security 'Tough Mudder?'

There are some difficult obstacles to overcome in the cyber-security tough-mudder challenge, from ransomware and phishing to insider threats and GDPR, but thorough preparation can boost your chances of success.

Darkest Hour? Cyber-war clouds gather as unprecedented threat looms

The internet is more than an infrastructure - it mediates human behaviour so it can have unprecedented impact - threatening our survival. It can be manipulated to constitute an insider threat on an unprecedented scale.

Five reasons for extra enterprise data vigilance in 2018

Securing and monitoring a complex and distributed IT infrastructure is essential for growth and regulatory compliance. But it requires cooperation by employees at all levels as well as continuous improvements to meet emerging threats.

Securing access in the perimeter-less era

As enterprises no longer have distinct boundaries defined by inside and outside the firewall, gaining visibility on the health of devices connecting to their network is more critical than ever.

Insider threats: Suffering from the detective's curse

Recent research shows 41 per cent of UK respondents stating that they have complete trust in employees with privileged access. This isn't a good position to be in.

The curse of the ex-employee - A horror story

Some departing employees have no loyalties to their previous employer, so it is imperative that deprovisioning employees' corporate access on their last day is an absolute priority.

Dangerous data breach at Heathrow: How insiders can threaten public safety

A USB stick was found in the streets of London containing over 70 unencrypted security files from Heathrow International Airport - so what security precautions could and should have prevented this danger to the public?

AVGater hijacks functionality of AV tools to turn them against themselves

Researcher uncovers method of hijacking the functionality of some AV tools in order to compromise endpoints. Trend Micro, Emisoft, Ikarus, Kaspersky, Check Point's ZoneAlarm and Malwarebytes have fixed their offerings.

Update: Trump's Twitter account switched off - could be contractor

The person that deactivated US President Donald Trump's Twitter account briefly Thursday, originally pegged by the company as human error by an employee, reportedly was instead a third-party contractor.

Contractor's only IT technician steals 30GB of Australian defence secrets

30GB of data stolen from a small Australian military defence contractor which included technical information on jet fighters, transport aircraft, 'smart bomb kits.' Culprit, the lone IT technician.

Ensure security employees quit without taking passwords, encryption keys

Departing employees is an issue not often considered as potentially affecting a company's cyber-security. However, an employee can potentially eave while maliciously keeping sensitive data including passwords, key codes, etc.

Organisations must protect themselves and end-users from insider threat

Debbie Garside says simple end-user error is the biggest risk you face when it comes to data. But instead of end users facing the sack for making honest mistakes employers should be putting systems in place that protect them.

Verizon data found on open AWS S3 server

Security researchers have found another publicly accessible Amazon S3 server that in this case hosted about 100MB of Verizon Wireless data that was allegedly operated by a Verizon employee.

Why apps & the rise of shadow IT are posing new threats to organisations

The app-blended lifestyle poses problems for CIOs, CISOs and those responsible for keeping an organisation safe and secure. Mike Hemes, says shadow IT is a real issue and one we can only see increasing over time.

End users plus social media can add up to a corporate data breach

People are the last line of defence in your organisation's security infrastructure, yet half the population are ignorant of ransomware, and many don't understand phishing, but trust that social media security is high says Colin McTrusty.

Insider threat: Employees at the heart of companies' data security

Firms need to evaluate their security procedures around flexible working now, before it leads to a damaging data breach says Jean-Frederic Karcher.

How to protect the mainframe from the enemy within - monitor all use

While illegitimate access to mainframes is dificult to obtain for attackers, the consequences can be severe when they do succeed explains John Crossno.

SC Roundtable: Defending against insider threat with trust and engagement

Rather than battening down your network in response to the insider threat, you could combat the danger through trust and engagement, as we learned at the SC Media UK Roundtable in Edinburgh - sponsored by Zonefox.

Misaligned incentives and executive overconfidence aids criminals

Intel Security, CSIS Survey: Only half of IT staff agree with executives that their cyber-security strategies have been implemented

Lawsuit claims employee who moved to rival firm stole confidential info

In the ongoing antitrust case brought against Ticketmaster by rival SongKick, Ticketmaster is accused of using information stolen from SongKick by ex-employee.

ICYMI: Hotel ransom; Router botnet; Gamer breach; Data loss; insiders

In Case You Missed It: Hotel ransomware report; Routers hijacked for botnet; X-Box, Playstation breach; Data centre vulnerability; insiders paid for secrets.

Dark web criminals recruiting your staff to sell secrets for cash says report

A RedOwl report claims that insider recruitment is "active and growing" with chatter across public and private forums about the subject doubling from 2015 to 2016.

Shodan finds confidential Europol terrorist dossiers

Unprotected classified Europol files were linked to the internet and accessible via a hard drive found through Shodan

Former US national security official criticises background checks

Keith Lowry took time on a trip to Australia to warn that background checks do not make the cut when trying to stop insider threats.

Labour leadership contender Owen Smith fails simplest of security tests

Aside from the Labour party's internal struggles and bitter upcoming leadership election, it seems the two candidates are both pretty bad at security

The inside man: Decoding the threat from within

While the biggest threat these days might be your employees, does that danger really mean distrusting your own team, asks Max Metzger, and what actions should you take?

ICYMI: SC Awards; Lenova flaw; TeamViewer flaw?; ransomware rise

The latest In Case You Missed It (ICYMI) looks at SC Awards winners; Flawed app in Lenova; TeamViewer potential flaw; ex-staff with access; ransomware rise continues.