Insider Threat Archives - IT Security Guru

How to prevent against the 5 main types of insider threats

The Gurus — Fri, 19 May 2023 14:23:04 +0000

Over one in ten data breaches originate from a malicious insider, and they cost companies $4.18 million dollars per incident. And that’s only the malicious ones.

According to the 2023 Insider Threat Report by Cybersecurity Insiders, nearly three-fourths (74%) of organizations are at least moderately vulnerable to insider threats. It’s worth a company’s time to recognize the five main types of these kinds of attacks and know how to prevent them.

Recognizing Risk

Privileged Insiders | Privileged insiders are a problem because whatever chance they had of causing risk in the first place – whether unintentional or nefarious – is now increased by their level of privilege. It is far more bang for the buck to compromise a root users’ credentials, for example, than that of an average user. More damage can be done, with less oversight, and for longer. In fact, 55% of organizations identify privileged users as their greatest insider risk threat. How do you combat this? Establish access policies and a good Privileged Access Management (PAM) solution, for starters.

Malicious employees | These are some of the hardest threats to prevent and so take the most sophisticated security methods. Think about it: an insider not only has all the technical know-how of a hacker, but the internal knowledge of the company’s databases and the savvy to know how to lay low. This kind of behavior is skillfully stealthy and crafted to not draw the attention of even a fellow employee.

Third Parties | As supply chains expand, more and more companies have to deal with the risk of third-party vendors allowing inroads into their organization. Each partner is its own ecosystem with its own architecture, vulnerabilities, and risks. As CISA explained, “third-party threats are typically contractors or vendors who are not formal members of an organization, but who have been granted some level of access to facilities, systems, networks, or people to complete their work.” That access could be exploited by them as easily as someone within your own team, and once assets have been connected, a breach of their systems is a breach of yours.

Vet partners and suppliers for security practices and do your due diligence with supply chain integrity by asking for SBOMs and requiring code signing certificates. Check those your company works with to make sure they hold the same levels of security as your company does and make this a necessary best practice.

Moles | This type of insider threat works for an outside agent to provide sensitive internal information that will supply a breach. Typically financially motivated, this mole could have had widespread experience or be a first timer. Difficult economic circumstances can lead an otherwise unmotivated and benign employee to consider things they never would have before.

With their elevated knowledge of systems, defenses, and architectures, they secretly feed intel to an outside party – either a cyber gang, nation state threat actor, or other – and facilitate privilege escalations that will lead to the ultimate demise of data and reputation.

Unwitting employees | This is one of the most common forms of insider risk. Most of the time, employees just want to do their jobs and do so in the best and most sensible way possible. If not clearly defined, that initiative can lead to tool sprawl, shortcuts, and unsafe practices. A host of government research has been done on unintentional insider threats, and the causes are myriad:

Fatigue or sleepiness
Subjective mental workload
Mind wandering

Situational awareness
Just plain human error

And can be influenced by a number of psychological factors, such as:

Personality trait
Mood

Age effects
Drugs and hormones
Cultural factors

Essentially, the reasons that lead us to error as humans. While “to error” is human, however, “to remediate” is divine. Security awareness programs are often an undervalued part of maintaining low phishing click rates and tamping down on other risky online behaviors.

Remediation through Technology

AI-driven solutions that can autonomously detect and respond to insider incidents are needed today. Cutting edge options today include data loss prevention tools that can “detect, investigate, and respond” to unauthorized access via email, cloud sharing, or removable storage. Best-in-class tools will also contextualize the data that users are accessing, so even if the behavior itself is funny, you can know if the anomalous patterns are nefarious or just the new intern posting cat videos.

As you look for the best overall solution to fit your particular risk profile, keep in mind that the attack surface is large and every user, partner, and vendor threatens it every time they log in – whether on accident or not. Provide the right training to combat careless errors made in ignorance. Lean on AI-based technology to spot malicious patterns in behavior. Trust a technology solution that provides alerts in context and keeps false positives to a minimum, and keep all this on an ongoing basis: tactics evolve, technologies change, and human error is always with us.

By Katrina Thompson

An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire and many other sites.

The post How to prevent against the 5 main types of insider threats appeared first on IT Security Guru.

Should Your Organization Be Worried About Insider Threats?

The Gurus — Fri, 17 Mar 2023 11:12:48 +0000

When you think of cybersecurity threats, what comes to mind? If you pictured faceless criminals (or a team of them) in a dimly-lit headquarters working tirelessly to steal your most precious digital assets, you’re not alone. Yet, cybercrime doesn’t always look like a scene from a Hollywood movie.

Sometimes, cyber threats are closer to home, making them all the more surprising (and frustrating) for many organizations. They’re called insider threats, and you need to pay special attention to ensure you – and your data – don’t fall victim.

The threat landscape

Organizations are wise to prioritize cybersecurity strategy and adequate budgeting to protect their networks and valuable private data. Cybercrime is predicted to reach an alarming $10.5 trillion by 2025, making it a lucrative business venture for opportunistic criminals worldwide.

DDoS, SQL injections, supply chain attacks, DNS tunneling – all pervasive attacks that can arrive on your doorstep anytime. But your strategy is incomplete if you only secure the perimeter and do not address internal risks.

Insider threats are on the rise, and they’re particularly risky as they’re less often reported. Estimates state that over 70% of insider attacks never reach the headlines. As such, organizations cannot learn from their peers’ mistakes or oversights.

What is an insider threat?

Indisputably one of the most underestimated risks to organizations, insider threats are defined by CISA as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.”

Insider threats are, at their most basic, those that come from within your organization. End users with privileged access present unique risks to your network and data. Insider threats are particularly challenging to protect against as users may have access controls and particular familiarity with internal processes and procedures that enable them to navigate without raising suspicions. As such, insider attacks often go undetected until long after the breach.

Types of insider threats to look out for

Insider threats amount to attacks via employee user accounts. But that doesn’t always mean that a disgruntled employee or opportunistic bad seed is infiltrating the system and reaping the rewards. Sometimes, even the employee may not realize they’ve been a pawn in someone’s scheme until it’s too late.

Remember that insiders include third-party vendors, consultants, business partners, and others outside the organization with access to systems and networks.

Here are the two types of insider threats to be aware of:

Acts of negligence

Insider threats as a result of negligence are incidental. Naive or careless employees pose a significant threat to security, as it only takes one wrong decision to deliver information into the wrong hands.

Particular attacks include:

Phishing and spear phishing attacks, in which criminals purport to be a trusted source and solicit information from their target. Spear phishing attacks are particularly hazardous as attackers take time, do their research, and approach employees with a particularly well-informed demand under the guise of an official request.

CEO fraud is similar to spear phishing but takes things one step further by first gaining control of an email account of a c-suite employee. These requests are typically directed toward accounting departments to make sizeable financial transfers or payments.

Negligent behavior may not begin as an attack from an outsider. Instead, this can include taking physical devices to insecure places where they could fall into the wrong hands. In 2022, burglars stole a hard drive from a US Military analyst, exposing the personal details of more than 26 million veterans.

Acts of malicious intent

Unfortunately, sometimes the attacks originate on the inside. Disgruntled employees or contractors have been known to take advantage of their privileged access to reap personal rewards.

Malicious insiders may steal financial information, intellectual property (IP), or personally identifiable information (PII) they intend to trade for their financial benefit or use for competitive advantage. For example, after leaving the company in 2020, a former Google employee was jailed for taking trade secrets to Uber, his new employer. In 2019, an engineer breached Capital One’s systems and stole 100 million customer records and hundreds of thousands of social security numbers and bank details.

Keys to prevention

As leading data protection vendor Cyberhaven states, “Organizations must be able to address the risks from malicious insiders who intentionally steal sensitive data for personal reasons as well as users who can accidentally expose information due to negligence or simple mistakes.”

The key to mitigating risk is a proactive approach and a risk-aware culture. Consider these elements when designing your security strategy:

Implement threat detection tools to detect non-standard behavior or access and risk assessments to identify areas of concern.
Threat detection can also come via peer reports and employee diligence. Your organization should have a straightforward procedure for whistleblowing if employees are concerned about their peers’ behavior.
User account administration is the best chance you stand against insider threats. Less privilege ensures employees have only the access required to perform their functions. Separation of duties guarantees no single user has access to all aspects of a system or process.
Designing a risk-aware culture, including user training and education, is a first line of defense for preventing threats. Ensure cybersecurity is part of your organization’s day-to-day lexicon so that users know what to look out for and where to report risks when they arise.

Should an insider threat arise, ensure you do more than address the end user themselves. Insider threats point to where you can strengthen your systems or policies, regardless of whether the attack succeeds. Truly secure organizations regularly update their security approach to stay ahead of risks.

—

About the Author: Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie Shank is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves. Stefanie is also a writer for Bora.

The post Should Your Organization Be Worried About Insider Threats? appeared first on IT Security Guru.

New SANS & Infoblox survey finds insider threats and ransomware are most feared, followed by DDoS attacks

The Gurus — Thu, 07 Sep 2017 09:32:47 +0000

Infoblox Inc., the network control company that provides Actionable Network Intelligence, today released results of a new study that identifies the top threats, risks and fears related to securing data assets and keeping networks secure. The survey, conducted by SANS and co-sponsored by Infoblox, found that ransomware, insider threats and denial of service are considered the top three threats organizations face when it comes to securing sensitive data.
According to the study, 78 percent of respondents report encountering two or more threats to their data in the past 12 months, while 12 percent actually encountered a breach, with 43 percent of those encountering exfiltration of sensitive data through encrypted channels. User credentials and privileged account information, known as access data, represented the most common data types involved in these breaches, spotlighting the fact that privileged data is prized by attackers — proving more desirable to them than sensitive data being targeted for financial gain or destruction.
“This shows how highly attackers prize access data,” said Sean Tierney, Director of Threat Intelligence at Infoblox. “It’s proving more desirable to them than sensitive data being targeted for financial gain or destruction because it opens the door to significantly more exploitation opportunities.”
The study also found that 59 percent of respondents are using manual processes to identify sensitive assets —ultimately leaving their networks prone to massively automated attacks.
Tierney added: “Those still relying solely on manual processes are doing themselves a disservice by opening up their networks and customer data to highly automated, targeted attacks. In order to counter the chances of compromise, they must know how data should flow and design an in-depth defense strategy to secure assets like user IDs, credentials, roles and directories. Automating network processes helps uncover sensitive data in previously unknown areas of the network. It frees up time for IT admins to perform more important, high-level tasks.”
Other key findings from the “2017 SANS Data Protection Survey” report include:

Threats to Data: Overall, 78 percent of respondents have seen two or more different types of threats over the last 12 months, with 68 percent having seen the same threat types multiple times.
Data Exfiltration: 48 percent of those who sustained a breach report that the incident resulted in the exfiltration of sensitive data, with the primary transport of the data being an encrypted channel established by malware with a secondary factor being email.
Challenges in Securing Data: When asked what their organization’s greatest challenge is when it comes to sensitive data protection, 31 percent of respondents report lack of staffing and resources to be their biggest obstacle.
The Cost of Compromise: 41 percent of respondents report the most frequent underlying cause for breaches of sensitive data to be hacking or malware-related attacks, with 37 percent indicating insider compromise.
Watch Your DNS: While 42 percent of respondents report conducting scans of their DNS infrastructures, only 19 percent conduct regular scans on at least a weekly basis, with a mere 9 percent scanning continuously. 58 percent of respondents do not utilize DNS-based prevention/detection techniques at all or are unaware whether they do.

View the Webinar
To learn more about the results of this survey and best practices when it comes to securing your sensitive data, join the SANS on demand webinar.

Download Report
Download the “Sensitive Data at Risk Everywhere: The SANS 2017 Data Protection Survey,” which includes recommendations for securing sensitive data.

Methodology
Participants for the study included more than 250 IT and security administrators, engineers, IT managers, developers, and privacy experts.

About Infoblox
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. As the industry leader in DNS, DHCP, and IP address management, the category known as DDI, Infoblox (www.infoblox.com) provides control and security from the core—empowering thousands of organizations to increase efficiency and visibility, reduce risk, and improve customer experience.

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet’s early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community.

The post New SANS & Infoblox survey finds insider threats and ransomware are most feared, followed by DDoS attacks appeared first on IT Security Guru.

Q&A with David Venable, Masergy

The Gurus — Mon, 06 Jun 2016 09:33:14 +0000

The Guru was lucky enough to get this Q&A with ex-NSA analyst and current VP of cybersecurity at Masergy David Venable – here’s what we found out.
Can you tell me a little about insider threats – how much of a problem are they?
While the entire threat landscape is changing dramatically with the increased sophistication of adversaries, nation state and state-sponsored actors, and rapidly evolving attack surfaces, one of the few things that hasn’t changed is that the insider threat is one of the most, if not the most, insidious threat in almost any environment. That’s not FUD (Fear, Uncertainty and Doubt) either, just look at the negative impact that Edward Snowden’s leak of thousands of files from the US National Security Agency [NSA] has had on the the US intelligence apparatus.
According to A Preliminary Model of Insider Theft of Intellectual Property, a paper published by Carnegie Mellon University, 75% of cases of insider IP thefts were performed by employees. Some 65% had already accepted a new job somewhere else while 35% stole to gain an immediate advantage at a new job. And 25% of cases resulted in the stolen information being given to a foreign government or company.
How widespread or common are these types of threats?
Today external attacks are almost constant and less damaging [with the exception of high-profile attacks and near-total breaches, such as those against Sony and Ashley Madison. By contrast, insider attacks are more rare, but typically far more damaging such as the damage caused by Edward Snowden’s leak of NSA documents to the government’s security infrastructure.
Are business paying enough attention to the threat posed by their employees?
From what I’m seeing in the field, the vast majority of organisations are overlooking the insider threat. Very few organisations are actively posturing against, or frankly even considering, insider threats.
How can technology help to detect and prevent insider attacks?
Behavioral analysis on internal network traffic is one of the best defenses against a ‘Edward Snowden-style’ insider attack. Users typically behave in certain ways. When that behaviour changes, it usually means something. For example, according to Wired, Snowden, who famously leaked thousands of NSA documents, spent a great deal of time scouring the private classified NSA network for documents and downloading them to his workstation, memory sticks and CDs — a dramatic shift from typical behaviour of someone in his role. This would have easily been detected with behavioral analysis.
Data Loss Prevention (DLP), which typically scans outbound data for known sensitive information, can also help, although it’s not a replacement for good physical security. DLP wouldn’t have prevented either Snowden or Chelsea Manning from walking out with secrets burned onto CDs labeled “Lady Gaga.”
Another good prevention technique is to ensure that sensitive documents are properly protected and only accessible by people who have a business ‘need-to-know.’
Unfortunately, none of these will detect or prevent the most dangerous insider threat: when an employee takes sensitive information they have been entrusted with to do their jobs. Unfortunately, this is less preventable via technology and requires insight into employees’ changing behaviors and attitudes.
How do these types of attacks happen, what are the main weaknesses that are being exploited?
One of the most common mechanisms is not a technical one: it’s asking a friend. In fact, according to a Carnegie Mellon University paper, A Preliminary Model of Insider Theft of Intellectual Property, 19% of intellectual property theft cases involved colluding with another insider. In the case of malicious collusion, not much can be done. However, good security awareness training can be invaluable in preventing social engineering attacks – where an employee tricks another employee into providing sensitive information.
Another common technique is improper sharing permissions on drives, folders, and documents.
Finally, and this seems to be rarer, is the use of technological exploitation techniques against internal systems.
Do insider attacks need to be treated differently to external attacks?
First and foremost, CISOs and CIOs need to stop treating the internal network like it’s a safe or trusted zone. It’s not. BYOD environments realise this, but the more important lesson here is that non-BYOD networks aren’t safe either.
Regular internal vulnerability assessments and penetration testing are key to finding and remediating internal weaknesses. Remediation is the key. I can’t even tell you how many internal assessments we’ve performed to check a compliance box that it was done — but the results were never acted upon. The addition of Behavioral IDS (intrusion detection system) sensors on the internal network will improve the situation dramatically, as will regular evaluation of access rights and sharing permissions.
Will insider attacks get better or worse?
It gets worse every day. As Willie Sutton, the infamous American bank robber said, when asked why he robbed banks, “That’s where the money is.” The insider threat is getting worse because that’s where the valuable information is — but there’s an additional component here: that’s also where the weakest controls often are.
We lock down the external. As an industry, we’ve become better at that over the years. However, as long as there’s valuable information, someone’s willing to get access via the HVAC network like the case with retailer Target, recruit an unscrupulous employee, or in some of the worst cases – get a job at a company to gain access to information in order to steal it.

The post Q&A with David Venable, Masergy appeared first on IT Security Guru.

Social engineering – the most popular hacking method

The Gurus — Mon, 11 Apr 2016 10:56:18 +0000

Csaba Krasznay, Product Manager of Shell Control Box, Balabit (www.balabit.com)
Hackers may have many challenges, but it seems gaining access to a corporate network using social engineering techniques is not one of them.
Social engineering – a technique whereby an individual is tricked into revealing personal or log-in information – is nothing new, but its evolution in recent years is shocking. Recently, the biggest and costliest data breaches (such as OPM or Ashley Madison) were typically caused by targeted Advanced Persistent Threat (APT) attacks which in most cases relied on an initial step that offers a better success rate than brute force: that is, social engineering. It has become an evergreen hacking method – finding a trusting human to divulge sought-after information is easier than finding and exploiting vulnerabilities on a network or corporate system.
The are many reasons for this: there is hardly any financial investment needed, no major coding skills are required, and it is very easy to remotely manage the ‘project’. Hackers can easily rely on a trusting employee to give them the information they need in order to gain access. For an outsider, it is the path of least resistance. In fact, our own recent survey with IT professionals has revealed that outsiders gaining insider access through social engineering techniques such as phishing, is considered the most popular route in for hackers.
From a hacker’s point of view, it is so easy to target a group of employees you can guarantee that even the very best and most secure IT systems will have at least one bona fide user who falls down – and once this happens the most difficult part of the hack is done. Once the door is opened, and outside hackers have become insiders, even the lowest access can be further escalated until they gain privileged access and therefore could cause a significant data breach.
In social engineering, the key to the success is gaining the confidence of the user. Offering a recruitment plan in an email such as the RSA breach in 2011 that cost the company $66 million recovering from the attack, or presenting a fake breaking news opportunity to an eager journalist of Associated Press about explosions at the White House, are just two examples of the creative lengths that hackers can go to, to exploit human nature. They play on human psychology and natural traits inherent in most of us, or try to establish a connection with the user through information which may be freely available on social media or the corporate website.
Know your Enemy: how to identify the misused accounts
Once hackers have gained access past an organisation’s perimeter they could potentially misuse the account of a legitimate user and the damage caused could be devastating. Organisations today need to know their enemy by identifying who is behind their user accounts, and whether it is a legitimate user or a masked hacker. This should be the fundamental priority in every kind of organisation’s IT security strategy. Although traditional access control tools and anti-malware solutions are necessary, these only protect companies’ sensitive assets while hackers are outside of the network.
User Behaviour Analytics tools are able to provide baseline profiling about real employees, that are unique like fingerprints, and can easily detect the abnormal behaviour of user accounts and alert the security team or block user activities until further notice. Such monitoring can highlight any anomalies in users’ behaviour that are worth investigating and not only alert suspicious activities but can also immediately respond to harmful events and block further activities.
Today it is not enough to just defend against outside attackers, organisations also need to identify any unusual behaviour of their own users, as it has become crucial to know who is actually behind an insider account. It is important that staff are constantly reminded of the raging cyber war and to be vigilant in their daily actions – if they receive an email from the CEO for example when he doesn’t normally send emails, that should ring a few alarm bells. Perhaps it’s all just a matter of keep your friends close, but your enemies closer…

The post Social engineering – the most popular hacking method appeared first on IT Security Guru.

Access All Areas?

The Gurus — Tue, 22 Mar 2016 14:28:48 +0000

Access All Areas? — Stuart Facey, VP EMEA at Bomgar discusses how the control and management of network access can combat data breaches
Last week, media regulator Ofcom confirmed that a major data breach[1] had occurred within its organisation. Before leaving the company a former employee had downloaded as much as six years of data provided by TV broadcasters to the regulator. The data was reportedly offered to the ex-staffer’s new employer, with the intention of giving an insight and competitive edge over its rivals.
The new employer contacted Ofcom to advise it of the situation, enabling Ofcom to react quickly. It sent letters to all licenced broadcasters, alongside a public statement, confirming that “the extent of the disclosure was limited and has been contained, and we have taken urgent steps to inform all parties.”
Unfortunately, these types of breaches are becoming increasingly frequent. Ofcom was extremely lucky that the company being offered this sensitive data was ethical enough to highlight the breach and not use the data for its own competitive advantage. It’s always hoped this would be the case, but not all companies are as honest. A key learning from this situation is the real need for companies of all sizes, and across public and private sectors, to prioritise the management and control of user access and accounts within their organisations. Unauthorised access or extraction of data or Intellectual Property (IP) is a real concern for anyone tasked with protecting and defending a company’s core assets. However, it is not always front of mind when security policies or solution implementations are being decided by the IT decision makers.
It has become critical for companies to ensure that only approved users – from internal employees to external vendors – can access certain areas of their company network, aligned with the correct levels of attributed trust determined by their role and responsibilities. This ensures employees and third parties have easy access to information that is appropriate for their consumption, whilst giving others access – often on a task by task basis, or for a designated time period – to more business critical data, systems or IP.
By integrating privileged access management (PAM) solutions effectively across the organisation, companies can securely manage and control access to the right data, by the right people, at the right time. This puts the control back into the hands of the CISO, IT r or network manager without effecting or limiting employees’ productivity or worker experience.
As well as providing much tighter controls, PAM solutions can also allow managers to monitor and act on sessions in real-time, review tamper-proof audit trails including annotated video recordings and detailed logs of screen sharing, file transfer and shell activity. This insight can then be used to adjust privileged access settings, extending users’ access to include new areas of the network as a project evolves or as their remit changes. The data can also be used as supporting information in the event of anyone trying to breach the agreed access settings, whether that be an internal threat, an approved third party or an unknown and unauthorised attempt to access the network.
Protecting a company’s most critical assets from cyber threats has never been more important. The ability for organisations to flexibly control and secure access rights, and in turn protect their critical IP and data, should be right up there as a key consideration.
[1] http://www.theguardian.com/media/2016/mar/10/ofcom-tackles-mass-data-breach-of-tv-company-information

The post Access All Areas? appeared first on IT Security Guru.

Ofcom hit by insider threat breach

The Gurus — Fri, 11 Mar 2016 13:06:38 +0000

UK media regulator, Ofcom, is looking at the biggest data breach in its history, involving the misuse of data that was downloaded by an employee before leaving the company. It appears that the now ex-staff member stole as much as six years worth of data that Ofcom had received from TV broadcasters, before offering this data to his new employer, which, apparently, rejected it, and contacted Ofcom about the breach.
“On 26 February we became aware of an incident involving the misuse of third-party data by a former Ofcom employee,” said a spokesman for Ofcom. “This was a breach of the former employee’s statutory duty under the Communications Act and a breach of the contract with Ofcom.”
The watchdog added: “Ofcom takes the protection of data extremely seriously, and we are very disappointed that a former employee has chosen to act in this manner. The extent of the disclosure was limited and has been contained, and we have taken urgent steps to inform all parties.”
Commenting on this, David Gibson, VP of strategy and market development at Varonis, said “A vast number of data breaches are due to insiders, malicious or otherwise. The root of the problem is that most employees have access to far more information than they need to do their jobs, their data activities are not monitored or analysed for malicious behaviour. This is especially true for unstructured data – the largest, fastest growing kind of data that often contains an organisation’s intellectual property, financial records, and other important content. As a result, low-level workers can access and make off with highly sensitive information, often without anyone knowing. To make matters worse, outsider attackers often hijack employee or contractor credentials and then have the same free access as insiders. Organisations have to start doing a better job of tracking and analysing how users use data, profiling their roles and behaviours, mapping and reducing unwanted access, discovering sensitive data and locking it down or moving it out of harm’s way.”
Mark Bower, global director – product management at HPE Security – Data Security, added “This event illustrates that even with a strong network perimeter in place, it just isn’t enough. Perimeter security is similar to a fence around a house. However, what if someone inside the house is the thief? Today it’s imperative that organisations adopt a data-centric security approach that defends the data itself, typically by encryption or tokenization. This ensures that no matter where the data resides, if a hacker gets it, or in this case, an employee who is granted legitimate access, the data is protected and isn’t useful. This ability to render data useless if lost or stolen is an essential benefit to ensure data remains secure.
The EU is introducing aggressive new data privacy laws under the General Data Protection Regulation (GDPR) that will force any breached organisation to pay substantial fines that are a percentage of revenues, issue notification within 72 hours and implement modern data security strategies like data-centric security as best practice.
This major regulatory shift is a result of breaches like this, and the ineffective nature of traditional controls that are unsuited to today’s data workflows, the extended enterprise, insider threats and advanced malware. Organisations have to be planning to meet GDPR now, and more critically, significantly reducing access to live data to minimise future threat impact.”

The post Ofcom hit by insider threat breach appeared first on IT Security Guru.

Insider Threat Hits TD Bank

The Gurus — Thu, 17 Sep 2015 10:33:33 +0000

Good morning and welcome to IT Security Guru news.
New Hampshire’s attorney general has today been notified of a breach at TD Bank. Reports indicate that an employee took personal data from the bank’s database and shared it with a third party, which has yet to be named.
In the report given to the attorney general, TD bank’s head of US privacy and Social media compliance said that the personal information they obtained may have included names, addresses and account numbers, as well as some data on secondary signers and beneficiaries.
This is the latest report filed by the bank, having made dozens of similar reports over the last few years. This should serve as a reminder for organisations that the insider threat is potentially the hardest attack vector to predict an attack coming from, since any employee or contractor may be the compromising link in the chain, not to mention the myriad of other ways the insider threat can manifest itself.
Our advice is to protect your files and intellectual property as best you can and monitor the activity on your network so you can identify suspicious behaviour, while keeping track of the personal factors that can motivate individuals to act against the organisation.
For more information on this story and others visit IT Security Guru dot org.

The post Insider Threat Hits TD Bank appeared first on IT Security Guru.

Ovum research shows privileged users are highest risk to data for 54 percent of IT decision makers (ITDMs) in European organisations

The Gurus — Wed, 17 Jun 2015 13:03:47 +0000

Survey also reveals that 40 percent of ITDMs in UK firms have encountered a data breach or failed a compliance audit in the last 12 months

Vormetric, a leader in enterprise data security for physical, virtual, big data, public, private and hybrid cloud environments, today announced the European findings of its 2015 ‘Insider Threat’ survey. The survey was conducted online on its behalf by Harris Poll in fall 2014 among 818 enterprise IT decision makers (ITDMs) in various countries, including 204 in the UK and Germany. Analysis and research into the results was performed by analyst firm Ovum.
The research uncovered that 54 percent of the German and UK respondents believe that privileged users (system administrators, database administrators, network administrators, etc.) pose the biggest risk to their organisation – a substantial step up from 38 percent in last year’s 2014 Vormetric Insider Threat Report – European Edition. Only 13 percent said that their organisations were not at all vulnerable to insider threats – a slight improvement on the nine percent that said they felt safe last year, but still leaving 87 percent feeling vulnerable.
The insider threat is multi-faceted and does not only relate to the deliberate theft of data. If systems are not appropriately secured, employees can also inadvertently put sensitive company information at risk. In addition, modern cyber attacks frequently rely on hijacking log-in credentials of unsuspecting users, often targeting ‘privileged users’ who have the greatest levels of network access. Cyber criminals then use these credentials to log-in and appear as legitimate users so that they can steal data undetected.
“With the research showing that more than half of European organisations now classify privileged users as posing the highest risk to their data, there is clearly a growing need to manage and secure what these users can do on the corporate network,” said Andrew Kellett, Principal Analyst Infrastructure Solutions at Ovum. “Although most organisations will have already realised that this type of user account needs to be implemented and overseen with far greater care than they perhaps once were, there remains a variety of technical challenges to overcoming the risk they pose – not least because this type of user account is usually used to perform essential network maintenance and administration procedures that cannot be interfered with.”
The key findings of the Ovum survey include:

54 percent of IT decision-makers in European enterprises placed privileged users as the highest risk group when considering their data protection requirements. Contractors, service providers, and business partners were also seen as possible risks.
Although 51 percent of UK respondents and 44 percent of German respondents are increasing spending to offset threats to data, this lags behind 62 percent in the US
Only 13 percent of IT decision-makers in European enterprises identified that they were not at all vulnerable to insider threats
40 percent of UK respondents reported that their organizations have encountered a data breach or failed a compliance audit in the last 12 months
Compliance was identified by respondents as still the top reason for securing sensitive data in Europe (56 percent), but reputation and brand protection are close behind (54 percent)
Top European IT security spending priorities identified by respondents were protection of Intellectual Property (52 percent) and preventing a data breach incident (48 percent)

“With 40 percent of UK firms either being breached or failing a compliance audit in the last year, we are clearly a long way from anything approaching adequate data security,” said Alan Kessler, CEO of Vormetric. “Part of the problem is an overemphasis on compliance. With insider related attacks changing by the hour, you can think of today’s compliance mandates as requiring organisations to use the weapons of yesterday to fight today’s battles. Given this reality, encryption and access controls are increasingly the weapons of choice today to protect organisations critical data.”

For more information and to download the report, visit: http://www.vormetric.com/campaigns/insiderthreat/2015/eu/

The post Ovum research shows privileged users are highest risk to data for 54 percent of IT decision makers (ITDMs) in European organisations appeared first on IT Security Guru.

Identity Management in the New Frontier

The Gurus — Tue, 26 May 2015 11:56:59 +0000

In today’s digital age, identity management is a complex task that requires not just a hefty dose of common sense when sharing information on the Internet, but also a reliance on third-party businesses to safeguard that information and respect consumer privacy. Prolific media coverage about cyber security is keeping us on our toes. Data breaches at well-known retailers have created more general awareness around threats like malware and phishing scams, but just as we begin to feel more confident about our preparedness, we hear rumblings of a new cybercrime frontier: The Internet of Things (IoT). Suddenly the conversation around identity management heats up, as our lives become increasingly intertwined with technology.
Born out of the convergence of wireless technologies, micro-electromechanical systems and the Internet, the IoT will allow data to be automatically transferred over a network without human-to-human or human-to-computer interaction. With the advent of the IoT, robust personal information is being continuously tracked and captured, many times without the consumer knowing the data is being collected. The growing number of devices being connected is astounding. Cisco estimates that there will be 50 billion connected devices by 2020, up from 10 billion in 2013. Wearables, such as fitness trackers and connected watches, intelligent home appliances like thermostats and refrigerators, even the cars we drive will soon be collecting and sending data on our driving habits. To put it in perspective, the IoT will become larger than the smart phone, tablet and PC markets combined.
While this connectedness brings everyday life conveniences, it also exposes consumers and businesses to an era of data sharing ignorance. Up until this point, though often questioned and debated, consumers have largely been aware of the types of data that they are sharing (and with whom) through social media interactions and ecommerce transactions. This will not be the case with the IoT, since much of the data is accumulated passively. As such, it is unknown what the implications will be on identity management and privacy protection.
As we move further into the era of the IoT, these smart devices will contain a range of sensitive personal information: from standard details like email, home address and birth date to more behavioral data, such as which TV programmes we watch, how much we exercise, what hours we are typically at home or away, and where we are. Thermostat makers using smart technology will suddenly be able to tell the company about its users and their behaviour without any active decisions being made on the consumers’ part to share that information. This presents a lucrative opportunity for hackers.
Last year, security firm Proofpoint uncovered a cyber attack that had more than 100,000 connected devices sending out spam emails. One of these devices was a refrigerator.Although an Internet-connected fridge does not yet house much personal information about its user, this example does show the vulnerability of these newly connected devices.
So, as we approach this relatively unchartered territory of automatic and passive connectivity, what are the best identity management practices for mitigating the risks along the way?

Awareness and education. It is important for consumers to be aware of the tradeoffs of sacrificing data capture for convenience and utility in this more connected life. It is also equally important for businesses to understand the risks of collecting this information, and ensure they are properly securing consumer data.
Read the fine print. When it comes to connected devices, understanding what personal data is being collected and how it will be used may help you determine if you want to opt-in or not. Businesses have a responsibility to be transparent about the information they collect and how they will use it
Identity monitoring. As we confront this new frontier, identity monitoring services provide advance warning of potential compromise of your personal information and other fraudulent activity – a key component in the mitigation practices for all cybercrime.

To keep up with the ever-changing technology environment, identity management will need to adapt and evolve at a similar pace, as our devices become increasingly integrated into our everyday lives.

Andrew Thomas, Managing Director, Europe, for CSID

The post Identity Management in the New Frontier appeared first on IT Security Guru.