Many cybersecurity tools are designed to block or allow specific activities based on prescribed rules, but with insider breaches continuing, enterprise protection also requires real-time reaction to actual user behavior, says Carl Leonard of Forcepoint.
Carelessness, a lack of security awareness, unclear data ownership and poor toolsets are root causes of insider breaches, says Tony Pepper, CEO of Egress, which recently surveyed CISOs and employees to trace the cause of insider breaches resulting from both intentional and unintentional loss.
As the IT infrastructure evolves and becomes far more complex, security needs to be built in, not bolted on later, says VIjendra Katiyar of Trend Micro.
The latest edition of the ISMG Security Report describes Apple's newly announced single sign-on function that's built with privacy in mind. Plus, a discussion of the "other" insider threat and an Infosecurity Europe conference recap.
Many corporate boards of directors in India have made progress in recognizing cybersecurity as a priority. But clearly, they still have a lot of work to do. Panelists at a recent ISMG summit in Bengaluru offer insights.
Google is notifying administrators and users of its business-oriented G Suite product that the company had been storing unhashed passwords for years because of a flaw in the platform. The company believes no customer data was leaked and that all passwords remained encrypted.
The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats.
As part of this research, the center addresses how to detect and prevent insider fraud, as well as...
Nine men have been charged in connection with an alleged SIM card swapping scheme that led to the theft of $2.4 million in cryptocurrency, the U.S. Justice Department says. The scheme allegedly involved the bribing of employees of Verizon and AT&T.
There's a lot of talk about the malicious insider, but not as much about the unintentional insider. Whether its employees using personal software to simply get the job done or teams selecting and expensing unauthorized software, company information assets are increasingly difficult to manage. The cloud has brought...
Unix and Linux build the foundation for most business-critical systems. Thus, they present target-rich environments for cyber-attackers. Privileged Access Management (PAM) helps to mitigate such risks. To succeed, security teams must follow an integrated approach, covering both privilege elevation and centralized...
WikiLeaks founder Julian Assange's hacker roots and nontraditional approach to journalism may prove damaging following his arrest on Thursday. He's been charged with one count of conspiracy, but U.S. prosecutors still have time to file more serous charges pending his extradition from the U.K.
The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats.
As part of this research, the center addresses how to detect and prevent insider fraud, as well as...
A common complaint among threat intelligence analysts is the near impossibility of searching global
threat intelligence feeds to find the specific threat and vulnerability information that matters to their
organization.
The underlying problem here is the lack of visibility across all internal files and objects....
In 2017, 15,038 new CVEs were published, up from 9,837 in 2016. Last year, 16,500 new CVEs were disclosed. With vulnerabilities growing year after year, patching every potential threat to your business is a futile exercise. The need to prioritize is clear, but where to start, especially when CVSS categorizes the...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.
