Sunday, February 5, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Latest Issue - Free!
The Cyber Express
Ransomware Report
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Voice Networks

    Voice Networks are Under Attack – is Anybody Listening?

    Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

    Dominic Alvieri

    After Hive, Will More Ransomware Groups be Taken Down in 2023?

    McEwan Fraser Legal

    ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

    Kewal Kiran

    Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

    BATLoader

    Stealthy BATLoader Lurks Under PowerShell Script to Evade Detection and Launch Malware

    Guardian Analytics Data Leak

    Guardian Analytics Data Leak: Ransomware Groups Daixin Team and Lockbit List Firm as Victim

    VectorStealer

    VectorStealer, Unlocking Doors to RDP Hijacking

    Qakbot Malware

    Spammers Deploy Information Stealing Qakbot Malware in OneNote Attachment

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Voice Networks

    Voice Networks are Under Attack – is Anybody Listening?

    Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

    Dominic Alvieri

    After Hive, Will More Ransomware Groups be Taken Down in 2023?

    McEwan Fraser Legal

    ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

    Kewal Kiran

    Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

    BATLoader

    Stealthy BATLoader Lurks Under PowerShell Script to Evade Detection and Launch Malware

    Guardian Analytics Data Leak

    Guardian Analytics Data Leak: Ransomware Groups Daixin Team and Lockbit List Firm as Victim

    VectorStealer

    VectorStealer, Unlocking Doors to RDP Hijacking

    Qakbot Malware

    Spammers Deploy Information Stealing Qakbot Malware in OneNote Attachment

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Features

Insider Threats: Elephant in the cubicle!

Augustin Kurian by Augustin Kurian
July 29, 2022 - Updated on August 3, 2022
in Features
0
Insider Threat
585
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter
Listen to this story

In June 2017, while scouting through GitHub, an online code-sharing programming resource, information security expert and author Jason Coulls spotted a trove of sensitive documents from several American, Canadian, and Japanese financial institutions. The repository contained migration plans, estimates, presentations, and other sensitive data that could have put those companies at risk.

Further research into the breach revealed that the data leak was an accidental mistake or rather a “monumental common-sense failure” of a developer working with Indian IT service giant Tata Consultancy Services (TCS). Coulls immediately notified the banks about the leak. “This was a new level of monumental head-scratching activity, as you could fork or clone an entire repository containing architecture details and roadmaps for some of the largest financial institutions in North America,” he wrote in a blog post.

You might also like

Hollywood and its Quest with Nailing Hacking Depictions

Internet Censorship and Freedom of Speech

Voice Networks are Under Attack – is Anybody Listening?

The good news is that none of it was banking customers’ data,” Coulls told technology news website The Register after the incident. But there was still a lot of useful stuff there – not just for hackers but for the firm’s competitors. The first bank that looks at it gets to see what everyone else is doing.” Coulls also roasted TCS for not firing the team member immediately after the incident who was the most significant catalyst for the monumental catastrophe.

Insider threats pose a higher risk than hackers

The above incident highlights what accidents can do, but what is even more staggering is that one in four employees have intentionally leaked confidential data. When data privacy and risk management company Egress Software Technologies surveyed 2,000 UK workers, they may not have anticipated that the threat they were handling was elephants in the cubicles.

The survey revealed that employees who leaked information were likely to share data with their new or former employers or competitors. These could be bank details and customer information, among other sensitive data.

A survey by Vanson Bourne stated that insider threats pose a greater risk to companies than external threats such as breaches and hackers. s. It pointed out that 74 percent of cyber incidents occur within organizations, with 42 percent being employees alone. When considering the extended enterprise, meaning employees, customers, suppliers, or even previous employees, the number increases to 74 percent.

Nearly 90 percent of organizations are vulnerable to attacks from insider threats, according to the Insider Threat Report 2018 by CA Technologies. In the report, the main reasons for enabling the risk factor were too many users with excessive access privileges, employees bringing their devices to work, and the increasing complexity of the information security industry.

Over 50 half of the respondents confirmed insider attacks against their organization last year, and a quarter felt the insider attacks were becoming more frequent.

While insider threats are a cause of concern, a vast majority of companies are implementing programs to deter them. Companies focus on detecting insider threats, deterrence methods, analysis, and forensics. Thirty-six percent have a formal program in place to respond to insider attacks, while 50% are focused on developing their program,” the report suggested.

Nipping it in the bud

Threats like insider attacks need to be nipped in the bud, and this must be ensured from the beginning, in other words, the hiring process. One way HR could minimize the malicious leaking of information is by ensuring that the concerns are raised and dealt with fairly without compromising the employee’s overall experience.

Simple steps such as reminding people about the company’s data protection policy post their resignation can also help.

Moreover, there are several touchpoints throughout an employee’s career that HRs must focus on. The CERT Insider Threat Center provides a list of best practices organizations should adopt to protect themselves from insider threats. These include maturing insider threat programs, tracking terminated employees, improving employee engagement, developing a watchlist of employees with behavioral indicators, and adding insider threat awareness training.

Authentication and the future of biometrics

As far as insider threats are concerned, it is evident that they can jeopardize companies. To counter this, there is a need for risk-based authentication technology that relies on things like proximity, behavior, biometrics, and more.

Industry experts opine that when you’re typing the password, the software can observe your movement across the keyboard. With this keystroke behavioral biometric, the computer algorithm can distinguish between users. According to several experts, technology can be fed into the risk engine and help determine whether the user should get access or not.

Several other innovations are also driving the authentication space, where individual actions by the users are tracked and traced to create exclusive biometrics using artificial intelligence and machine learning.

While insider threats may seem inevitable and pose a more significant threat to companies than external forces, organizations must implement policies, methods, and security systems to identify potential hazards and minimize the occurrence of such incidents. Though authentication and innovation can also assist in safeguarding the company, they alone are not enough to avert the dangers posed by insider threats.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: cybersecuritycybersecurity awarenessinsider threatsMulti-factor Authentication
Previous Post

Global Firms Struggle to Evaluate Cyber Risk Exposure

Next Post

Zero Trust – Vendors, Investment, and Future

Augustin Kurian

Augustin Kurian

Augustin Kurian is the Editor In Chief of The Cyber Express, an information security publication catering to an audience encompassing CISOs, CXOs, network engineers, technology enthusiasts, security professionals, and students. In his role, he leads the editorial division, manages outreach campaigns, and promotes establishing best cybersecurity practices.

Related Posts

Hacking depiction in hollywood
Features

Hollywood and its Quest with Nailing Hacking Depictions

by Editorial
February 5, 2023
Internet Censorship and Freedom of Speech
Features

Internet Censorship and Freedom of Speech

by Editorial
February 5, 2023
Voice Networks
Features

Voice Networks are Under Attack – is Anybody Listening?

by Editorial
February 4, 2023
InTheBox
Features

Global Banking Apps Under Attack: Researchers Find ‘InTheBox’ Web Injects

by Ashish Khaitan
February 1, 2023
SOCs
Features

SOCs to Face Greater Challenges from Cybercriminals Targeting Govt. and Media in 2023

by Editorial
January 28, 2023
Next Post
Zero Trust – Vendors, Investment, and Future

Zero Trust - Vendors, Investment, and Future

Latest Issue is Out. Subscribe Now

Ai in Cybersecurity - Cybersecurity Magazine by The Cyber Express

Download Now



Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

Recommended

Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

February 4, 2023
GoTo Confirms User Data Stolen With Encryption Key

GoTo Confirms User Data Stolen With Encryption Key

January 27, 2023

Categories

Don't miss it

Voice Networks
Features

Voice Networks are Under Attack – is Anybody Listening?

February 4, 2023
Firewall Daily

Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

February 4, 2023
LockBit. Ion Group
Cybersecurity News

LockBit Claims Ransom From ION Group, Firm Declines To Comment

February 4, 2023
Dominic Alvieri
Firewall Daily

After Hive, Will More Ransomware Groups be Taken Down in 2023?

February 4, 2023
McEwan Fraser Legal
Data Breach News

ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

February 3, 2023
Kewal Kiran
Firewall Daily

Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

February 3, 2023

About

The Cyber Express

Cybersecurity News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News

© 2022 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cybersecurity Magazine
  • Events
    • World CyberCon Middle East 2023
    • Webinars

© 2022 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.