Insider Security Issues

Home Forums Technology Insider Security Issues

This topic contains 1 reply, has 1 voice, and was last updated by  Henry Brown 4 years, 9 months ago.

  • Author
    Posts
  • #179844

    Henry Brown
    Participant

    IMO interesting read!
    Not certain I would place the threats in the order that Mr. Beaver has, and in some cases I believe that MOST government entities would not consider the risks very high on this top 10
    From Acunetix.com blog

    The Edward Snowden incident highlights the dangers that an organization could be exposed to due to insiders with ill intent. You know; the very people you’ve entrusted with the organization’s well-being and have assumed to this point that everything they do is on the up and up.

    According to a recent Clearswift/Loudhouse report, 58% of security incidents are attributed to insiders. Other studies, such as the 2013 Verizon Data Breach Investigations, claim smaller numbers. One thing is certain though; you have users and things on your network right now that are creating business risks. There are too many people with access and too much to lose to ignore the problem.

    1. Management’s mindset we don’t have anything of value
    2. Users assumed to have been properly vented
    3: Entities assumed to have not access.
    4: Lack of information
    5: Improper tools
    6: Limited expertise
    7: Non-existent patching of third-party software
    8: Data loss via mobile devices
    9: Data exposure via improperly secured software
    10: Careless use of Wi-Fi

  • #179846

    Henry Brown
    Participant

    Some interesting quotes from Infosecurity Magazine: (a story on the Clearswift/Loudhouse Report)

    The consumerization of computing has changed the IT landscape. Employees can and do now access corporate data from a multitude of devices in a multitude of locations. Where the ‘insider threat’ was once posed only by the occasional malcontent employee, it is now comes from every naive employee on the payroll.”

    The solution is to get down and dirty with the information itself: to understand what information is sensitive or confidential together with the context in which it is sensitive and confidential, and to secure the information in context. That way, it doesn’t matter whether the threat is internal or external, because what matters – the information – is secured. ” Guy Bunker, Senior vice president of products at Clearswift,

You must be logged in to reply to this topic.