Cybersecurity Blog: The Cyber Scene is evolving, are you?

Malicious insiders present real risk to the business. Their inside knowledge and understanding of systems and data make them particularly dangerous, as they are hard to detect and know where the most valuable data resides. Media reports about external threats have thrust cyberattacks into the mainstream, but breaches caused by malicious insiders rarely make headlines. Because insider threats require a top-down approach, executives and boards of directors need education about the threat posed by malicious insiders and how to defend against them. 

Following our webinar with guest speaker Forrester Senior Analyst, Joseph Blankenship, we asked him to address some of the questions from the audience around how security leaders can address insider threats with senior leadership. Below are his responses.

Read more

Insider threats have become a huge problem for organizations around the world – just turn on the news and you’ll see the latest set of compromised companies dealing with the severe consequences of an insider breach – brand damage, lost customers, lost revenue, issuance of regulatory fines, employee safety... and the list goes on and on. 

Read more

Decisions that Make Companies Vulnerable to Insider Attacks

With the steady rise in cyber-attacks, network defense has become a security team’s number one priority. Many organizations have responded by investing heavily in the best tools to protect their information and systems from outsiders. The hard truth is these technologies are not designed to identify, let alone prevent an insider—contractor, employee, or trusted business partner—from taking information or corrupting a system they are authorized to access.

Read more

The deadline for implementing changes in the National Industrial Security Program, which makes federal contractors with security clearances partners in the government’s fight against insider threats, is looming. More than 12,000 cleared contractors have until November 18 to comply with Change 2 to the National Industrial Security Operating Manual (NISPOM).

Read more

Find out how one analyst used social media to collect enough intel in five hours to breach a Fortune 500 company.

What is open-source intelligence (OSINT)? Quite simply, its intelligence collected from publically available information such as Facebook, LinkedIn and even the dark web. Are you using information available from these sources? Adversaries are!

Read more

Given the wave of high profile cyberattacks in the news, one might think data breaches happen no other way. Unfortunately, having sensitive company information fall into the wrong hands does not require breaking through a firewall. Many of your employees, who have greater access to sensitive data than ever before, are at risk of unknowingly leaking information.

Read more

Lockheed Martin and Interset Present at This Year’s Gartner Summit

With all of a company’s sensitive information stored electronically and employees having greater access to that information than ever before, the opportunity to do harm—maliciously or unintentionally—is a reality that can no longer be ignored.

Case in point. Last year, a former network engineer, after learning he would soon be terminated, shut down his organization’s network servers and deleted critical data. His actions prevented the company from fully communicating for 30 days and limited its access to data and applications—an attack that cost the company more than $1 million.

Companies Need a Different Approach to Stop Insider Attacks

More than two-thousand risk and security leaders came to The 2016 Gartner Security & Risk Management Summit this year to discuss their biggest security challenges. The topic of insider threat detection emerged as a continuing challenge for security leaders.

Read more

The recipe for success = employee behavioral data + user behavior analytics

Insider incidents are on the rise. In fact, recent Ponemon Institute survey indicated that malicious insiders pose the greatest cyber risk to organizations today. No wonder trade secrets and IP theft are projected to double by 2017, approaching a half a trillion dollars annually. But what can security leaders do to successfully address this scale of problem and protect their organization?

“If you’re making money today – you’re a target.”

– Kevin Shewbridge, Intelligence Analyst Lockheed Martin

Read more

Breaches disclosed in the media foster conversations within organizations on how to protect critical assets and enterprise infrastructure. Loss of intellectual property, financial data and customer confidence have produced tangible evidence of an evolving threat landscape that, in turn, has elevated the conversation to the board room.  

This cyber awakening has many organizations evaluating current security measures including tools and technology – and the options available in the market are endless!    

On May 11, 2016, I joined Greg Masters of SC Magazine for an evaluation of new cyber technologies in the marketplace. In my role as Chief Technologist for Lockheed Martin’s commercial cyber business, I’m focused on evaluating the latest trends in the market in order to advance our own defense strategies. 

In the following on-demand webcast, I analyze a variety of cyber technologies that can enhance your defenses including: Threat Intelligence Platforms, Security Operations (SecOps) Tools, Endpoint Detection and Response as well as User Behavior Analytics. 

Read more

External threats garner most of our attention and, consequently, the majority of our security resources but industry analysis demonstrates that cyber-crime incidents perpetrated by insider threat actors are trending up and to the right.

On May 4, 2016 my colleague, Kevin Shewbridge, and I were joined by Forrester Research Senior Analyst and guest speaker Joseph Blankenship for a discussion about the very real threat that malicious insiders pose to organizations around the globe.

Read more