Cybersecurity Blog: The Cyber Scene is evolving, are you?

Managing the risks presented by insider threats is, in large part, founded on historical counterintelligence precepts. In this webcast, I discussed three counterintelligence practices for the digital age and how these proven maxims may be translated into controls to enhance your cybersecurity posture.

  1. Be offensive: While today’s threats are ever evolving, one constant is the human element as a primary threat vector. Rather than merely responding to events after-the-fact, get ahead of a potential incident by identifying human threat indicators -- and offer risk treatments before threats materialize to better secure company resources and intellectual property.
  2. Own the street: Historically, physical surveillance kept watch over nefarious activities on our streets, and today we must have the same vigilance of the digital highway. Look to enhance your organization’s situational awareness to defend your assets, personnel, and reputation better.
  3. Don’t ignore analysis: The best insider threat programs have not only sophisticated technology, an established governance structure, and awareness and reporting programs, but also the means to discern the importance of each of these components’ results. It is only through appropriate analysis that data becomes operationalized information. Enhance your risk management operations with on-site teams to meet your analytical requirements from initial operating capability through optimization.
Read more

When it comes to people, processes, and technology, the weakest link is human behavior.

In the wake of various high-profile leaks, human-enabled data breaches, and theft of corporate assets over the last several years, the insider threat topic has received much attention.

Read more

Malicious insiders present real risk to the business. Their inside knowledge and understanding of systems and data make them particularly dangerous, as they are hard to detect and know where the most valuable data resides. Media reports about external threats have thrust cyberattacks into the mainstream, but breaches caused by malicious insiders rarely make headlines. Because insider threats require a top-down approach, executives and boards of directors need education about the threat posed by malicious insiders and how to defend against them. 

Following our webinar with guest speaker Forrester Senior Analyst, Joseph Blankenship, we asked him to address some of the questions from the audience around how security leaders can address insider threats with senior leadership. Below are his responses.

Read more

Insider threats have become a huge problem for organizations around the world – just turn on the news and you’ll see the latest set of compromised companies dealing with the severe consequences of an insider breach – brand damage, lost customers, lost revenue, issuance of regulatory fines, employee safety... and the list goes on and on. 

Read more

Decisions that Make Companies Vulnerable to Insider Attacks

With the steady rise in cyber-attacks, network defense has become a security team’s number one priority. Many organizations have responded by investing heavily in the best tools to protect their information and systems from outsiders. The hard truth is these technologies are not designed to identify, let alone prevent an insider—contractor, employee, or trusted business partner—from taking information or corrupting a system they are authorized to access.

Read more

The deadline for implementing changes in the National Industrial Security Program, which makes federal contractors with security clearances partners in the government’s fight against insider threats, is looming. More than 12,000 cleared contractors have until November 18 to comply with Change 2 to the National Industrial Security Operating Manual (NISPOM).

Read more

Find out how one analyst used social media to collect enough intel in five hours to breach a Fortune 500 company.

What is open-source intelligence (OSINT)? Quite simply, its intelligence collected from publically available information such as Facebook, LinkedIn and even the dark web. Are you using information available from these sources? Adversaries are!

Read more

Given the wave of high profile cyberattacks in the news, one might think data breaches happen no other way. Unfortunately, having sensitive company information fall into the wrong hands does not require breaking through a firewall. Many of your employees, who have greater access to sensitive data than ever before, are at risk of unknowingly leaking information.

Read more

Leidos and Interset Present at This Year’s Gartner Summit

With all of a company’s sensitive information stored electronically and employees having greater access to that information than ever before, the opportunity to do harm—maliciously or unintentionally—is a reality that can no longer be ignored.

Case in point. Last year, a former network engineer, after learning he would soon be terminated, shut down his organization’s network servers and deleted critical data. His actions prevented the company from fully communicating for 30 days and limited its access to data and applications—an attack that cost the company more than $1 million.

Companies Need a Different Approach to Stop Insider Attacks

More than two-thousand risk and security leaders came to The 2016 Gartner Security & Risk Management Summit this year to discuss their biggest security challenges. The topic of insider threat detection emerged as a continuing challenge for security leaders.

Read more

The recipe for success = employee behavioral data + user behavior analytics

Insider incidents are on the rise. In fact, recent Ponemon Institute survey indicated that malicious insiders pose the greatest cyber risk to organizations today. No wonder trade secrets and IP theft are projected to double by 2017, approaching a half a trillion dollars annually. But what can security leaders do to successfully address this scale of problem and protect their organization?

“If you’re making money today – you’re a target.”

– Kevin Shewbridge, Intelligence Analyst Lockheed Martin

Read more