image
LAS VEGAS – Insider threats are an ongoing top danger for companies — but when it comes to mitigation efforts, incident-response teams face an array of challenges. Discussions with various incident-response teams revealed that between 25 to 30 percent of data breaches involved an external actor working with an internal person in an organization, according to Paul Shomo, senior security architect with OpenText. “We used to focus on external threat actors, but now, when compromising the network, many have someone on the inside, whether it’s because they bribed them or blackmailed them,” Shomo said, speaking at ENFUSE 2019 on Tuesday in Las Vegas. Insider threats continue to be a security thorn in companies’ sides: Just last week, the Department of Justice (DoJ) charged two former Twitter employees for allegedly accessing thousands of accounts on behalf of Saudi Arabia; also last week, Trend Micro said that a rogue employee sold the data of 68,000 customers to a malicious third party, who then used that data to target customers with scam calls. Mitigation Challenges Brian Coleman, director of forensic analysis and investigations at pharmaceutical giant Pfizer, said at ENFUSE that he faces the insider threat challenge daily when managing Pfizer’s almost 250,000 endpoints to monitor suspicious network activity and root out any potential insider threats, he. There are various methods of detection when it comes to insider threats, he said – including monitoring the log data of…

Source