LAS VEGAS – Insider threats are an ongoing top danger for companies — but when it comes to mitigation efforts, incident-response teams face an array of challenges. Discussions with various incident-response teams revealed that between 25 to 30 percent of data breaches involved an external actor working with an internal person in an organization, according to Paul Shomo, senior security architect with OpenText. “We used to focus on external threat actors, but now, when compromising the network, many have someone on the inside, whether it’s because they bribed them or blackmailed them,” Shomo said, speaking at ENFUSE 2019 on Tuesday in Las Vegas. Insider threats continue to be a security thorn in companies’ sides: Just last week, the Department of Justice (DoJ) charged two former Twitter employees for allegedly accessing thousands of accounts on behalf of Saudi Arabia; also last week, Trend Micro said that a rogue employee sold the data of 68,000 customers to a malicious third party, who then used that data to target customers with scam calls. Mitigation Challenges Brian Coleman, director of forensic analysis and investigations at pharmaceutical giant Pfizer, said at ENFUSE that he faces the insider threat challenge daily when managing Pfizer’s almost 250,000 endpoints to monitor suspicious network activity and root out any potential insider threats, he. There are various methods of detection when it comes to insider threats, he said – including monitoring the log data of…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-11-12 17:10:002019-11-12 17:10:00Insider Threats, a Cybercriminal Favorite, Not Easy to Mitigate
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com