ArticlesC2 Fall 2022 The Insider Threat Problem: Your biggest threat may already be inside! by Nik Earnest October 16, 2022 written by Nik Earnest With insider threats it’s not a matter of if, but rather a question of when your organization will be hit. Just last week HackerOne, a security company, dealt with a rogue employee stealing data reported through the company’s bug bounty system. According to the article, the insider threat actor was turning around and using the privileged data to claim bounties directly from the affected companies, making a tidy profit. The now-former employee accessed and attempted to sell his company’s data over a half dozen times, only getting caught after a customer noticed and reported unusual behavior to HackerOne. Stories like this are becoming all too common. Consider asking yourself: Can my organization confidently detect insider threats? Does my security team have the resources needed to handle insider threats? Does my organization have a process in place to stop insider threats before damage is done? Is there a plan to handle insider threat incidents after the damage has been done? Who is involved? If you don’t have great answers or the thought exercise worries you, you’re not alone! According to the GURUCUL Insider Threat Report 2021, 98% of organizations feel vulnerable to insider threats and about half can’t detect an insider threat until after the damage has been done. Insider Threat is Growing Insider threats are increasing at an alarming rate and companies need to be prepared. According to the “2022 Cost of Insider Threats Global Report” released by the Ponemon Institute, 67% of companies reported more than 20 insider threat incidents requiring an average of 85 days per event to fully contain. These threats aren’t cheap either with an average total cost to the organization of $15.4M. To make matters worse insider threats are notoriously difficult to detect. Today you may be fending off a malicious threat actor moving laterally through your system, tomorrow an employee collecting privileged company data to exfiltrate. And you will always be searching for the negligent users falling for phishing emails, navigating to suspicious websites, or using weak passwords. Whatever the case insider threats often blend in, going unnoticed until it is too late and damage is done. With advances in modern security analytics tools, you may be asking why insider threat hunting is so difficult. Difficulties in Detection Most monitoring tools take a rule-based approach to security, sending out alerts when an action is taken or a threshold reached. However, these contextless rules tend to throw false positives flooding already busy analysts with false leads that must be followed up on. Too many false flags and your security team will ignore noisy alerts opting to focus their precious time elsewhere. The same goes for analysts using hypothesis-based searches to find insider threats. If day in and day out a query returns no leads, the analyst will pivot to other tasks. When looking for the insider threat “needle in a haystack” it is easy to get discouraged! Without a proper program in place, insider threat hunting slides down the list of priorities leaving the organization at risk of data breaches, IP theft, and more. This is why we are here to help! Where to Start To get started detecting, containing, and remediating insider threats, check out our new Insider Threat knowledge hub From CyberRes! Learn more about what insider threats are, their risk to your business, and how to protect against them by building your own insider threat program. Build your team, establish best practices, and ensure you have the right tools in place (such as ArcSight Intelligence) to give your organization a fighting chance against insider threats. October 16, 2022 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Fall 2022 Accelerate and Automate SAP HANA Security Compliance with Workload Aware Security Layer (WASL) from HPE and XYPRO by XYPRO Team October 16, 2022 by XYPRO Team October 16, 2022 In most mission critical environments, SAP HANA is the lifeblood of an organization. SAP HANA (High-performance ANalytic Appliance) is a highly performant, highly scalable in-memory database that serves as a platform for enterprise resource planning (ERP) applications and other business workloads that need to analyze data in real-time. Hewlett … 9 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021DataData Security How to Safeguard Your Data & Applications from Ransomware by Cohesity December 6, 2021 by Cohesity December 6, 2021 It’s ugly out there. Each week, we all see the news reports about more and more companies and organizations falling victim to ransomware and the trend is accelerating. No doubt, you or your colleagues work in or are aware of organizations that have been hit by ransomware over the … 1 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021Data SolutionsData Solutions XYPRO – Best of NonStop 2021 by Steve Tcherchian December 2, 2021 by Steve Tcherchian December 2, 2021 Have we become numb to the news of security breaches? Unfortunately, the attacks on our businesses, personal lives and even global infrastructure are not slowing down. Cybercrime is up over 600% during the pandemic. According to Verizon’s 2021 Data Breach Investigation Report, 61% of cyberattacks targeted credential theft. This … 1 FacebookTwitterPinterestEmail