Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

The Rise of Inside Out Security Threats

By Saryu Nayyar, CEO of Gurucul

by The Gurus
November 1, 2019
in Guru's Picks
The Rise of Inside Out Security Threats

Using a flashlight to search in a large group of people icons. Digital illustration.

Share on FacebookShare on Twitter

At the 2019 RSA Conference, a survey of 650 IT professionals revealed that 75% feel vulnerable to insider threat. This information from industry experts proves that there is dichotomy in the perception of cyberthreat across the media and IT professionals. This marks a significant shift from the frequent headlines warning of external cyberattacks that frequently occur in news sources and proves the critical nature of internal threat.

Indeed, the individuals surveyed, ranked user errors (39%) and malicious insiders (35%) as more worrisome than account compromise (26%) by external attackers. Perhaps the most disturbing fact is that nearly half of respondents said they can’t detect insider threats before data has left their companies.

The breach at Wipro earlier this year is a powerful reminder that account compromise attacks are essentially insider threats. In the case of the Indian IT outsourcing and consulting giant, employee user account credentials were stolen in phishing attacks, allowing the fraudsters to look like insiders and to target the company’s downstream customers.

As the Wipro example illustrates, IT supply chains are popular targets because they have many vulnerabilities. Contractors, vendors, and partners pose some of the greatest risks.

For convenience, companies often grant third-parties privileged remote access to accomplish their work. Often, this access is forgotten and not deprovisioned once the work has concluded, leaving an open attack vector. These remote access pathways are often insecure and untracked and can be taken over by attackers.

Conventional remote connectivity methods, such as VPNs, lack granular access controls and can be exploited via stolen credentials and session hijacking.

The 2018 Ponemon Institute survey found that 59% of companies have suffered a breach caused by one of their vendors.

Despite the threat of account compromise attacks, disgruntled or departing employees remain a greater security risk. These employees often exfiltrate confidential data for financial gain or in retaliation for some perceived wrong, such as being passed over for a promotion.

Unfortunately, security information event management (SIEM), data loss prevention (DLP) and other rules-based security products can only detect known threats, while insider attacks represent unknown threats.

While external attackers must first penetrate the network before finding the information they seek (while remaining undetected), malicious insiders already know where all the valuable data is, and how to access it.

To protect against insider threats, organisations should implement the following best practices:

●          Create specific policies, procedures, and access rights for each employee role

●          Establish user training about the dangers of phishing, and the importance of not opening untrusted links and attachments, etc.

●          Implement multi factor authentication (MFA) on critical systems, applications and transactions

●          Remove administrator rights on desktops

●          Segment the network

While most of these techniques are fairly well known, new approaches that employ security analytics have emerged to enable organisations to detect insider threats before data is exfiltrated or systems are sabotaged. These solutions use machine learning to profile normal human and entity/device behaviours, and then apply algorithms and statistical analysis to detect meaningful anomalies that may be associated with sabotage, data theft, or misuse of access privileges.

The adoption of behaviour analytics can help address another major challenge in detecting insider threats, namely digital transformation initiatives involving hybrid (on-premise and cloud) environments. This increasingly popular computing architecture creates an extended attack surface. Typically, a company’s on-premise security weaknesses will migrate to the cloud, creating new and potentially bigger issues.

To put the scale of digital transformation initiatives, and threats, into perspective, according to Gartner: 90% of companies will move to a hybrid cloud infrastructure by 2020. While some of the best practices listed above are difficult, if not impossible, to implement in cloud infrastructures, security analytics that monitor user behaviour and detect anomalies can be utilised to better protect the increasing number of hybrid environments.

FacebookTweetLinkedIn
Share1TweetShare
Previous Post

Russian Hackers Finally Noticed

Next Post

I think therefore IAM

Recent News

Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information