Insider threats are difficult to counter. What happens when an employee goes rogue, and how do you catch them? Charles Carmakal of Mandiant, who says his firm is dealing with more insider threat investigations, shares tips for better defenses.
A "zero trust" security model makes it easier to manage application access and protect against malicious users, but the rollout of the model must be managed in a very organized way, says Mani Sundaram, CIO and EVP, Global Services and Support, at Akamai Technologies.
Progressive companies seeking to improve their security are increasingly adopting bug bounty programs. The theory is that rewarding outside researchers improves security outcomes. But in practice, bug bounty programs can be messy and actually create perverse incentives, says bug-hunting expert Katie Moussouris.
There is a key shift in the
threat landscape as attackers focus more on attacking
key endpoints and infrastructure. As a result, many
organizations are developing security blind spots.
Read this ebook to learn more about:
Shifts in threat activity;
Blind spots in cyber defenses & how to regain...
The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and it has just released Version 6 of its Best Practices to Mitigating Insider Threats.
As part of this research, the center addresses how to detect and prevent insider fraud, as well as...
Fortinet's FortiGuard Labs global threat research team is creating research playbooks that provide deep-dive analysis of not only threat trends, but also cybercriminal and adversary tools and techniques. Derek Manky and Tony Giandomenico discuss the playbook model and how it can help in the fight against cybercrime.
Capital One's enormous data breach is a subject of intense scrutiny as well as fear. A definitive post mortem is likely months away. But security professionals have ideas as to how the breach was achieved and the weaknesses that led to it.
The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements.
The cause of Capital One's breach is known. But experts say the incident still raises questions over why Capital One held onto personal data so long and if the bank was adequately monitoring administrator accounts.
The Capital One data breach is in early stages of remediation. Art Coviello, former chair of RSA, which was breached in 2011, shares first-hand insight on steps the breached institution and its CEO should be taking now.
George Orwell's "1984" posited a world in which Big Brother monitored us constantly via "telescreens." But thanks to our "smart" AI home assistants - from Google, Amazon and others - we're increasingly installing the monitoring equipment ourselves, and it may "hear" much more than we realize.
For years, security leaders focused primarily on malicious insiders - those who intend to do harm to an organization. But CISOs are increasingly concerned about the accidental insider. And Anne-Marie Scollay of Axiom Law has a program targeting this growing threat.
Threat intelligence programs have evolved greatly over the past decade. But Mario Vuksan, CEO of ReversingLabs, says too many organizations are overlooking the value of local intelligence embedded in their own networks. Vuksan talks about maximizing TI resources.
A former Equifax CIO who sold his stock in the company after learning about its 2017 data breach several months before the public and government agencies were informed has been sentenced to four months in prison for insider trading. Another former Equifax executive was sentenced on similar charges last year.