Skip Links

Insider Threat

Our bi-weekly look at the threats you face from inside your firewall. Have a question for our experts? Write us.

The new risks of cyber-chattiness
Employees are revealing too much about their professional lives online, and that can add up to bad news.
Give Your Brownfield Network a Clean Sweep
Brownfield networks are a challenge under average circumstances and potentially a large insider threat under the worst of circumstances.
Smartphone: From Threat to Asset
“Despite a strict policy to use BlackBerry devices, it seems obvious that many of our employees are using the iPhone for both work and play without the knowledge of IT. Apple has made it easy for them to connect to our email service and today’s users are savvy enough to figure out how to configure it, and if they’re not, YouTube provides plenty of instruction. How can IT put the genie back in the bottle?”
A Tale of Two Insiders
In 1992, a British bank sent an employee to Singapore to launch and manage its trading operations. The employee engaged in speculative derivatives trading which counted on the Japanese market remaining stable. Unfortunately for him, the Kobe earthquake in 1995 sent the Nikkei into a state of volatility. His risky trades led to $1 billion in losses for the bank.
Their phone, your headache
Employees want IT to link their personal smartphones to email and other corporate resources, but how do you secure devices that house a mix of peronsal and corporate information? And what happens when those employees quit?
Effectively Enforcing Password Policies and Audits
Traditionally security professionals have spent most of their time trying to prevent malicious attacks from outside the company. But what happens when the threat comes from trusted insiders with access to passwords?
A reasonable approach to oversight
When it comes to security, how do you balance between being "big brother" and being a responsible enforcer of corporate policy?
How to address the two types of insider threats
“I read about fraud all the time – hackers, online gangs, angry employees, etc.. It seems like it’s on the rise. Why is this so hard to detect and how can we prevent fraud in our organization?”
Tokenization vs. end-to-end encryption
Over the last few months, the PCI Knowledge Base has been doing research on the impact of PCI compliance on fraud and fraud management for the Merchant Risk Council. One of the things we've learned is that, in general, the PCI-mandated controls are most effective at reducing internal fraud due to insider threat.
How to maintain security without increasing the operational load on IT staff
A number of factors are increasing the challenges of keeping networks secure. One source is additional users of varying types -- including some with multiple roles -- coming onto the network. IT staff finds it must support remote workers, guests, contractors, partners, suppliers -- sometimes even competitors -- on the LAN and yet still protect sensitive corporate assets.
Safeguarding your mobile Workforce
As workers are required to go mobile in order to stay productive, the corporate network has had to go virtual - piggybacking on the infrastructure of the threat-ridden public Internet.
Is PCI compliance a ticket to the boardroom?
Here are some PCI-related issues that should be of interest to senior management, and they may require you to make a trip to the boardroom.
Managing integration and access privileges for ad hoc groups
In today's economy, companies are changing fast. If my company makes an acquisition, can I easily create a group of users to manage that integration, give them specific access privileges, and then dissolve that group when the transition has been complete?
Identifying the source of corporate threats
The Verizon Business RISK team recently released its "2009 Data Breach Investigations Report" which gives a fresh look into the question of whether insiders or outsiders are the larger threat group. The report concludes that 74% of breaches result from external sources and "the predominance of total records lost was attributed to outsiders."
Can the status quo threaten your LAN?
In times of economic crisis people tend to seek the safety and security of the status quo. "Doing what you've always done, and what everyone else is doing, is the most prudent course," goes the thinking.
The effects of corporate social media on overall network security
In today's increasingly communicative world, businesses face a dilemma. They have to find ways to be more engaging and communicate more directly to their customers and the public, while retaining close control of sensitive information.
Controlling unauthorized application usage without increasing costs
"Our IT department has identified a potential issue with shared account usage in our applications. Can we control unauthorized usage or will we need to replace the apps? We want to avoid that cost if at all possible."
A down economy increases threat of data walking out the door
Moving into 2009, the number of layoffs and unemployed has multiplied as a result of the falling economy. Corporate data is at risk now more than ever and companies need to be sure they have reliable protection in place.
How to tell which employees are more of a security risk
Recently I have read quite a bit about "insider threats" and the potential for losing customer data. But not everyone is bad, so how can I tell if I need to pay attention to certain employees?
Is there a hidden cost to data protection?
Companies today realize the threats and consequences of data loss and by now most have some sort of data protection in place. But, many companies that were rushed into data protection by the fear of losing precious data may have been too quick to throw together a patchwork quilt of security software, which is now proving costly.
Hard times mean more problems with insider security issues
Does my company need to be more proactive about insiders during hard times?
Can we really stop malicious insiders?
In terms of malicious insiders committing fraud, can anything "really" be done?
A layered approach to data leak prevention
My company is increasingly deploying SSL applications and that traffic already represents 40 percent of my network capacity. With this encrypted traffic on the rise, how can I build an effective protection against the loss of sensitive data?
Keeping smartphones from becoming a security threat
My company is considering purchasing new smartphones for all employees and I am concerned about the implications of what this means for tracking our sensitive data. What are the special challenges of protecting data in an increasingly mobile workforce, and how can I meet my data protection goals?
Does compliance equal security?
With government increasingly telling businesses how they need to comply with regulations, I wonder if this means that my data is more secure. At the end of the day, does compliance equal security?

Latest News
rssRss Feed
View more Latest News