30 Jun 2022

NFT Platform OpenSea Joins Long List of Crypto Data Breach Victims

OpenSea, the largest non-fungible token (NFT) marketplace by trading volume, has suffered a data breach after an employee at Customer.io, the platform’s email delivery partner, leaked user data. In a blog post on Thursday, the marketplace said that an employee of Customer.io “misused their employee access to download and share

Read More
05 May 2022

Is Your Insider Threat Risk Management Program Ripe for Innovation? Part 2

In Part I of this series, we took a look at the Transportation Security Administration (TSA) Insider Threat Roadmap 2020 and advanced analytics.  Following are two more initiatives that are thinking differently about insider threat program implementation through innovative architectures, collective intelligence, advanced analytics, and the use of publicly available information (PAI).  Community-based and partner collaborations up and down the supply chain are also a hallmark of these efforts, as there is a growing acknowledgment that internal-facing and traditionally siloed insider threat efforts are part of the problem. In Part II, we examine the approaches taken and the resources available at the Carnegie Mellon University Software Engineering Institute (SEI) and the MITRE Center for Threat-Informed Defense (CTID).  

Read More
28 Apr 2022

Is Your Insider Threat Risk Management Program Ripe for Innovation? Part 1

The reality is 34% of all breaches in 2018 were caused by insiders, yet less than 20% of U.S. organizations possess effective security programs to combat it. The results range from information leakage and national security breaches to workplace violence and even reputational damage. Insiders’ unintentional actions can be equally damaging. How can a serious internal commitment to the design process, driven by innovation, give this often ignored sub-sector of risk management the priority it requires within your organization? Following are a few initiatives that are thinking differently about insider threat program implementation through innovative architectures, collective intelligence, advanced analytics, and the use of publicly available information (PAI).  Community-based and partner collaborations up and down the supply chain are also a hallmark of these innovative efforts.

Read More
23 Aug 2021

Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits

Researchers have uncovered a campaign in which a Nigerian threat actor is seeking to turn an organization’s employees into insider threats. The individual, or potentially multiple individuals, have crafted campaign emails that offer 1 million in Bitcoin if the target installs DemonWare onto an organization’s network. It appears as though

Read More
15 Dec 2020

Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts

Sudhish Kasaba Ramesh, 31, has pleaded guilty to breaking into Cisco’s cloud infrastructure in 2018 and hacking the Webex collaboration platform to delete Webex accounts. The insider threat case has landed Ramesh at least two years in jail for the hack, which occurred roughly four months from his resignation from

Read More
18 May 2020

TSA Issues Road Map to Tackle Insider Threat With Artificial Intelligence

The Transportation Security Administration has recently announced plans to share information its collects from employees and other outlets with federal agencies and the private sector, hoping to increase security and prevent insiders from carrying out crimes.  The TSA plans to create an “Insider Threat Mitigation Hub” through the use of

Read More
07 Nov 2019

Rogue Trend Micro Employee Sold Customer Data for 68K Accounts

Cybersecurity firm Trend Micro on Tuesday disclosed a data breach affecting 68,000 customers whose data was sold to a threat actor by a malicious employee. The cybercriminals who purchased the data used it to contact customers over the phone in an attempt to scam them. Trend Micro discovered the breach

Read More
07 Nov 2019

Cloud Covers Up Insider Threats

68% of businesses feel moderately (47%), very (16%) or extremely (5%) vulnerable to insider threats, and only 42% say their efforts to monitor, detect and respond to these threats are effective (31%) or very effective (11%), a new report by Gurucul and Cybersecurity Insiders shows. A majority (53%) of firms

Read More
31 Oct 2019

Why cloud apps could be your biggest security worry

A new report by Securonix shows that about one in four organizations suffered more than 5 insider attacks in the last 12 months, and 70% believe that these attacks are increasingly common. According 4 in 10 infosec pros, cloud storage is more vulnerable to insider threats than any other element

Read More
22 Oct 2019

Consumers creeping and peeking, reveals HP survey

A new HP survey exposes the ‘secret behaviors’ of US workers that undermine the privacy of others. For instance, 73% of employees engage in creeping, i.e. looking at the computer screen of a co-worker, while the same number of people look at documents they find in shared office printer trays.

Read More