OpenSea, the largest non-fungible token (NFT) marketplace by trading volume, has suffered a data breach after an employee at Customer.io, the platform’s email delivery partner, leaked user data. In a blog post on Thursday, the marketplace said that an employee of Customer.io “misused their employee access to download and share
In Part I of this series, we took a look at the Transportation Security Administration (TSA) Insider Threat Roadmap 2020 and advanced analytics. Following are two more initiatives that are thinking differently about insider threat program implementation through innovative architectures, collective intelligence, advanced analytics, and the use of publicly available information (PAI). Community-based and partner collaborations up and down the supply chain are also a hallmark of these efforts, as there is a growing acknowledgment that internal-facing and traditionally siloed insider threat efforts are part of the problem. In Part II, we examine the approaches taken and the resources available at the Carnegie Mellon University Software Engineering Institute (SEI) and the MITRE Center for Threat-Informed Defense (CTID).
The reality is 34% of all breaches in 2018 were caused by insiders, yet less than 20% of U.S. organizations possess effective security programs to combat it. The results range from information leakage and national security breaches to workplace violence and even reputational damage. Insiders’ unintentional actions can be equally damaging. How can a serious internal commitment to the design process, driven by innovation, give this often ignored sub-sector of risk management the priority it requires within your organization? Following are a few initiatives that are thinking differently about insider threat program implementation through innovative architectures, collective intelligence, advanced analytics, and the use of publicly available information (PAI). Community-based and partner collaborations up and down the supply chain are also a hallmark of these innovative efforts.
Researchers have uncovered a campaign in which a Nigerian threat actor is seeking to turn an organization’s employees into insider threats. The individual, or potentially multiple individuals, have crafted campaign emails that offer 1 million in Bitcoin if the target installs DemonWare onto an organization’s network. It appears as though
Sudhish Kasaba Ramesh, 31, has pleaded guilty to breaking into Cisco’s cloud infrastructure in 2018 and hacking the Webex collaboration platform to delete Webex accounts. The insider threat case has landed Ramesh at least two years in jail for the hack, which occurred roughly four months from his resignation from
The Transportation Security Administration has recently announced plans to share information its collects from employees and other outlets with federal agencies and the private sector, hoping to increase security and prevent insiders from carrying out crimes. The TSA plans to create an “Insider Threat Mitigation Hub” through the use of
Cybersecurity firm Trend Micro on Tuesday disclosed a data breach affecting 68,000 customers whose data was sold to a threat actor by a malicious employee. The cybercriminals who purchased the data used it to contact customers over the phone in an attempt to scam them. Trend Micro discovered the breach
68% of businesses feel moderately (47%), very (16%) or extremely (5%) vulnerable to insider threats, and only 42% say their efforts to monitor, detect and respond to these threats are effective (31%) or very effective (11%), a new report by Gurucul and Cybersecurity Insiders shows. A majority (53%) of firms
A new report by Securonix shows that about one in four organizations suffered more than 5 insider attacks in the last 12 months, and 70% believe that these attacks are increasingly common. According 4 in 10 infosec pros, cloud storage is more vulnerable to insider threats than any other element
A new HP survey exposes the ‘secret behaviors’ of US workers that undermine the privacy of others. For instance, 73% of employees engage in creeping, i.e. looking at the computer screen of a co-worker, while the same number of people look at documents they find in shared office printer trays.