FBI CISO Patrick Reidy and insider threat analyst Kate Randal spoke on behavioral-based indicators to determine insider threats within the workplace.
If there's one threat in information security that's difficult to prevent, it's the insider threat. But there are ways in which your organization can minimize the risks.
When it comes to insider threats, we often focus on implementing technologies and auditing at the endpoint, but it's the user behavior that we have to get a better grasp of.
There may be no silver bullet to detect or prevent insider threats, but there are sophisticated technological solutions that can help.
The theft or misuse of corporate assets and customer data poses challenges, but there are strategies and tools to put in place to help mitigate the possibility.
IT security practitioners tend to focus on networked security threats, but preventing insider threats are where the real challenges lie.
Every company in every part of the world is subject to some level of insider threat.
Unauthorized individuals gained access to the personal data belonging to customers of New York State Electric & Gas (NYSEG) and Rochester Gas & Electric (RG&E), which are owned by Iberdrola USA.
The defendants were part of a coordinated operation that resulted in the theft of more than $2 million from JP Morgan Chase Bank, TD Bank, Citibank, Discover and American Express.
Patrick Ricciardi, 45, allegedly abused his access as an information systems specialist to spy on official emails meant for Hoboken, N.J. Mayor Dawn Zimmer.
The order follows a seven-month, government-wide review, prompted by the leak of classified U.S. documents by whistleblower site WikiLeaks.
A senior analyst at Countrywide Financial was ordered to pay $1.2 million in restitution after pleading guilty to his role in a scam to steal personal data of customers.
Montreal-based security supervisor Joseph Mercier has been charged by the RCMP after allegedly developing malware to create a botnet.
UCLA Health System must pay $865,500 as part of a settlement with the U.S. Department of Health and Human Services (HHS) over complaints that employees snooped on the health records of two celebrities.
The personal information of thousands of current and former California state employees was improperly copied to a hard drive and removed from state offices.
A USB stick containing the personal information of thousands of employees of Alberta's Edmonton Public School Board has gone missing.
A major U.S. energy supplier has found no evidence of breach despite claims by a former employee that he hacked into the company's New Mexico wind turbine facility as revenge for being fired.
A former network engineer at Gucci has been charged with hacking into the company's network, deleting data and shutting down servers and networks.
A former Dallas hospital guard was sentenced last week to nine years in federal prison for breaking into hospital computers, planting malicious software and planning a distributed-denial-of-service (DDoS) attack.
A software programmer charged with copying secret financial trading code from Goldman Sachs computers was sentenced Friday to eight years in prison. Sergey Aleynikov, 41, a naturalized U.S. citizen who emigrated from Russia, had resigned from his $400,000-a-year Goldman Sachs position in June 2009 to take a new job in Chicago. Before going, however, he uploaded code related to the firm's proprietary trading program from his workstation to a server in Germany and then downloaded it to his computers at home. Aleynikov was also ordered to pay a $12,500 fine and serve three years of supervised release following his sentence.
Dust off your company's risk assessment process and make sure it is up to date because this is where your approach to defending against a WikiLeaks type of threat is going to start.
Thanks to WikiLeaks and a struggling economy, the internal threat has risen to a new level of prominence. Dawn Cappelli of Carnegie Mellon describes the profile of the rogue insider.
Debate: The model of 'trust but verify' is effective at mitigating the insider threat.
Join us online today for the latest free SC eSymposium: Insiders with access.
Today's security appliances do a great job patrolling the network perimeter, but what do you do when the threat is coming from inside the building?
This year, thanks to a renewed focus on the insider threat, the longings of the security professional may come to fruition.
Federal departments and agencies that handle classified data are required by Jan. 28 to complete an assessment of the safety measures they have in place to protect national security information, an effort prompted by the leak of confidential U.S. documents by whistleblower site WikiLeaks.
Whether the trend of privatizing military resources is good or not, it is already happening.
I'm sorry to hear that federal prosecutors, in a desire to get WikiLeaks founder Julian Assange to the United States to face charges for his role in the exposure of classified diplomatic cables, are turning to the Computer Fraud and Abuse Act for help.
Trusting no one may soon become the new mantra in IT security, given the leak of sensitive U.S. diplomatic cables.
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Vulnerabilities identified in three Advantech products
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- State Department hack may be tied to White House network breach
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard
- Study: Third of employees use company devices for social media and online shopping
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Swedish appeals court nixes Assange's plea
- Critical XSS vulnerability addressed in WordPress
- The Internet of Things (IoT) will fail if security has no context