Insider Threat

RSA 2013: User habits and behavior can denote a future insider thief

By

FBI CISO Patrick Reidy and insider threat analyst Kate Randal spoke on behavioral-based indicators to determine insider threats within the workplace.

10 steps toward eliminating insider threats

10 steps toward eliminating insider threats

If there's one threat in information security that's difficult to prevent, it's the insider threat. But there are ways in which your organization can minimize the risks.

Insider threat behavior not just actions: Part two of a series

Insider threat behavior not just actions: Part two of a series

When it comes to insider threats, we often focus on implementing technologies and auditing at the endpoint, but it's the user behavior that we have to get a better grasp of.

Countering insider threats: Part One of a series

Countering insider threats: Part One of a series

There may be no silver bullet to detect or prevent insider threats, but there are sophisticated technological solutions that can help.

The insider threat

The insider threat

The theft or misuse of corporate assets and customer data poses challenges, but there are strategies and tools to put in place to help mitigate the possibility.

Insider threat: The game has changed

Insider threat: The game has changed

IT security practitioners tend to focus on networked security threats, but preventing insider threats are where the real challenges lie.

Lessons on insider threats

Every company in every part of the world is subject to some level of insider threat.

Some 2M possibly affected by NYSEG, RG&E data compromise

By

Unauthorized individuals gained access to the personal data belonging to customers of New York State Electric & Gas (NYSEG) and Rochester Gas & Electric (RG&E), which are owned by Iberdrola USA.

NYC authorities charge 55 in cyber fraud, ID theft ring

By

The defendants were part of a coordinated operation that resulted in the theft of more than $2 million from JP Morgan Chase Bank, TD Bank, Citibank, Discover and American Express.

Man charged with hacking Hoboken, N.J. mayor's email

By

Patrick Ricciardi, 45, allegedly abused his access as an information systems specialist to spy on official emails meant for Hoboken, N.J. Mayor Dawn Zimmer.

White House order tackles insider threat post-WikiLeaks

By

The order follows a seven-month, government-wide review, prompted by the leak of classified U.S. documents by whistleblower site WikiLeaks.

Countrywide insider gets eight months in prison for theft

By

A senior analyst at Countrywide Financial was ordered to pay $1.2 million in restitution after pleading guilty to his role in a scam to steal personal data of customers.

Security supervisor nabbed for bot herding

By

Montreal-based security supervisor Joseph Mercier has been charged by the RCMP after allegedly developing malware to create a botnet.

UCLA Health System fined over celebrity patient snooping

By

UCLA Health System must pay $865,500 as part of a settlement with the U.S. Department of Health and Human Services (HHS) over complaints that employees snooped on the health records of two celebrities.

California state workers' data taken from state offices

By

The personal information of thousands of current and former California state employees was improperly copied to a hard drive and removed from state offices.

Alberta school board loses sensitive flash drive

By

A USB stick containing the personal information of thousands of employees of Alberta's Edmonton Public School Board has gone missing.

Wind power company disputes alleged SCADA hack

By

A major U.S. energy supplier has found no evidence of breach despite claims by a former employee that he hacked into the company's New Mexico wind turbine facility as revenge for being fired.

Former Gucci insider charged with hacking network

By

A former network engineer at Gucci has been charged with hacking into the company's network, deleting data and shutting down servers and networks.

Texas hospital hacker sentenced to nine years

By

A former Dallas hospital guard was sentenced last week to nine years in federal prison for breaking into hospital computers, planting malicious software and planning a distributed-denial-of-service (DDoS) attack.

Goldman Sachs programmer sentenced for code theft

By

A software programmer charged with copying secret financial trading code from Goldman Sachs computers was sentenced Friday to eight years in prison. Sergey Aleynikov, 41, a naturalized U.S. citizen who emigrated from Russia, had resigned from his $400,000-a-year Goldman Sachs position in June 2009 to take a new job in Chicago. Before going, however, he uploaded code related to the firm's proprietary trading program from his workstation to a server in Germany and then downloaded it to his computers at home. Aleynikov was also ordered to pay a $12,500 fine and serve three years of supervised release following his sentence.

Post-WikiLeaks: Back to basics

Post-WikiLeaks: Back to basics

Dust off your company's risk assessment process and make sure it is up to date because this is where your approach to defending against a WikiLeaks type of threat is going to start.

Internal review: The insider threat risk

Internal review: The insider threat risk

By

Thanks to WikiLeaks and a struggling economy, the internal threat has risen to a new level of prominence. Dawn Cappelli of Carnegie Mellon describes the profile of the rogue insider.

Debate: The model of 'trust but verify' is effective at mitigating the insider threat.

Debate: The model of 'trust but verify' is effective at mitigating the insider threat.

SC Magazine hosts e-symposium today on insider threat

By

Join us online today for the latest free SC eSymposium: Insiders with access.

Protecting the network from inside the firewall

Protecting the network from inside the firewall

Today's security appliances do a great job patrolling the network perimeter, but what do you do when the threat is coming from inside the building?

2011: A security manager's wish list

2011: A security manager's wish list

This year, thanks to a renewed focus on the insider threat, the longings of the security professional may come to fruition.

WikiLeaks-prompted assessments due this month

By

Federal departments and agencies that handle classified data are required by Jan. 28 to complete an assessment of the safety measures they have in place to protect national security information, an effort prompted by the leak of confidential U.S. documents by whistleblower site WikiLeaks.

Hired guns: Cyberwarfare and cyber-mercs

Whether the trend of privatizing military resources is good or not, it is already happening.

Save the U.S. anti-hacking law for the real hackers, not Assange

By

I'm sorry to hear that federal prosecutors, in a desire to get WikiLeaks founder Julian Assange to the United States to face charges for his role in the exposure of classified diplomatic cables, are turning to the Computer Fraud and Abuse Act for help.

How the WikiLeaks crisis could have been prevented

How the WikiLeaks crisis could have been prevented

Trusting no one may soon become the new mantra in IT security, given the leak of sensitive U.S. diplomatic cables.

Sign up to our newsletters

POLL