Globally, over one-third of businesses are impacted by insider threats every year, with organizations experiencing a 47% increase in insider incidents since 2018.
Regardless of whether these incidents are malicious or accidental, the ease of access to critical information possessed by insiders and difficulty identifying, tracking, and quantifying their damage makes this a critical risk that organizations must address. Pathfynder is at the forefront of establishing and maturing insider threat programs for global organizations. The following case study covers an insider threat engagement with a Fortune 50 company.
The Bottom-Line Up Front: While the work from home advantage is clear for some businesses, leaders need to understand how this new reality impacts their cybersecurity posture. With that in mind, there are a few best practices to consider that will have an immediate positive impact on your company's security.
BE ON THE LOOKOUT – to our peers in the industrial manufacturing, shipping, and logistics industries, there is an active adversary purchasing look-alike domains to execute business email compromise against you.
The Bottom-Line Up Front: The threat from insiders is often the least considered—but arguably the most dangerous—type of cyber threat companies face. Time and time again, however, we are reminded that ignoring this threat is a serious mistake. The question then becomes: what is your company doing to mitigate the threat from insiders?
A host header injection vulnerability has been discovered in SecZetta's NEProfile product. Authenticated remote adversaries can poison the host header resulting in the attacker controlling response 302 execution flow. The issue affects version 3.3.11 and has not been tested on other versions of the product.
We are excited to announce that IntelMonkey is now Pathfynder!
Pathfynder embodies our expanded capability set and dedication to bringing the best cyber solutions to our customers in these uncertain times. Defeating tomorrow's cyber threats requires conviction, agility, and innovation. We are here for you. Any time. Any place.
We've looked forward to this release since March and have incorporated these sub-techniques in our threat modeling process. We've found the increased technique fidelity and the ability to address more nuanced adversary behaviors to be really impactful.
From MITRE ATT&CK:
"We’re excited to announce the release of ATT&CK with sub-techniques! We released a beta preview of the content in March, and now (with some small updates and fixes) it has become the current version of ATT&CK. Our hope is that this sets up ATT&CK on a much more sustainable path for the years to come. You can find the new version of ATT&CK and what's changed on our website (https://lnkd.in/e_DrbMC).
We've also released a new blog post pulling together what's changed, why, and how to shift to this new version of ATT&CK."
We are excited to welcome Bryan Clements to the Pathfynder team as Senior Director, Cyber Operations.
Bryan is a highly respected cybersecurity professional with over 15 years helping Fortune 50 and Small and Medium Businesses(SMB) successfully navigate complex security challenges.
Bryan’s experience assessing and improving cyber readiness, designing and building security systems, and leading and maturing insider threat programs will both complement and expand our capability set.
And most importantly, Bryan shares Pathfynder’s commitment to service and passion for helping organizations defeat cyber adversaries.