Globally, over one-third of businesses are impacted by insider threats every year, with organizations experiencing a 47% increase in insider incidents since 2018.
Regardless of whether these incidents are malicious or accidental, the ease of access to critical information possessed by insiders and difficulty identifying, tracking, and quantifying their damage makes this a critical risk that organizations must address. Pathfynder is at the forefront of establishing and maturing insider threat programs for global organizations. The following case study covers an insider threat engagement with a Fortune 50 company.
0 Comments
Justin Jackson - Director, Revenue Operations Sometimes marketer. Aspiring analytics nerd. Donut lover. The Bottom-Line Up Front: While the work from home advantage is clear for some businesses, leaders need to understand how this new reality impacts their cybersecurity posture. With that in mind, there are a few best practices to consider that will have an immediate positive impact on your company's security. BE ON THE LOOKOUT – to our peers in the industrial manufacturing, shipping, and logistics industries, there is an active adversary purchasing look-alike domains to execute business email compromise against you.
Justin Jackson - Director, Revenue Operations Sometimes marketer. Aspiring analytics nerd. Donut lover. The Bottom-Line Up Front: The threat from insiders is often the least considered—but arguably the most dangerous—type of cyber threat companies face. Time and time again, however, we are reminded that ignoring this threat is a serious mistake. The question then becomes: what is your company doing to mitigate the threat from insiders? Description:
A host header injection vulnerability has been discovered in SecZetta's NEProfile product. Authenticated remote adversaries can poison the host header resulting in the attacker controlling response 302 execution flow. The issue affects version 3.3.11 and has not been tested on other versions of the product. Nice work, Bryan. More to follow! https://seclists.org/fulldisclosure/2020/Aug/17 Justin Jackson - Director, Revenue Operations Sometimes marketer. Aspiring analytics nerd. Donut lover. The Bottom-Line Up Front: Don't assume your defenses are effective; instead, continuously test and probe them for weaknesses, because that is what your adversary is doing. These are lessons that have been painfully learned, both in the annals of military history and corporate conference calls following a major data breach. Justin Jackson - Director, Revenue Operations Sometimes marketer. Aspiring analytics nerd. Donut lover. The Bottom-Line Up Front: Cyber adversaries thrive in times of chaos and they have rapidly pivoted to take advantage of the current situation. Right now, they are hard at work launching COVID-19 related attacks against companies and their employees. Are the defensive controls you had in place 3-months ago sufficient today? |
Archives
December 2020
Categories
All
|