Endpoint

11/2/2017
12:00 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

10 Mistakes End Users Make That Drive Security Managers Crazy

Here's a list of common, inadvertent missteps end users make that can expose company data.
Previous
1 of 11
Next

Image Source: Shutterstock

Image Source: Shutterstock

There's so much news about major hacks from nation-states such as Russia, North Korea, Iran, and various criminal gangs in Eastern Europe.

But what's less understood is that an important percentage of breaches stem from insiders. Forrester Research found that nearly 40% of all data breaches are caused by insiders. And of those insider breaches, 26% are caused by abuse or malicious intent by insiders, and 56% are caused by inadvertent misuse or sheer accidents by employees.

"Data is too often mishandled by employees," says Merritt Maxim, a principal analyst at Forrester Research who serves security and risk professionals. "A good tip for companies is to take more time classifying their data. If people understand what the organization considers sensitive, there's less of a chance that it will be mishandled."

Based on interviews with Forrester's Maxim and IDC's Frank Dickson and Robert Westervelt, we pinpointed 10 common ways employees mishandle - and inadvertently breach - an organization’s security.

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kwanlass
50%
50%
kwanlass,
User Rank: Apprentice
11/2/2017 | 2:24:15 PM
Timely topic
The slide about "Losing track of corrupted thumb drives" seems particularly timely after that USB drive was found on the streets of London last week with 70 unencrypted security files about from Heathrow International Airport. The question remains about how the drive ended up where it did but according to my client, Veriato, it's reasonable to assume this was an act by an insider with access to sensitive security data. Whatever the scenario, it definitely illustrates the dangers that trusted insiders can pose (whther inadvertently or maliciously) to their companies as well as to public safety and even national security. Will be interesting to see how this story unfolds.
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8030
PUBLISHED: 2018-06-20
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 a...
CVE-2018-1117
PUBLISHED: 2018-06-20
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this cou...
CVE-2018-11701
PUBLISHED: 2018-06-20
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
CVE-2018-11702
PUBLISHED: 2018-06-20
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
CVE-2018-11703
PUBLISHED: 2018-06-20
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.