Endpoint

11/2/2017
12:00 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

10 Mistakes End Users Make That Drive Security Managers Crazy

Here's a list of common, inadvertent missteps end users make that can expose company data.
Previous
1 of 11
Next

Image Source: Shutterstock

Image Source: Shutterstock

There's so much news about major hacks from nation-states such as Russia, North Korea, Iran, and various criminal gangs in Eastern Europe.

But what's less understood is that an important percentage of breaches stem from insiders. Forrester Research found that nearly 40% of all data breaches are caused by insiders. And of those insider breaches, 26% are caused by abuse or malicious intent by insiders, and 56% are caused by inadvertent misuse or sheer accidents by employees.

"Data is too often mishandled by employees," says Merritt Maxim, a principal analyst at Forrester Research who serves security and risk professionals. "A good tip for companies is to take more time classifying their data. If people understand what the organization considers sensitive, there's less of a chance that it will be mishandled."

Based on interviews with Forrester's Maxim and IDC's Frank Dickson and Robert Westervelt, we pinpointed 10 common ways employees mishandle - and inadvertently breach - an organization’s security.

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kwanlass
50%
50%
kwanlass,
User Rank: Apprentice
11/2/2017 | 2:24:15 PM
Timely topic
The slide about "Losing track of corrupted thumb drives" seems particularly timely after that USB drive was found on the streets of London last week with 70 unencrypted security files about from Heathrow International Airport. The question remains about how the drive ended up where it did but according to my client, Veriato, it's reasonable to assume this was an act by an insider with access to sensitive security data. Whatever the scenario, it definitely illustrates the dangers that trusted insiders can pose (whther inadvertently or maliciously) to their companies as well as to public safety and even national security. Will be interesting to see how this story unfolds.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17321
PUBLISHED: 2018-09-22
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
CVE-2018-17322
PUBLISHED: 2018-09-22
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
CVE-2018-14889
PUBLISHED: 2018-09-21
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
CVE-2018-14890
PUBLISHED: 2018-09-21
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.
CVE-2018-14891
PUBLISHED: 2018-09-21
Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability.