Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Insider Threats: Breaching The Human Barrier
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/24/2014 | 7:48:46 AM
Re: 'Zero trust' models are the way forward
Sounds llike you have awesome employees, @TMILLARSL4. But the cynic in me thinks that there is more to your strategy than kumbaya. What exactly do you do in your organization to educate and empower people  that makes them allies in the battle against malicious outsiders?  
TMILLARSL4
50%
50%
TMILLARSL4,
User Rank: Apprentice
10/24/2014 | 6:43:17 AM
Re: 'Zero trust' models are the way forward
Zero Trust can only fail.

I'm sorry to contradict you in such strong terms, but Zero trust can only fail. Unless you lock employees out of the network, there will always be scope for negligence, user error and access creep.

My favorite saying is there is no technical fix for the human problem. There are only human ones.

My view is, trust your employees, as adults and partners in creating value. Most insider attacks (if they are not actual infiltration (Deliberately getting hired to be on the inside) are motivated by feeling of being disempowered and disillusioned.

If you don't trust your employees, why should they protect your business. Educate and empower them, recruit them as allies against malicious outsider action, and you will be far more successful. Reward them for highlighting vulnerable system and help them understand what they personally stand to loose from breaches.

Employees will be far more motivated to follow corporate policy if they understand the consequences to them personally (New job?)

And before you respond that this is idealistic or impractical, this is the reality. Every employee is the guardian of value within your business. The sooner businesses realise that the better.

Regards

Tom.
Franois Amigorena
0%
100%
Franois Amigorena,
User Rank: Author
10/24/2014 | 5:59:38 AM
'Zero trust' models are the way forward

Agree that all the technology solutions in the world cannot solve every problem, and that every organisation is only as strong as its weakest link. However technology does have a place in educating and moderating human behaviour, and our research findings have shown that even supposedly 'educated' users still make mistakes. 

Which is why there's a strong argument for a 'zero trust' model. Using technology like UserLock to funnel your users into working within your security policies, with little to no room for manoeuvre, can educate employees into following company policy. 

Rather than the traditional security model that views everything on the inside of the network as 'trusted', and everything off the network as 'not trusted', leaving it open to internal misuse, that distinction isn't made. With the zero trust model an organisation can benefit from a 'never trust, always verify' principle and therefore enable better access security for all authenticated users." 

davidneville
50%
50%
davidneville,
User Rank: Apprentice
10/21/2014 | 1:56:20 PM
Finding a purposefully buried needle in a haystack
The post reminds me of Jeff Williams 2009 BlackHat report on Enterprise Java Rootkits, "Hardly anyone watches the developers." According to SANS, "There is no quick and inexpensive method to ensure that malicious code is prevented." But there are some things to keep in mind when undertaking a malicious code review:


·Establish Your Scope. Your team can't possibly review all of the code in your organization. As it is, finding malicious code is like finding a needle in a haystack. Narrow the haystack and you improve your chances of finding the proverbial needle.

·Allow Ample Time. Injectors of malicious code didn't write it on a whim. Discovering it will take more than one pass through the code, so allow your team ample time to ensure their results.

·Train Your Team. Having the latest and greatest tools in application security is nice; knowing how to use them is even better. Encourage your team to learn the ins and outs of the technology so they can use it to its fullest potential.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
10/21/2014 | 11:26:24 AM
malicious insiders
Not surprising that disgruntled employees are a primary source of insider attacks. But what measures can organizations take to identify and prevent them from doing damage? Aren't there civil rights laws that protect them? How proactive can security teams really be? 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-36328
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database.
CVE-2021-36329
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.
CVE-2021-36330
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user.
CVE-2021-41256
PUBLISHED: 2021-11-30
nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giv...
CVE-2021-36326
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format...