Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Insider Threats: Breaching The Human Barrier
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/24/2014 | 7:48:46 AM
Re: 'Zero trust' models are the way forward
Sounds llike you have awesome employees, @TMILLARSL4. But the cynic in me thinks that there is more to your strategy than kumbaya. What exactly do you do in your organization to educate and empower people  that makes them allies in the battle against malicious outsiders?  
TMILLARSL4
50%
50%
TMILLARSL4,
User Rank: Apprentice
10/24/2014 | 6:43:17 AM
Re: 'Zero trust' models are the way forward
Zero Trust can only fail.

I'm sorry to contradict you in such strong terms, but Zero trust can only fail. Unless you lock employees out of the network, there will always be scope for negligence, user error and access creep.

My favorite saying is there is no technical fix for the human problem. There are only human ones.

My view is, trust your employees, as adults and partners in creating value. Most insider attacks (if they are not actual infiltration (Deliberately getting hired to be on the inside) are motivated by feeling of being disempowered and disillusioned.

If you don't trust your employees, why should they protect your business. Educate and empower them, recruit them as allies against malicious outsider action, and you will be far more successful. Reward them for highlighting vulnerable system and help them understand what they personally stand to loose from breaches.

Employees will be far more motivated to follow corporate policy if they understand the consequences to them personally (New job?)

And before you respond that this is idealistic or impractical, this is the reality. Every employee is the guardian of value within your business. The sooner businesses realise that the better.

Regards

Tom.
Franois Amigorena
0%
100%
Franois Amigorena,
User Rank: Author
10/24/2014 | 5:59:38 AM
'Zero trust' models are the way forward

Agree that all the technology solutions in the world cannot solve every problem, and that every organisation is only as strong as its weakest link. However technology does have a place in educating and moderating human behaviour, and our research findings have shown that even supposedly 'educated' users still make mistakes. 

Which is why there's a strong argument for a 'zero trust' model. Using technology like UserLock to funnel your users into working within your security policies, with little to no room for manoeuvre, can educate employees into following company policy. 

Rather than the traditional security model that views everything on the inside of the network as 'trusted', and everything off the network as 'not trusted', leaving it open to internal misuse, that distinction isn't made. With the zero trust model an organisation can benefit from a 'never trust, always verify' principle and therefore enable better access security for all authenticated users." 

davidneville
50%
50%
davidneville,
User Rank: Apprentice
10/21/2014 | 1:56:20 PM
Finding a purposefully buried needle in a haystack
The post reminds me of Jeff Williams 2009 BlackHat report on Enterprise Java Rootkits, "Hardly anyone watches the developers." According to SANS, "There is no quick and inexpensive method to ensure that malicious code is prevented." But there are some things to keep in mind when undertaking a malicious code review:


·Establish Your Scope. Your team can't possibly review all of the code in your organization. As it is, finding malicious code is like finding a needle in a haystack. Narrow the haystack and you improve your chances of finding the proverbial needle.

·Allow Ample Time. Injectors of malicious code didn't write it on a whim. Discovering it will take more than one pass through the code, so allow your team ample time to ensure their results.

·Train Your Team. Having the latest and greatest tools in application security is nice; knowing how to use them is even better. Encourage your team to learn the ins and outs of the technology so they can use it to its fullest potential.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
10/21/2014 | 11:26:24 AM
malicious insiders
Not surprising that disgruntled employees are a primary source of insider attacks. But what measures can organizations take to identify and prevent them from doing damage? Aren't there civil rights laws that protect them? How proactive can security teams really be? 


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27652
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27653
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27654
PUBLISHED: 2020-10-29
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
CVE-2020-27655
PUBLISHED: 2020-10-29
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CVE-2020-27656
PUBLISHED: 2020-10-29
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.