Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Insider Threats: Breaching The Human Barrier
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
10/24/2014 | 7:48:46 AM
Re: 'Zero trust' models are the way forward
Sounds llike you have awesome employees, @TMILLARSL4. But the cynic in me thinks that there is more to your strategy than kumbaya. What exactly do you do in your organization to educate and empower people  that makes them allies in the battle against malicious outsiders?  
User Rank: Apprentice
10/24/2014 | 6:43:17 AM
Re: 'Zero trust' models are the way forward
Zero Trust can only fail.

I'm sorry to contradict you in such strong terms, but Zero trust can only fail. Unless you lock employees out of the network, there will always be scope for negligence, user error and access creep.

My favorite saying is there is no technical fix for the human problem. There are only human ones.

My view is, trust your employees, as adults and partners in creating value. Most insider attacks (if they are not actual infiltration (Deliberately getting hired to be on the inside) are motivated by feeling of being disempowered and disillusioned.

If you don't trust your employees, why should they protect your business. Educate and empower them, recruit them as allies against malicious outsider action, and you will be far more successful. Reward them for highlighting vulnerable system and help them understand what they personally stand to loose from breaches.

Employees will be far more motivated to follow corporate policy if they understand the consequences to them personally (New job?)

And before you respond that this is idealistic or impractical, this is the reality. Every employee is the guardian of value within your business. The sooner businesses realise that the better.


Franois Amigorena
Franois Amigorena,
User Rank: Author
10/24/2014 | 5:59:38 AM
'Zero trust' models are the way forward

Agree that all the technology solutions in the world cannot solve every problem, and that every organisation is only as strong as its weakest link. However technology does have a place in educating and moderating human behaviour, and our research findings have shown that even supposedly 'educated' users still make mistakes. 

Which is why there's a strong argument for a 'zero trust' model. Using technology like UserLock to funnel your users into working within your security policies, with little to no room for manoeuvre, can educate employees into following company policy. 

Rather than the traditional security model that views everything on the inside of the network as 'trusted', and everything off the network as 'not trusted', leaving it open to internal misuse, that distinction isn't made. With the zero trust model an organisation can benefit from a 'never trust, always verify' principle and therefore enable better access security for all authenticated users." 

User Rank: Apprentice
10/21/2014 | 1:56:20 PM
Finding a purposefully buried needle in a haystack
The post reminds me of Jeff Williams 2009 BlackHat report on Enterprise Java Rootkits, "Hardly anyone watches the developers." According to SANS, "There is no quick and inexpensive method to ensure that malicious code is prevented." But there are some things to keep in mind when undertaking a malicious code review:

·Establish Your Scope. Your team can't possibly review all of the code in your organization. As it is, finding malicious code is like finding a needle in a haystack. Narrow the haystack and you improve your chances of finding the proverbial needle.

·Allow Ample Time. Injectors of malicious code didn't write it on a whim. Discovering it will take more than one pass through the code, so allow your team ample time to ensure their results.

·Train Your Team. Having the latest and greatest tools in application security is nice; knowing how to use them is even better. Encourage your team to learn the ins and outs of the technology so they can use it to its fullest potential.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
10/21/2014 | 11:26:24 AM
malicious insiders
Not surprising that disgruntled employees are a primary source of insider attacks. But what measures can organizations take to identify and prevent them from doing damage? Aren't there civil rights laws that protect them? How proactive can security teams really be? 

Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-23
Incorrect username validation in the registration processes of CTFd through 2.2.2 allows a remote attacker to take over an arbitrary account after initiating a password reset. This is related to register() and reset_password() in auth.py. To exploit the vulnerability, one must register with a userna...
PUBLISHED: 2020-01-23
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...
PUBLISHED: 2020-01-23
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue...
PUBLISHED: 2020-01-23
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
PUBLISHED: 2020-01-23
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.