Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Restoring Business Velocity and Trust in Users with Risk-Adaptive Protection
Threaded  |  Newest First  |  Oldest First
ConwayK9781
ConwayK9781,
User Rank: Strategist
6/25/2018 | 8:02:45 AM
You lost me at "[t]rust in the individual as it relates to security..."
I think the main problem that I have with this analogy is that with the TSA example, no one is accidentally a terrorist on an airplane.  No one accidentally takes flying lessons, accidentally sneaks a weapon of some sort onto a plane, accidentally hijacks the plane and works themselves into the cockpit, and then accidentally slams the plane into a building.  "Whoops, I meant to go out and buy dinner, not become a hardcore terrorist!"

The users on the network, however, don't require malice to become a security threat.  They just require a lack of understanding and a degree of gullibility.  Anyone that's ever worked in any business at all (whether IT/IS related or not) can tell you with absolute certainty that at every single company they've worked at these kinds of people exist.  With the TSA they assume people aren't malicious, with the network you have to assume they are not malicious AND they are well informed on matters that are completely unrelated to their job.

That just seems like a bad assumption to me.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-39258
PUBLISHED: 2022-09-27
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal o...
CVE-2022-39256
PUBLISHED: 2022-09-27
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the ...
CVE-2022-3298
PUBLISHED: 2022-09-26
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8.
CVE-2022-40098
PUBLISHED: 2022-09-26
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php.
CVE-2022-40099
PUBLISHED: 2022-09-26
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php.