Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Insider Dangers Are Hiding in Collaboration Tools
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:03:15 PM
Re: Insider
@Dr.T: They may be unavoidable, but they can be quickly mitigated with proper network monitoring to detect aberrant behavior.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:02:02 PM
Measuring negative sentiment
I'm kind of concerned about tracking negative sentiment on private-communication employee channels to tie to individuals. It's one thing to look at it as an overall possible indicator of current and future employee satisfaction, but it's another thing altogether to look for "thoughtcrime". Everybody's got a gripe at some point in their work environment; that alone means nothing.

And as for legal risk about discriminatory remarks as well as InfoSec risk about confidential data being spread and maintained in private channels, best to use ephemeral communication channels where communication is encrypted and promptly deleted. That way, no damaging messages of any kind -- security risks, legal risks, etc. -- are kept and maintained. The modern enterprise hoards too much data as it is.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 9:03:47 AM
Educate employees
According to a recent report, 57% of organizations plan on increasing their spending on collaborative tools in 2018. I am still in favor of enterprise collaboration tools since we can use them to educate employees agains attacks.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 9:02:25 AM
Insider
"This creates a scenario where inadvertent actors may accidentally and negligently share sensitive data because they put something in writing they wouldn't ordinarily email to a colleague," Insider attacks are unavoidable if somebody wants to do it. Maybe trainings can help here.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:57:49 AM
Confidential
In a study of over 1 million employee messages, the "Human Behavior Risk Analysis" report found that confidential information is shared in one out of every 118 public communications. This number shows quite high level, in a Slack envirment we tend to share confidential information as we do in email.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:54:22 AM
Negative sentiment
The study shows that one out of every 380 public messages receives a negative sentiment score, That makes sense, you can really get a lot out of an ESN site.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:52:17 AM
Passwords in private channels
Private communication channels are worse. Private conversation messages are 165% more likely to contain identification numbers and 76% more likely to contain passwords. I agree, I constanlty see password being shared in slack channels, regardless private or not.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:49:51 AM
Re: IT Security Hygiene for employees
Frequently we find clients that have their entire Google Drives open Obviously a bad practice. It needs to be a least privileged access on the drive. ESNs are a little bit different, you need more collaboration options than not.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:47:59 AM
Re: IT Security Hygiene for employees
I think there is a lot of confusion about what can be seen and who can view it. There are certain level controls on enterprise social networking tools such as Facebook workplace, but I agree it needs to be adjusted to company culture to avoid issues coming with it.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:46:13 AM
Re: Similarities to physcal security
Just last week my office ran an active shooter seminar. Congratulation on this practice, it is important to create awareness for the employees on this issue.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-20691
PUBLISHED: 2021-09-27
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVE-2020-20692
PUBLISHED: 2021-09-27
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
CVE-2020-20693
PUBLISHED: 2021-09-27
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
CVE-2020-20695
PUBLISHED: 2021-09-27
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
CVE-2020-20696
PUBLISHED: 2021-09-27
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.