Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Insider Dangers Are Hiding in Collaboration Tools
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:03:15 PM
Re: Insider
@Dr.T: They may be unavoidable, but they can be quickly mitigated with proper network monitoring to detect aberrant behavior.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:02:02 PM
Measuring negative sentiment
I'm kind of concerned about tracking negative sentiment on private-communication employee channels to tie to individuals. It's one thing to look at it as an overall possible indicator of current and future employee satisfaction, but it's another thing altogether to look for "thoughtcrime". Everybody's got a gripe at some point in their work environment; that alone means nothing.

And as for legal risk about discriminatory remarks as well as InfoSec risk about confidential data being spread and maintained in private channels, best to use ephemeral communication channels where communication is encrypted and promptly deleted. That way, no damaging messages of any kind -- security risks, legal risks, etc. -- are kept and maintained. The modern enterprise hoards too much data as it is.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 9:03:47 AM
Educate employees
According to a recent report, 57% of organizations plan on increasing their spending on collaborative tools in 2018. I am still in favor of enterprise collaboration tools since we can use them to educate employees agains attacks.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 9:02:25 AM
Insider
"This creates a scenario where inadvertent actors may accidentally and negligently share sensitive data because they put something in writing they wouldn't ordinarily email to a colleague," Insider attacks are unavoidable if somebody wants to do it. Maybe trainings can help here.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:57:49 AM
Confidential
In a study of over 1 million employee messages, the "Human Behavior Risk Analysis" report found that confidential information is shared in one out of every 118 public communications. This number shows quite high level, in a Slack envirment we tend to share confidential information as we do in email.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:54:22 AM
Negative sentiment
The study shows that one out of every 380 public messages receives a negative sentiment score, That makes sense, you can really get a lot out of an ESN site.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:52:17 AM
Passwords in private channels
Private communication channels are worse. Private conversation messages are 165% more likely to contain identification numbers and 76% more likely to contain passwords. I agree, I constanlty see password being shared in slack channels, regardless private or not.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:49:51 AM
Re: IT Security Hygiene for employees
Frequently we find clients that have their entire Google Drives open Obviously a bad practice. It needs to be a least privileged access on the drive. ESNs are a little bit different, you need more collaboration options than not.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:47:59 AM
Re: IT Security Hygiene for employees
I think there is a lot of confusion about what can be seen and who can view it. There are certain level controls on enterprise social networking tools such as Facebook workplace, but I agree it needs to be adjusted to company culture to avoid issues coming with it.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:46:13 AM
Re: Similarities to physcal security
Just last week my office ran an active shooter seminar. Congratulation on this practice, it is important to create awareness for the employees on this issue.
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2007-6758
PUBLISHED: 2020-01-23
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.
CVE-2010-3295
PUBLISHED: 2020-01-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-3691
PUBLISHED: 2020-01-23
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1....
CVE-2020-6843
PUBLISHED: 2020-01-23
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS.
CVE-2020-7931
PUBLISHED: 2020-01-23
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain...