Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Insider Dangers Are Hiding in Collaboration Tools
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:03:15 PM
Re: Insider
@Dr.T: They may be unavoidable, but they can be quickly mitigated with proper network monitoring to detect aberrant behavior.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:02:02 PM
Measuring negative sentiment
I'm kind of concerned about tracking negative sentiment on private-communication employee channels to tie to individuals. It's one thing to look at it as an overall possible indicator of current and future employee satisfaction, but it's another thing altogether to look for "thoughtcrime". Everybody's got a gripe at some point in their work environment; that alone means nothing.

And as for legal risk about discriminatory remarks as well as InfoSec risk about confidential data being spread and maintained in private channels, best to use ephemeral communication channels where communication is encrypted and promptly deleted. That way, no damaging messages of any kind -- security risks, legal risks, etc. -- are kept and maintained. The modern enterprise hoards too much data as it is.
Dr.T
Dr.T,
User Rank: Ninja
6/29/2018 | 9:03:47 AM
Educate employees
According to a recent report, 57% of organizations plan on increasing their spending on collaborative tools in 2018. I am still in favor of enterprise collaboration tools since we can use them to educate employees agains attacks.
Dr.T
Dr.T,
User Rank: Ninja
6/29/2018 | 9:02:25 AM
Insider
"This creates a scenario where inadvertent actors may accidentally and negligently share sensitive data because they put something in writing they wouldn't ordinarily email to a colleague," Insider attacks are unavoidable if somebody wants to do it. Maybe trainings can help here.
Dr.T
Dr.T,
User Rank: Ninja
6/29/2018 | 8:57:49 AM
Confidential
In a study of over 1 million employee messages, the "Human Behavior Risk Analysis" report found that confidential information is shared in one out of every 118 public communications. This number shows quite high level, in a Slack envirment we tend to share confidential information as we do in email.
Dr.T
Dr.T,
User Rank: Ninja
6/29/2018 | 8:54:22 AM
Negative sentiment
The study shows that one out of every 380 public messages receives a negative sentiment score, That makes sense, you can really get a lot out of an ESN site.
Dr.T
Dr.T,
User Rank: Ninja
6/29/2018 | 8:52:17 AM
Passwords in private channels
Private communication channels are worse. Private conversation messages are 165% more likely to contain identification numbers and 76% more likely to contain passwords. I agree, I constanlty see password being shared in slack channels, regardless private or not.
Dr.T
Dr.T,
User Rank: Ninja
6/29/2018 | 8:49:51 AM
Re: IT Security Hygiene for employees
Frequently we find clients that have their entire Google Drives open Obviously a bad practice. It needs to be a least privileged access on the drive. ESNs are a little bit different, you need more collaboration options than not.
Dr.T
Dr.T,
User Rank: Ninja
6/29/2018 | 8:47:59 AM
Re: IT Security Hygiene for employees
I think there is a lot of confusion about what can be seen and who can view it. There are certain level controls on enterprise social networking tools such as Facebook workplace, but I agree it needs to be adjusted to company culture to avoid issues coming with it.
Dr.T
Dr.T,
User Rank: Ninja
6/29/2018 | 8:46:13 AM
Re: Similarities to physcal security
Just last week my office ran an active shooter seminar. Congratulation on this practice, it is important to create awareness for the employees on this issue.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30333
PUBLISHED: 2022-05-09
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
CVE-2022-23066
PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
CVE-2022-28463
PUBLISHED: 2022-05-08
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-28470
PUBLISHED: 2022-05-08
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVE-2022-1620
PUBLISHED: 2022-05-08
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.