Vulnerabilities / Threats

8/17/2016
04:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

8 Surprising Statistics About Insider Threats

Insider theft and negligence is real--and so are the practices that amplify the risks.
Previous
1 of 9
Next

Image Source: Adobe Stock

Image Source: Adobe Stock

Even though insider threat events are typically much more infrequent than external attacks, they usually pose a much higher severity of risk for organizations when they do happen. Whether malicious or simply negligent, insiders need access to sensitive intellectual property and systems to do their jobs. As a result, when they break policy accidentally or choose to steal, their actions stand to do a tremendous amount of damage to a business. Here's how recent surveys and statistics measure perceptions about the risk posed by insider threats, along with some of the common shortfalls in IT security that unnecessarily expose organizations to higher insider risks.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DLJ@HPE
50%
50%
[email protected],
User Rank: Author
8/26/2016 | 12:55:18 PM
A simple step to reduce the threat
Insider threats are much harder to detect and potentially much more damaging financially and reputationally than an external attack. Secure content management, which employs technology assisted capabilties to constantly scan, analyze and act to reduce the risk needs to be an essential part of every organizations data protection strategy.
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1067
PUBLISHED: 2018-05-21
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is ...
CVE-2018-7268
PUBLISHED: 2018-05-21
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information suc...
CVE-2018-11092
PUBLISHED: 2018-05-21
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.
CVE-2018-11096
PUBLISHED: 2018-05-21
Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.
CVE-2018-11320
PUBLISHED: 2018-05-21
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.