When it comes to security, cyber or otherwise, often the people you trust can become threats. Insider threats to transportation have moved front and center at the Transportation Security Administration. It’s published a strategy to protect itself and the transportation sector from inside threats. To explain, transportation security specialist Dean Walter, and Supervisory Air Marshal in Charge, Serge Potapov joined Federal Drive with Tom Temin.
What do you mean by social engineering? Social engineering is a broad term given to a wide range of malicious activities that take advantage of the fallibility of human beings. Attackers use psychological tricks to manipulate users into giving away their sensitive information. Hackers know the 90/10 principle of information security. The principle simply states that ninety percent of information security is dependent on humans and only ten percent is dependent upon computer infrastructure.
Distractions while working from home, pressure to hit deadlines and using personal devices are all creating additional security risks for remote workers. The security risks around remote working and how your organization can overcome them. Half of employees are cutting corners with regards to cybersecurity while working from home – and could be putting their organization at risk of cyberattacks or data breaches as a result. The coronavirus pandemic has forced both employers and employees to quickly adjust to remote working – and, often without the watchful eyes of IT and information security teams, workers are taking more risks online and with data than they would at the office.
As long as companies have as much to fear from opportunistic litigation as they do from attackers, legal privilege is going to play a role in managing security incidents. When litigants suing Capital One sought a forensic incident response report into its 2019 data breach, the bank played a reliable card: the report was commissioned by its outside law firm, and therefore subject to attorney-client privilege.
Ransomware attacks and business email compromise (BEC) were the two most impactful cyber threats in 2019, in terms of both business disruption and monetary loss. Ransomware demands spiked 200% last year, and BEC fraud losses averaged $264,117 per incident. “Since 2018, threat actors have evolved from deploying mass-distributed phishing campaigns with lower ransom demands to highly targeted, well-researched attacks on larger enterprises with deeper pockets,” said Bret Padres, CEO of The Crypsis Group. “We believe these new methods represent a tactical shift in response to stronger enterprise security defenses and an associated reduction in organizations’ willingness to pay.” The report also found that so-called “insider threats” were on the rise, with its investigations of such threats rising about 70% from 2018.
Any experienced lawyer who handles trade secrets litigation has seen what happens when an employer lets its guard down when hiring a new employee who previously worked in the same industry—perhaps even for a direct competitor. Without effective human resources risk management, the new employee may bring along her “toolkit” containing the prior employer’s valuable trade secrets, which are soon unleashed in your workplace.
Locked-Up Journalists. Espionage Investigations. Constitutional Challenges. The Government’s Release of Economic Data Was Arcane and Complex — Until Now. Inside the world’s most important data room.
In 1988 the U.S. Department of Labor built a windowless, cinderblock room in the bowels of its limestone headquarters in Washington, designed for one purpose: to lock up journalists.The room — which now sits silent and unoccupied — is minimalist and penal, with industrial-grade carpeting, government-issued chairs, rows of homogeneous computer workstations, a single door, and a metal detector outside. The one indulgence is a large, atomic clock on the wall, set to the military time of the U.S. Naval Observatory.
A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom tools, tactics, and procedures in attacks against government agencies in Vietnam, Thailand, and Laos. “One of the newly revealed tools is named USBCulprit and has been found to rely on USB media in order to exfiltrate victim data,” Kaspersky said. “This may suggest Cycldek is trying to reach air-gapped networks in victim environments or relies on physical presence for the same purpose.”
It’s crucial that financial services companies shift the dial on insider risk. Financial services organisations are trusted with far more than just money; they are also responsible for keeping customers’ highly sensitive personal and financial data under lock and key. We’re hyper-aware that the growing value of this data means financial organisations are prime targets for malicious cyberattacks – but this isn’t the only threat they face. In fact, not a day passes without these firms’ own employees putting data at risk from within.
Protecting an intellectual property is very important for many organizations, it is also the main target for hackers. Steps need to be taken in practically every part of the organization to make sure the intellectual property is secure. As U.S. manufacturers once again grapple with outsourcing production to foreign facilities, issues with intellectual property protection begin to arise. Intellectual properties provide companies with a competitive advantage, making them incredibly valuable. Not only does it include patentable property but also the know-how involved in making the products.