The pandemic pushed companies to accelerate their adoption of cloud services, infrastructure, and workloads to support a growing remote workforce, but the shift has redefined who represents an insider threat — nearly anyone, and any workload, with a set of credentials.
No wonder, then, that attackers are increasingly taking aim at cloud services and infrastructure using credential stuffing, phishing, and other identity attacks. An estimated 85% of Web application attacks used stolen credentials in 2021, according to Verizon’s annual “Data Breach Investigations Report,” while Microsoft estimates that 70% of attacks start with phishing, another identity-focused attack.
Insider threats are a growing risk to agencies, and early detection is critical. Technology that helps IT departments secure and monitor all logon activity offers a simple solution. But with many government IT departments understaffed, under-skilled and on a tight budget, how can agencies efficiently, effectively stop insider threats before they become breaches?
Two keys to any successful insider threat mitigation program are detecting and identifying potential insider threats. Access management software can help do just that by increasing visibility, automating detection and response, and increasing security with multifactor authentication (MFA).
The events of recent years have taught us that risk is not confined to areas of existing conflict. With terrorist attacks, natural disasters, and, more recently, the COVID-19 pandemic, companies have become increasingly aware of the growing risks their traveling personnel face.
With travelers becoming more acutely aware of potential risks relating to travel, their understanding of the need for risk assessments and duty of care compliance is also greater, helping to drive a more positive attitude toward travel risk management in general.
Which countries are most capable of carrying out their national objectives through cyber means? A group of researchers at Harvard University makes all of these things possible through a new benchmark report called the National Cyber Power Index.
A leading UK security agency has released new guidance for data center owners and users on how to safeguard customer data and operations better as geopolitical uncertainty intensifies.
The National Cyber Security Centre (NCSC), an offshoot of GCHQ, compiled the new report in collaboration with the country’s Centre for the Protection of National Infrastructure (CPNI).
That hints at the strategic importance of datacenters to critical infrastructure today and how attractive a target they are for physical and cyber-threat actors.
A hybrid work style is now a reality. The massive 44% jump in collaboration tools usage since 2019 is hardly surprising, given that collaboration apps are at the heart of the modern workplace experience. This accelerated shift from on-premises-based tools to a perimeter-less cloud environment has left many organizations vulnerable.
To ensure maximum productivity in remote and hybrid work scenarios, the balance between security and effective collaboration is critical. Incessant control can diminish employee experience and productivity, and increase insider threat via shadow IT, such as the use of unauthorized apps.