Industry Insights

Insider Threat News: Week of July 24

5 min Read

Code42

As remote work continues for most companies, so do their data security concerns — whether it’s related to employees working off the corporate network, or organizations adjusting to how they combat insider threat. Read some of the latest data security news, including what industry leaders are saying about protecting data from loss, leak or theft.

Twitter breach exposes one of tech’s biggest threats: Its own employees

Excerpt from an article by Kevin Collier and Jason Abbruzzese on NBC News

“‘Humans and their behaviour continue to be the biggest threat for organizations,’ said Mikko Hyppönen, the chief research officer at the Finnish cybersecurity company F-Secure.

‘Security holes come and go. Sometimes there’s something urgent happening but once you patch and update, you’re good to go,’ he said by text message. ‘The human weaknesses are there always. Every day. Forever.’”

For more, read the full article on NBC News

Enterprise Data Security: It’s Time to Flip the Established Approach

Excerpt from a byline by Code42 CTO Rob Juncker on Threatpost

“There’s an old saying when it comes to big undertakings: Don’t boil the ocean. Well, there’s hardly any bigger project in information security than trying to protect corporate data. But the reality is that too many organizations today are, in fact, “boiling the ocean” when it comes to their data-security program. In fact, they have their entire data-security approach backward – especially when it comes to managing data risk within today’s highly collaborative and remote workforce.

“That’s a bold statement, I know, so give me an opportunity to explain what I mean. When most organizations take steps to protect their data, they follow (or, more accurately, attempt to follow) the typical practices. They start with trying to identify all of the sensitive data they have in their organizations – all of the data that exists on their internal network file shares, on endpoints, on removable media and in all of their cloud services. Then, they focus on how important the data is, i.e., the classifications of the information. Is the data confidential? Intellectual property? Important? The next step is determining who has access to the organization’s data. Finally, they seek to control or block when data leaves the organization.

“This has been the accepted strategy across the security profession, and, frankly, there is a lot wrong with this model. The honest truth is it’s just not working because there is just too much data to successfully identify within the typical enterprise.”

For more, read the full article on Threatpost

How COVID-19 has increased the risk of security threats

Excerpt from an article by Lance Whitney on TechRepublic

“‘Companies are grappling with the security fallout from an unexpected shift to remote work, but it’s business as usual for cybercriminals and foreign adversaries with unprecedented opportunity,’ Steve Moore, chief security strategist at Exabeam, said in a press release. ‘The rise in attempted cyberattacks while companies experience staff reductions is a harsh reminder of the security and financial challenges created by the pandemic.’”

For more, read the full article on TechRepublic.  

Code42