Last week the DeMISTIfying Security hosts explored the Zero Trust model. This follow-up segment takes things one step further as security veteran Ed Moyle explains how you can get a jump on kickstarting Zero Trust within your organization.
In the latest edition of MISTI’s DeMISTIfying Security, Ed and Raef dissect the zero trust model. From the pros and cons, to the obstacles you may face rolling out this philosophical approach to security, this week’s segment will shed new light on this topic.
Depending on your source, insider threat accounts for anywhere from 27% - 77% of all breaches. Despite the disparity in agreement about size of the problem, most security practitioners agree that the difficulty identifying insider threat is greater than identifying external threats.
That idea of checks for every customer action, the weight of it, the precautions put in place—armed security guards, security cameras, security alarms positioned in ample locations—all signal to would-be thieves that any attack on a bank is going to require serious skill, planning, and personal risk.
“Insider threat” — it’s a term that gets thrown around a lot in cybersecurity circles. Practitioners want to know who is responsible for attacks and how attacks are being perpetrated so defenses can be appropriately implemented and provisioned.
By Dan Houser, Security Architect & Perspicacious Security Iconoclast
November 10, 2016
A study of recent hacking attacks on corporations makes it obvious that (weak) password credentials are being used both inside and outside organizations, and are frequently the credential protecting remote access to the enterprise and its "crown jewels."
How to help your end users manage their passwords, with additional practical steps to improve your system security. This guidance focuses on the end user (rather than the system owner responsible for determining password policy).
Identity is who we are. It’s what we do and how we do it. In the digital realm, our identities are part of what affords access to the systems, tools, accounts, and functionality that make it possible to perform job responsibilities and effectively contribute to the organizations for which we work.
“We’ve seen breaches where the ‘partner effect’ has played a major role, but have you noticed that nobody seems to really know how to manage that risk well,” poses Pete Lindstrom, Vice President of Security Research at IDC.
Listening to the political conventions these past two weeks, I couldn’t help but think about security: the conversations security practitioners have with senior management and other business units, the conversations practitioners have amongst themselves, and yes, even talks given at conferences.
The evolving threat landscape makes it incredibly difficult for security professionals to protect their organizations. You’d think that with the abundance of security solutions deployed they’d be able to manage cyber risk effectively, yet, the technology that’s intended to protect their organizations may be causing more problems.
Security practitioners consistently deal with a slew of issues tied to protecting their organization’s most critical assets. When asked what keeps them up at night, it’s an endless list that features connected devices, shadow IT and making sense of the security and risk organization to board members.
Even small, home-spun businesses have a handful of third-party vendors with which they must connect to keep the lights on and the money flowing. Larger organizations might have hundreds or thousands of partners in the supply chain.
For security practitioners, the name of the game is risk management. These risks come in all shapes and sizes, from system vulnerabilities and the onslaught of evolving malware, to threats posed by insiders.
By Jonathan Sander, VP of Product Strategy, Lieberman Software
March 01, 2016
During the past couple of years, we've witnessed a series of devastating data breaches affecting some of the world's most renowned businesses, with each breach inflicting staggering costs in terms of financial and reputational damage.