Despite their preference for remote work, Millennials and Gen Zers experience more technological issues, struggle more with password management, and are far more reckless in their online activity than older demographics. Not only do these younger employees create more work for IT teams and service desk personnel, but they also pose as significant cybersecurity liabilities for corporations.
Employees forced to work remotely during the COVID-19 pandemic altered their online habits, and to minimize hacking risk they needed cybersecurity tools to keep up. As a result, security administrators face a danger they may not have previously anticipated: attacks from insiders.
While providing access for third-party, non-employees is critical to meeting business objectives, it oftentimes has the unintended consequence of exponentially increasing an organization’s attack surface. With the proper identity-proofing practices and capabilities in place, organizations can verify the identities of their users, support risk management initiatives and better protect critical assets – eliminating the third-party risk management blind spots.
Defending against insider threats is one of the biggest challenges an organization can face, and the COVID-19 pandemic has only made detection more challenging as remote employees continue to use virtual private networks (VPNs) to access sensitive company files and information. Here, we talk to Carolyn Crandall, Chief Deception Officer at Attivo Networks, to discuss how security teams can use deception technology to detect and prevent insider threat attacks.
A 30-minute movie, inspired by true events, called “The Nevernight Connection," details the fictional account of a former U.S. Intelligence Community official targeted by foreign intelligence service via a fake profile on a professional networking site and recruited to turn over classified information.
It sounds simple: a company must be a safe place to work, and people will want to work for companies that make them feel safe. Companies have a duty of care and responsibility to keep employees safe, even as many work remotely. But as enterprises undergo digital transformation, physical security has at times been left behind (with legacy and outdated technology systems) despite a rise in threatening events and its increasing importance for corporations. Embracing digital protective intelligence and making safety a priority is not just a way to support wise corporate values, but given the potential loss of life and the cultural, bottom line and brand reputation damage that could occur, must be a mandate for modern business operations.
A majority of survey respondents (61%) reported at least one insider attack over the last 12 months (22% reported at least six separate attacks). Forty-nine percent of respondents stated that at least one week typically goes by before insider attacks are detected; additionally, 44% said that another week usually passes before the organization recovers from the attacks.
Security professionals who are considering the potential direction for their private sector career often overlook certain functional areas. While considered part of a security leader’s portfolio, many of these less obvious choices offer a broad diversity of challenges. One of these areas found in almost every industry sector is investigations.