ITMG Insider Threat News – October 27, 2021

The Biggest Cyber-Threat Isn’t Hackers, It’s Insider Threats

Insider threats are negligent or malicious activities carried out by employees, contractors, or associates in an organization. Insider threats are any cybersecurity hazard and vulnerability that arise either due to employees’ maliciousness or carelessness, whether that be someone falling for a phishing attempt or risking security by reusing generic passwords across different sites and applications.

A number of individuals affiliated with an enterprise can pose a threat; they include a negligent employee or contractor, a criminal or malicious insider or a credential thief. They can also emerge from ex-employees or third-party vendors with technical knowledge of an organization’s systems. Insider threats are every bit as scary as they sound and are rising. Therefore, it is extremely worrisome that these cybersecurity threats to organizations are under-addressed, especially when compared with external threats.

Amazon Announces Indefinite Remote Work Policy—But Not for a Vast Majority of Its Workers

The new policy was announced in a blog post and is a change from Amazon’s previous expectation that most employees would need to be in the office at least three days a week when offices reopen from the COVID-19 pandemic in January.

The Seattle Times reported Monday’s message was signed by Amazon CEO Andy Jassy and said company directors will have discretion to allow teams that they manage to continue working remotely.

A Shocking Paradox: Does Security Awareness Training Increase Human-Cyber Risk?

The risk someone presents to an organization is a combination of what they know, what they do, and what they feel.

Any fool can know, and any security awareness professional can measure what people know! Feelings are complicated and awkward to talk about (I’m British), so I’ll leave them for another time. Let’s talk about behavior.

Behavior is not what you think people do, or what people say they will do. Behavior is what people actually do.

Data Breach Could Cost Missouri $50M

A data breach that may have exposed the Social Security numbers of tens of thousands of teachers, administrators, and counselors across Missouri could end up costing the Show-Me State $50m.

A reporter at the St. Louis Post-Dispatch discovered the vulnerability. The newspaper said that while no private information was clearly visible or searchable, teachers’ Social Security numbers were contained in the HTML source code of certain web pages.

FOI Request Reveals Scale of Data Breaches at UK Councils

UK councils have been hit by a staggering 33,645 data breaches caused by human error in the past five years, according to official figures.

The data, which was obtained following a Freedom of Information (FoI) request sent by VPNOverview to 103 county councils in the UK, also broke down the number of breaches suffered by each body. The local authority with the worst record for human-caused data breaches was Hampshire County Council, with 3759 incidents since 2016. This included 902 breaches in the year 2018/19.

72% of Organizations Experienced a DNS Attack in the Past Year

Nearly three-quarters (72%) of organizations have suffered a domain name system (DNS) attack in the past 12 months, according to a new study by the Neustar International Security Council (NISC).

While Neustar noted that DNS attacks are generally a lower concern for security pros than vectors like ransomware, distributed denial-of-service (DDoS) and targeted account hacking, they are becoming increasingly menacing to organizations. According to its latest study, 55% of security professionals consider DNS compromise an increasing threat; this compares to 47% in October 2020.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading