How to Strengthen Your Cyber Security DNA

Posted by Heather Howland on Jun 21, 2018 12:32:39 PM

Cyber security is a complex animal that requires many disciplines and a diverse toolkit. Typically, resources are limited, and incident response and security staff are overloaded with noise, irrelevant alerts and incomplete static information.  With so many diverse systems its difficult to utilize them in a coordinated and timely way.

Read More

Topics: Adaptive Threat Prevention, Identity, Insider Threat, Risk, Integration

Study Finds Employee Security Habits Reveal Risky Imbalance

Posted by Heather Howland on Nov 16, 2017 5:12:33 AM

Human nature motivates us to enhance productivity, make things easy, find workarounds and to crave information that is being kept from us. How do these motivations change the way people work? Do their actions put their company at risk? Do IT Security teams need to understand basic psychology to protect their organizations?

Read More

Topics: CARTA, CISO, Credential Compromise, Insider Threat, NIST, Passwords

Insider Threat Awareness: A Vital Component of Security Awareness

Posted by Preempt Guest Blogger on Jun 29, 2017 9:59:15 AM

While a 2017 Harvey Nash/KPMG survey of nearly 4,500 CIOs and tech leaders globally found that cyber security vulnerability is at an all-time high, the biggest jump in threats came from insider attacks which increased from 40 percent to 47 percent over the last year. And that’s a modest estimate; reports from an IBM Security survey suggested that 60 percent of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors.

Read More

Topics: Insider Threat, Compliance, Passwords, ueba

The Cybersecurity Penalty Box. Yes or No?

Posted by Heather Howland on Jun 9, 2017 10:01:03 AM

Earlier this week, I published an article with ITSP Magazine that discusses a newly brewing concept within Enterprises around penalizing employees for bad security behavior. Can you imagine if your company penalized you for clicking on a phishing link? Or because you bent the security rules in order to get something done more easily?  

Read More

Topics: CISO, Insider Threat, User Behavior, ueba

The Insider Threat Denial Syndrome

Posted by Eran Cohen on May 18, 2017 12:01:22 PM

I believe there is a “denial syndrome” that exists in cyber security. I’m not referring to the “It won’t happen to me” concept, I’m pointing to a deeper and more dangerous belief. In psychology, denial happens when we are uncomfortable with the facts of reality and instead of dealing with it we reject it, insisting it is not correct.

Read More

Topics: Insider Threat, User Risk

Top IT Security Trends for Law Firms at LS-ISAO

Posted by Ajit Sancheti on May 3, 2017 8:05:28 AM

Last week, I had the opportunity to spend a day at a Legal Services Information Sharing & Analysis Organization(LS-ISAO) workshop in New York City, hosted by a leading law firm. Close to 100 security professionals from law firms around the country participated. While most law firms have small dedicated security teams, what was apparent from the beginning was that the challenges ahead of them were not small.

Read More

Topics: CISO, Law Firms, Insider Threat, Risk