Many organizations are winding down the summer in a relaxed state of mind, which is natural for the season, but could be risky from an Insider Threat perspective. As employees get more comfortable using modern technology, reports Dark Reading, the potential attack surface for organizations gets larger. What’s more, many security teams don’t want to get in the way of digital transformation or employee productivity, so some risky user activity may be slipping through the cracks.
This month’s Insider Threat Level dives into this story and more, including an unexpected security threat at the Black Hat conference, and the impact of employee burnout on Insider Threats.
(Source: Dark Reading)
While modern technology has made it much easier for employees to do their jobs from anywhere, some applications, websites and platforms may be putting organizations at greater risk of Insider Threat. According to a report from Dark Reading, the lines are blurring between work and play, and a bring-your-own-software mentality may be increasing the typical organization’s attack surface.
As ObserveIT’s Sai Chavali said: “Employees can now access any websites, such as fantasy sports, gambling, entertainment channels, and collaborate and share information using cloud storage tools easily with a single click.” This access can prove risky without the right cybersecurity tools — such as data and user activity monitoring — in place.
However, if organizations are vigilant about creating clear cybersecurity policies, and reinforcing them with regular cybersecurity awareness training, many Insider Threat-related mistakes can be avoided. For example, if users know how to identify phishing and social engineering attacks across different channels (e.g. email and social media), they can prevent unnecessarily exposing the organization to attackers.
You may not have had this problem if you followed along with our Black Hat security checklist, but as Mashable reported, the Black Hat conference Android app experienced an unexpected security snag. A conference attendee found that hackers could potentially exploit a vulnerability in the app, allowing them to open a random URL in the app browser, pre-dial a number, create an email, and open Chrome to download a file. At security conferences, which seem to be prime targets for hackers, attendees should be aware of the risks and cognizant of good cybersecurity hygiene.
(Source: SC Magazine UK)
According to a survey from ObserveIT, 44 percent of IT leaders understand that a stressed or overloaded workforce is a contributing factor to Insider Threats. When you consider that two out of three Insider Threat incidents are caused by employee or contractor mistakes, employee burnout can increase this risk even further for organizations. As a result, employee well-being should become a major priority for all organizations (not only for security reasons, but also because it’s the right thing to do!) A happy and well-informed workforce is far more likely to accept personal responsibility for cybersecurity awareness.