Insider threats are nothing to joke about -- they are a real danger to companies worldwide, who often neglect them. In fact, they rank among the top six threats of 2018, according to statistics. A company will spend at least $8 million yearly on insider threats, the Ponemon Institute has found.
All about Virtualization and Cloud Security | Recent Articles:
The headlines love to talk about sophisticated hacking gangs, exploiting zero-day vulnerabilities to break their way into businesses and steal corporate data.
Enterprises are at risk now more than ever because it seems they keep falling behind on infrastructure security, while hackers are more vigilant and sophisticated in their schemes. Researchers can’t really put their finger on what it is exactly that causes more damage –insider threats, targeted attacks or plain old outdated software, but one thing is certain: by 2023, more than 146 billion records will be leaked following security breaches, according to Juniper Research.
The topic of cybersecurity is rapidly moving up the agenda of CIOs.
It’s common knowledge that cyberattacks will escalate, so upper management has to develop an understanding of the threat landscape, the different types of attacks and what it all involves. Right now, the Trump administration is working on an executive order to clearly establish the duties of agency chief information officers.
A few years ago, companies were reluctant to adopt cloud computing because they thought a lack of physical access to the network would deprive them of control over their data. A major shift occurred when they understood that, with suitable configuration and security, cloud computing offers serious benefits.
Businesses cannot come up with a mitigation strategy to efficiently detect, identify and manage insider threats, according to research from the Ponemon Institute, so they risk the loss of critical confidential data and resources, network shutdown and reputational damage. In the past year, 159 organizations from the United States, Canada, Europe, Middle East, Africa, and the Asia-Pacific region dealt with 3,269 security breaches caused by insider threats due to plain negligence.
Ever since the first data breach notification law went into effect July 1, 2003 in California (SB 1386), there has been controversy surrounding what types of data being exposed should trigger data breach notifications, who should be notified, and how quickly they should be notified. In fact, it’s become somewhat of a mess.
It’s hard to believe but the conversation around how security fits in DevOps has been going on for years. It was in 2012 when Gartner analyst Neil MacDonald wrote his blog DevOps Needs to Become DevOpsSec. In this blog MacDonald wrote “DevOps seeks to bridge the development and operations divide through the establishment of a culture of trust and shared interest among individuals in these previously siloed organizations. However, this vision is incomplete without the incorporation of information security, which represents yet another silo in IT.”
In the past two years, cyberattacks on the financial sector have picked up speed. As companies in the sector struggle with the major shift toward digital transformation, some are caught off guard by the significant rise of malware designed specifically to target their sector, such as Dyre Trojan, Dridex, hybrid banking Trojan GozNym and TrickBot. Once the network is infiltrated, hackers can easily steal, read, alter and even erase top secret information.