Welcome!

Cloud Security Authors: Zakia Bouachraoui, Elizabeth White, Pat Romanski, Yeshim Deniz, Liz McMillan

Related Topics: Cloud Security

Cloud Security: Blog Feed Post

What We Learned About Insider Threats in 2013 and 2014 By @Vormetric

There has been a strong insider related component in the vast majority of the large breaches that have happened this last year

Now that we’re past the New Year, it’s time to learn from what happened in 2013 and 2014, especially when it comes to IT Security. One of those things we in IT Security should learn is that there has been a strong insider related component in the vast majority of the large breaches that have happened this last year.

 

If it wasn’t a traditional insider, as in the Korean Credit card breach where 40% of Korean’s data was stolen or when Bradley Manning breached confidential intelligence records, it was a privileged user who managed systems like Edward Snowden using their position to gain access to sensitive data, or the Sony and Target hacks, where privileged user credentials were compromised and used to steal sensitive data.

The Spectrum of Insider Threats

Also looking at the results from our 2013 and 2014 Vormetric Insider Threat Reports, it was clear that people don’t have a strong idea about how to protect their organizations given these changes.  Porous perimeters are now the rule, with Analysts across the board saying that it isn’t “If” you will be breached, it is “When”.  Add to this is usually added the statement that we all need to now revisit our organization’s security stance to accommodate this reality.  For me, the moment when I really absorbed how much things have changed was while reading the 2013 Verizon Data Breach Report – There is a statistic in the report that there is a 90%+ “chance of a click” with 15 phishing email attempts.  This brought it home to me like nothing else that every organization is vulnerable.

But people in our industry still haven’t fully absorbed this change.  They still believe that their traditional perimeter defenses will protect them.  Here’s how that attitude was represented in our 2013 Vormetric Insider Threat Report.

2013 learnings

Last in our 2014 report, it also became clear that the change to considering privileged users to be the most risky employees had not been fully absorbed. Traditional insiders – ordinary employees – were considered most risky, with 3rd party contractors and privileged users following.   I think we’ll definitely be seeing some changes with this year’s report.

2014 learnings

The post What we learned about insider threats in 2013 and 2014 appeared first on Data Security Blog | Vormetric.

Read the original blog entry...

More Stories By Vormetric Blog

Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, big data and cloud environments. Data is the new currency and Vormetric helps over 1400 customers, including 17 of the Fortune 30 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Vormetric Data Security Platform protects any file, any database and any application’s data —anywhere it resides — with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation and security intelligence.

IoT & Smart Cities Stories
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in development and launches of disruptive technologies to create new market opportunities as well as enhance enterprise product portfolios with emerging technologies. His most recent venture was Octoblu, a cross-protocol Internet of Things (IoT) mesh network platform, acquired by Citrix. Prior to co-founding Octoblu, Chris was founder of Nodester, an open-source Node.JS PaaS which was acquired by AppFog and ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.