Category: APT

Categories : Access Control, APT, Database Encryption            Leave a comment           

Following a recent investigation by Sky News, it’s been revealed that PaymyPCN.net, a private firm which allows drivers to pay fines via its website and has a direct link to the Driver and Vehicle Licensing Agency (DVLA) database, had been affected by a backdoor which gave access to restricted information. Although we’ve seen many headlines that highlight the danger posed by APTs and the like, it seems many organizations are still unprepared for attacks or unidentified weaknesses at a more […]

What We Talk About When We Talk About Insider Threats

Posted By: Alan Kessler, @kessalan
05 Jan
2015
Categories : Access Control, APT, Cloud Security, Data Breach, Data Breach Disclosure, Data Security, Encryption            Leave a comment           

What does the term “insider threat” mean to you? It would be fair to assume Edward Snowden might be one of the first names or faces to pop into your head. Snowden was an insider, and he proved to be a threat. He also had malicious intentions. <ClickToTweet>: Insider Threats – More than just malicious insiders http://bit.ly/1rZpr5L #DefenderOfData But, you would be shortsighted in thinking that malicious insiders are the biggest risk to your data. While Edward Snowden may be […]

02 Jan
2014
Categories : APT, Data Breach            Leave a comment           

With the acquisition of Mandiant by FireEye this week, and the Target data breach earlier in the holiday season, two more strong data points have been added to the evidence that IT Security is at an inflection point.  That the threats organizations are facing have fundamentally changed, and that this will require a change in their approach to IT Security.  No longer are traditional security defenses on the perimeter and at endpoints enough to secure an organization from harm.  A […]

Sneak Peek – Financial Services and Insider Threats – The Good and the Bad

Posted By: Andy Kicklighter, @akicklighter (Twitter)
19 Dec
2013
Categories : APT, Data Security            Leave a comment           

Sometime in the next week or so, Vormetric will be releasing analysis of Insider Threat survey results from financial services professionals.  The report will analyze how the people and organizations in this segment protect sensitive data from both malicious insiders as well as attacks such as Advanced Persistent Threats (APTs) that typically compromise the credentials of insiders and then use them to mine data from enterprises over an extended period of time.  Once available, you’ll find it posted here. As […]

Categories : APT, Data Breach, Data Security            Leave a comment           

You’ll have been hard pushed to have missed all the news coverage on Black Friday and Cyber Monday which topped all records this year. Adobe, which maintains a ‘Digital Index’ of online shopping data, reported that 2013 Cyber Monday sales hit a massive $2.29 Billion.  That’s a lot of transactions and a lot of sensitive data being transmitted. Card data and other sensitive personal information is a tantalising payload for cybercriminals to target but, what’s more, the overall increase in […]

Getting the Whole Story on Data Protection

Posted By: Alan Kessler, @kessalan
03 Dec
2013
Categories : Access Control, APT, Data Protection, Data Security, Encryption            Leave a comment           

Every complete story contains the five “Ws” — the who, what, when, where and why. The very best stories, however, also include the “how.” This is because knowing how something occurred is incredibly instructive, not just for those trying to replicate the feat, but also for those trying to ensure that something like that never happens again. I see some interesting parallels in the data security sphere that I’d like to share, because the only way for organizations to thwart would-be cyber attackers is to […]

October – the Month in #DataBreach

Posted By: Tina Stewart, @socialTIS
07 Nov
2013
Categories : APT, Big Data, Cloud Security, Data Breach            Leave a comment           

In October, we saw strong uptick in the amount and severity of data breaches across a number of industry segments – Healthcare seems to be especially hard hit. While Vormetric has earned quite a lot of positive coverage for our recent Insider Threat survey, it pales in comparison to the continued negative news surrounding data breaches of all shapes and sizes. Below are a few of the more recent data breaches that we’ve seen in the news. Online Merchants CorporateCarOnline, […]

Lessons Learned: Insider Threat Research

Posted By: Tina Stewart, @socialTIS
24 Oct
2013
Categories : APT, Cloud Security, Data Security            Leave a comment           

After some intense efforts over the last two months, we’re wrapping up the results of our insider threat research. Our research results had two focal points: What concerns IT decision-makers had around insider threats and data breaches (this included topics such as cloud security, data security, APTs and the rights of the privileged user). What those same IT decision-makers are doing to ensure their organizations don’t fall prey to insider threats and data breaches. My last blog post focused on […]

Establishing Trust in Untrusted Environments

Posted By: derektumulak, @tumulak
17 Oct
2013
Categories : APT, Cloud Security, Privileged User            Leave a comment           

“Our enemies are no longer known to us. Our world is not more transparent now. It’s more opaque” (M from Skyfall – James Bond 007). This is a powerful quote with many truths in a cyber security world where threats are becoming more targeted and sophisticated. How can organizations be expected to maintain a strong security posture with the risks associated with advanced persistent threats and privileged users while also adopting cloud-based solutions, next generation mobile devices, and social media? […]

Categories : APT, Data Breach, Data Security            Leave a comment           

First it was RSA, then CISCO and now Adobe.  And, keep in mind, these are the companies that have publicly come clean.  There are clearly many more who either know they have been compromised-but won’t admit to it and some who simply don’t know (or don’t want to know) if they have been had.  These IT industry leaders should know better!  Treating your product source code like the cafeteria menu is not acceptable. Source code is the digital recipe that […]