Cyber Defense eMagazine August 2019

More documents

Recommendations

Info

The complexity doesn’t stop there. The root of this approach is – dare I say it – legacy data loss prevention. Its ‘prevention-first’ approach and rigid policies frustrate users with barriers to productivity which, most of the time, lead to workarounds and loopholes. This is doing your organization and employees more harm than good. We all need something simpler because insider threats show no signs of diminishing. Here are 10 critical steps that make it faster, easier and more cost-effective to build your insider threat program: 1. Get leadership buy-in: This might seem like a no-brainer, but it’s critical to the development of your security and IT team (and your future efforts) as value-adding business partners. 2. Engage your stakeholders: The buy-in campaign doesn’t stop with the executive team. Think about the individuals that would lose the most if an insider threat event were to take place, and bring them into the fold from the start. 3. Know what data is most valuable: You should have a pretty sound idea of what data is most valuable after speaking with leadership and line-of-business stakeholders. You might be thinking, “all data has value,” which is true, but these conversations will be essential to learning about the types of unstructured data to keep a watchful eye on, and which types of high-value unstructured data will require more creative means of tracking. 4. Put yourself in the shoes of an insider: Think critically about the value in taking or moving information. What would they do with it? What tactics or workarounds might they employ to help them get the job done? Seem straightforward? Up until this point, you should be determining the types of data you’re protecting and understanding the key indicators that might point to insider incidents. Keep reading – here’s where things get simpler. 5. Determine common, everyday insider triggers: Don’t get wrapped up in building a robust program with different types of classification schemes and policies that try to monitor every possible scenario. Instead, focus on your “foundational triggers,” or most common use cases that make up the vast majority of insider threat incidents, such as departing employees à la McAfee, high-risk employees, accidental leakage and organizational changes. 6. Create consistent workflows: Investigating suspected data exfiltration can be complex and time consuming, so it’s important to define the key workflows for each foundational trigger. For example, when an employee departure is triggered, make sure you clearly define the workflow/plan of attack for this trigger and consistently execute on the steps you’ve established. 7. Establish a game plan: Once a workflow is triggered and potential data exfiltration identified, establish which key stakeholder is responsible for directly engaging with the employee/actor. Using the employee departure example again, this would likely trigger engagement from HR and the line-of-business manager. This clear line of communication not only separates security and IT teams from the “data police” reputation, but also allows them to focus on data monitoring, detection and remediation. 66
8. Spread the knowledge: Small- and medium-sized businesses are typically working with a strained budget and limited resources, so a fully dedicated insider threat team – while ideal – isn’t always realistic. While your security and IT team should be able to handle the monitoring, detection and remediation responsibilities, they shouldn’t have to shoulder the full burden. Educating and training your stakeholders on the full scope of the insider threat program will prove critical so that they have a clearer understanding of what’s being monitored, specific case triggers, key workflows, rules of engagement and the tools needed to accomplish all of this. This training should also clearly define roles and responsibilities in the event of a triggered workflow. 9. Open the lines of communication: In order to maintain a healthy working relationship between your employees and your security/IT teams, it’s critical to communicate that your organization tracks file activity. Reiterate that the program is applicable to everyone – without privileges or exceptions – and is designed to maintain employee productivity, while protecting the organization’s most valuable assets – its data. 10. Start now before it’s too late: The most successful insider threat program starts long before a trigger. A trigger event shouldn’t be the reason why you’re implementing your monitoring, detection and remediation technologies. A strong insider threat program continuously runs and provides context and complete visibility into all data activity at all times. The industry needs to stop seeing insider threats as “employees stealing stuff” when in reality, it’s about the actions (good, bad, indifferent) that people take with any kind of data that puts the customers, employees, partner or company’s well-being at risk. Initiating an insider threat program with a simpler, workflow-based starting point around three to four high-risk triggers can effectively address 80 percent or more of your risks to insider threat. About the Author As vice president of portfolio marketing at Code42, Mark leads the market research, competitive intelligence and product marketing teams. Mark joined Code42 in 2016 bringing more than 20 years of B2B data storage, cloud and data security experience with him, including several roles in marketing and product management at Seagate. 67
Page 1 and 2:
Top 25 Women In Cybersecurity Know
Page 3 and 4:
CONTENTS (cont') Virtual Private Se
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
SPONSOR OF THE MONTH… 7
Page 9 and 10:
9
Page 11 and 12:
11
Page 13 and 14:
*Here are the winners* Catherine A.
Page 15 and 16: Anne Bonaparte, CEO at Appthority I
Page 17 and 18: Hong Jia, Co-founder, Chief Securit
Page 19 and 20: Dervla Mannion, Vice President Sale
Page 21 and 22: Christine de Souza, Cyberspace Oper
Page 23 and 24: 23
Page 25 and 26: 5 Tips to Protect Your Personal Inf
Page 27 and 28: About the Author Susan Alexandra is
Page 29 and 30: usiness that cannot be ignored. The
Page 31 and 32: About the Author Jim Souders is CEO
Page 33 and 34: Addressing Modern Security Challeng
Page 35 and 36: Bitglass 2019 Cloud Security Report
Page 37 and 38: 37
Page 39 and 40: 39
Page 41 and 42: 41
Page 43 and 44: 43
Page 45 and 46: 45
Page 47 and 48: 47
Page 49 and 50: The intricacy of the jurisdictional
Page 51 and 52: All Secure Chorus member technologi
Page 53 and 54: called ‘Defense in Depth’ produ
Page 55 and 56: About the Author Lalit Shinde, Head
Page 57 and 58: €10 million or 2% annual global t
Page 59 and 60: One of the Greatest Threats Facing
Page 61 and 62: This approach could be installed as
Page 63 and 64: Despite the statistics, it often ta
Page 65: 10 Steps to Kicking Off Your Inside
Page 69 and 70: are not using machine learning in o
Page 71 and 72: What Is DNS Hijacking And How Can Y
Page 73 and 74: DNS hijacking attack types (6 main
Page 75 and 76: The Top 4 Application Security Defe
Page 77 and 78: 1. Am I being attacked right now? 2
Page 79 and 80: July Patch Tuesday Microsoft Resolv
Page 81 and 82: How To Prevent Your Data Loss Using
Page 83 and 84: How to protect your IT asset from t
Page 85 and 86: The Iot Headache and How to Bolster
Page 87 and 88: Cybersecurity & Your Company Identi
Page 89 and 90: It’s not just about which permiss
Page 91 and 92: they would deal with something bein
Page 93 and 94: Five Ways a Software Defined Perime
Page 95 and 96: With a fixed price per user regardl
Page 97 and 98: - if the hackers deal with the prof
Page 99 and 100: The Foundation Common to Most Secur
Page 101 and 102: Fortunately, NIST and other securit
Page 103 and 104: Dukes of CIS points to recently ena
Page 105 and 106: physical servers. The VPS service p
Page 107 and 108: About the Author Preeti has more th
Page 109 and 110: In summary, HIPAA exists to protect
Page 111 and 112: The Dangers of HTTPS: When Secure I
Page 113 and 114: Going for Gold - Why Hackers Are Lo
Page 115 and 116: On the subject of privilege, organi
Page 117 and 118:
Federal IT leaders should take a ph
Page 119 and 120:
Is Your Organization Driving the Ge
Page 121 and 122:
Are You Taking Corporate Social Res
Page 123 and 124:
About the Author Simon Marchand, CF
Page 125 and 126:
What’s at Stake The cybercrime pr
Page 127 and 128:
Facing the Reality of VPN Security
Page 129 and 130:
security strategies to accommodate
Page 131 and 132:
immediate chaos, and panic would en
Page 133 and 134:
Privacy Regulations Are Popping Up
Page 135 and 136:
● create comprehensive record of
Page 137 and 138:
Reducing the Occurrence and Impact
Page 139 and 140:
in California, certain California l
Page 141 and 142:
About the Author Billie Elliott McA
Page 143 and 144:
Zero Day Attacks and not current Wo
Page 145 and 146:
The Role of Certifications for a Cy
Page 147 and 148:
In detail, CompTIA Security+ is a c
Page 149 and 150:
To Pay or Not To Pay, That Is the Q
Page 151 and 152:
About the Author Chris Bates is the
Page 153 and 154:
today’s cyber security realities,
Page 155 and 156:
Federal and state governments are r
Page 157 and 158:
of cyber security specialists, they
Page 159 and 160:
The attack mechanism can be summari
Page 161 and 162:
Jenkins Disabled deserialization +
Page 163 and 164:
163
Page 165 and 166:
165
Page 167 and 168:
167
Page 169 and 170:
169
Page 171 and 172:
171
Page 173 and 174:
173
Page 175 and 176:
175
Page 177 and 178:
177
Page 179 and 180:
179
Page 181 and 182:
181
Page 183 and 184:
183
Page 185 and 186:
185
Page 187 and 188:
187
Page 189 and 190:
189
Page 191 and 192:
191
Page 193 and 194:
193
Page 195 and 196:
Meet Our Publisher: Gary S. Miliefs
Page 197 and 198:
Free Monthly Cyber Defense eMagazin
Page 199 and 200:
199
Page 201 and 202:
201
Page 203 and 204:
7 Years in The Making… Thank You
Page 205:
205
show all

Cyber Defense eMagazine August 2019

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?