Threat actors are using deepfakes to apply for remote employment at U.S. tech companies in a bid to gain access to corporate financial and customer data, internal databases and proprietary information. Fraudsters used stolen PII to make deepfake videos for personal interviews, says the FBI.
Four ISMG editors discuss important cybersecurity issues, including how Canada's Desjardins Group settled a data breach lawsuit for $155 million, how Facebook is being sued after allegedly violating patient privacy, and highlights from ISMG's Northeast Summit held in New York this week.
When building an insider risk management program, don't start "too large or too quickly," says Randy Trzeciak of Carnegie Mellon University. He says the first step is to protect your organization's critical assets and services and then "build a risk program appropriate to those assets."
Canada's Desjardins Group has reached an out-of-court settlement to resolve a data breach class action lawsuit. The breach, which the credit union group first disclosed in 2019, traced to a "malicious" insider who for 26 months had been selling personal details for 4.2 million active customers.
The "Great Resignation" over the past year has created a host of concerns around both malicious and accidental data theft, says Code42 President and CEO Joe Payne. Even though employees often aren't looking to wreak havoc on their way out, a lack of understanding can lead to serious headaches.
Insider threat is a well-known phenomenon that is considered by most to be the greatest threat to any information security environment. Access control measures attempt to mitigate much of this through physical (hardware) and software-based means.
In the case of environments where industrial control systems (ICS)...
A former IT consultant has been charged with allegedly hacking into a computer server of a healthcare company client that had months earlier denied him employment with the organization. Experts say the case spotlights insider threats that must not be underestimated.
As organizations move to the cloud, adapt to remote work, and cope with the Great Resignation, tracking data sprawl and identifying risk across the enterprise becomes an impossible task.
Collaborative apps, data democratization, and corporate/personal use apps means data is constantly spreading and often...
Historically, corporations have used digital forensic investigation tools for legal requests, discrimination and harassment investigations, IP theft investigations, compliance, M&A and other HR investigations. However, despite what is reported in the news about cyber incidents and cyberattacks, many are perpetrated by...
Executives are required to make “data-driven” decisions; Metrics, Objectives & Key Results (OKRs), Key Performance Indicators (KPIs) – however you define being data-driven – to measure security program effectiveness, and frame their conversations to the board, partners, and company at large.
While major hacking incidents regularly grab headlines, insider threats - including malicious individuals, careless workers and third-party contractors - continue to pose significant and sometimes underestimated risk to healthcare sector entities, federal authorities warn.
Each day organizations face new threats that jeopardize their critical networks. Gaining visibility into the security risks your supply chain or third-party vendors pose to your organization is a growing priority among cybersecurity leaders. Next-generation cybersecurity practices will require organizations to align...
With open channels of communication come hidden threats. Inside this eBook learn how communication and social media tools are changing the insider risk equation for compliance, IT and legal teams.
Download the eBook dive deep into 5 major areas of risk:
Trio-of-trouble -people-based data risks;
With increased digitalisation, core users have access to systems and networks that host millions of records and critical business assets. Security leaders are racing to protect their business and manage a remote workforce.
Download this whitepaper to learn more:
The causes & catalysts of insider threats;
Many enterprises are realizing that a CASB (Cloud Access Security Broker) is essential for securing their cloud apps and services. This whitepaper explores topics such as:
How CASB can help manage people-based risk, apps and data in the cloud ;
What are the top benefits of CASB & it's role across business...