One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8517325 |
| Date de publication | 2024-06-12 06:00:15 (vue: 2024-06-13 19:33:46) |
| Titre | Comment reconnaître et défendre contre les menaces d'initiés malveillants How to Recognize and Defend Against Malicious Insider Threats |
| Texte | Insider threats arise from careless users, users with compromised credentials, or users who seek to cause harm intentionally. The latter type of user-the malicious insider-can be the most daunting for security teams to manage. It requires them to analyze a user\'s behavior and determine whether they have bad intentions. Although less frequent, malicious insiders are costly. The average cost of a data breach by a malicious insider is the highest of any attack vector at $4.9 million, which is 9.6% higher than the global average. Unlike accidental misuse by well-meaning insiders, malicious insiders make a conscious choice to do something that they know they shouldn\'t. Typically, they do it for personal gain or damage to the company. What\'s more, trusted insiders can do the most significant damage since they often know the weak points in the organization and how to exploit them. So, how can you recognize a malicious insider threat and keep your business and data safe? Your starting point is to understand what motivates malicious insiders. Understanding the malicious insider The most defining characteristic of a malicious insider is their intent to cause harm. There are various reasons and external factors that can motivate them to act. Here are a few examples: Business changes like mergers and acquisitions, and divestitures Fear of job loss Financial stress Resentment due to job changes or conflict with a supervisor Poor job performance If you know what can inspire malicious insiders to act, you can better understand who a high-risk insider in your company might be. This insight shows why you need a cross-functional team-rather than just a cybersecurity team-to deal with employee-facing situations. Human resources (HR), legal and management need to be involved. An expanded team can help you spot risk factors and intervene in delicate situations before they become full-blown insider incidents. Likewise, once an incident occurs, a cross-functional team may be needed for a thorough investigation. Proofpoint Insider Threat Management (ITM) helps teams from different areas of your business collaborate. Reports of user activity are easy to export and consume. These user risk reports detail user interactions with data and other behaviors, helping provide contextual insight with a timeline of activities and detailed metadata. Early indicators of insider threats Once you know what commonly motivates malicious insiders, you need to know how to recognize behaviors to watch out for. Here are some examples of insider threat indicators: Hiding information Performing unauthorized admin tasks Bypassing security controls Creating a backdoor Exfiltrating data Installing a TOR browser Running malicious software Downloading unauthorized software Accessing source code during irregular hours Performing acts of IT sabotage Keep in mind that one of these behaviors alone doesn\'t mean that a user is malicious. Rather, it is the combination of multiple behavioral indicators, which you need to analyze holistically, over time and in the context of other factors. That is how you begin to paint a picture of a malicious insider and their intentions. Proofpoint has developed a library of use cases and indicators that are most associated with insider threats. When you monitor these indicators, it can help to reduce your risk of insider threats. The library includes more than 150 out-of-the-box rules based on CERT Institute guidelines and behavior-based research. With the threat library, you can get up and running quickly while watching for common behaviors. Forensic evidence for investigations When you have careless users, you need to address their behavior quickly. The following straightforward actions usually do the trick: Talk to the employee and their manager Provide targeted secu |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | 150 about accessing accidental accuse acquisitions act actions activities activity acts address admin after against allows alone although analyze anonymous any are areas arise associated attack average avoid awareness backdoor bad based become before begin behavior behavioral behaviors best better bias blown book box brand breach browser business bypassing can careless cases cause caused cert changes characteristic choice clear code collaborate combination common commonly company company… compromised conflict confront conscious consume context contextual controls cost costly creating credentials critical cross culture customer cybersecurity damage data data daunting deal decision defend defining delicate delivers departments detail detailed detect determine determining developed different divestitures dlp doesn doing don download downloading due during early easy elaborated employee escalate every evidence exactly examples examples: exfiltrating expanded experienced exploit export external facing fact: factors fear files financial find first following forensic foster frequent from full functional gain get getting gives global going greater guidelines harm has have help helping helps here hiding high higher highest holistically hours how however human incident incidents includes indicators indicators: information informed insider insider insiders insight inspire installing institute intellectual intent intentionally intentions interactions interest intervene investigated investigating investigation investigations involved irrefutable irregular itm jewels” job just keep kept know latter lawsuit learn legal less library like likewise loss losses make malicious manage management manager may mean meaning mergers metadata might million mind misuse monitor more most motivate motivates motivations multiple need needed next occurs often once one organization other out over paint performance performing personal picture point points poor prevent privacy proofpoint property protect protecting provide provides quickly rather reasons recognize reduce reports requires research resentment resources response result risk rules running sabotage safe screenshots security seek sensitive severe should shouldn shows significant since single situations software some someone something source spot started starting stealing steps steps straightforward stress supervisor taking talk targeted tasks team teams than them these thorough threat threats threats through time timeline too tor training trick: trusted type typically unauthorized understand understanding unlike use user users usually various vector visibility walk want watch watching weak well what when whenever whether which who why wrong… you your “crown “if ” |
| Tags | Data Breach Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.