INSIDER THREAT SECURITY BLOG

At this year’s RSA Conference 2014 in San Francisco, Gary S. Miliefsky of Cyber Defense Magazine (CDM) visited the STEALTHbits booth where we got to talking about who STEALTHbits is, what we do, and what we were talking with conference attendees about at the show. Here’s what Gary had to say about STEALTHbits in his post-conference annual trip report, included in CDM’s Cyber Warnings E-Magazine released on April 1, 2014: “I hung out with these guys for a bit and they told me that RSA Conferen…

Data security is an information technology topic that has moved beyond the walls of IT engineers and their peers to – well everyone else. Take for instance the recent security hole reported by Indiana University that resulted in an estimated 146,000 Indiana University students’ “personal data…inadvertently exposed to webcrawling programs since last March” per CNN. The personal data that was exposed; “students names, addresses, and Social Security numbers…stored in an unsecure location that a…

Sitting staring at the mountain of catch up here on my desk isn’t making me think the Gartner IAM Summit in London was a bad idea. It does make me want to distract myself. So my thoughts turn to Ant Allan’s part in the opening keynote. Opening keynotes by their nature are designed to be provocative. They cement thoughts that one ought to explore through the balance of a conference. One point Ant made certainly stuck with me: the death of least privilege. Simply summed up, this is the notion t…

There were 26.2 billion credit card transactions, 47.0 billion debit card transactions, and 9.2 billion prepaid card transactions that occurred in the U.S. in 2012. 1 That totals 82.4 billion transactions required to fall under PCI DSS Compliance and this number is only predicted to rise each year. Any business that stores, processes, or transmits any of this cardholder data is required to comply with PCI DSS (Payment Card Industry Data Security Standard). The PAN (Primary Account Number) on…

Downtime – It can be both a good and a bad thing. This, of course, depends greatly upon the context of the situation that the word is being used in. For example, having a little downtime while lounging on a sunny beach in Hawaii, sipping Pina Coladas and listening to classic rock is a much different scenario than having infrastructure downtime caused by a catastrophic change in Active Directory. In one case, the worst possible result may be a little case of sun burn and the realization that y…

Three months after the massive Target attack that resulted in 110 million consumers’ credit card and personal data being stolen; we are finding out that company size is irrelevant in the data breach conversation; as consumer confidence, market presence, and brand recognition are absolutely critical to an organizations bottom line – profitability. Since customer confidence, market presence, and brand awareness are all critical elements of profitability; we must ask ourselves – What protections…

Technology innovations within the healthcare industry have risen exponentially in the last decade – consequentially, so have data breaches and theft. In 2013 alone, millions of patients’ protected health information (PHI) was compromised, costing healthcare organizations billions of dollars. Some of this information was even dated back decades prior, affecting individuals no longer affiliated with the compromised organizations. The U.S. Department of Health & Human Services (HHS) “must p…

There is little excuse when an employee is granted access to data inappropriately. It’s even worse when that access is granted across lines of business without apparent reason. Worse still is when access to sensitive personally identifiable information (PII) and financial data is treated in that sloppy manner. If you also chuck in the fact that the business that gathered this sensitive data had been out of business for years, then you understand why the Barclays breach has got so many people …

The North American Electric Reliability Corporation (NERC) develops and enforces CIP (Critical Infrastructure Protection) Reliability Standards corresponding to the Bulk Power System (BPS). Users, owners, and operators of the BPS under NERC jurisdiction serve more than 334 million people in the US, Canada, and northern Baja California, Mexico with their electricity. The NERC Security Guideline for the Electricity Sector addresses risks that can arise in the daily business of electricity orga…