DOD Picks Insider Threat Awareness Month to Train Staff in Threat Detection

Infosecurity Magazine | September 06, 2019

DOD Picks Insider Threat Awareness Month to Train Staff in Threat Detection
The United States Department of Defense (DOD) is marking the country's first ever Insider Threat Awareness Month by training staff in insider threat detection. The DOD, together with other federal agencies, will be teaching its employees to be on the lookout for indicators that a co-worker may be stealing sensitive or classified information, hatching a plan of sabotage, or plotting a violent attack. The training will include a reminder that contractors and anyone who has access to facilities could pose a threat. "Insider threats are posed by persons who use trusted access to do harm to the department's facilities, resources, or people," said Dr. Brad Millick, director of the Defense Department's counter–insider threat program within the Office of the Undersecretary of Defense for Intelligence. Millick warned employees to be on the alert for any incidences of ironically self-sabotaging plan leakage, a recognized psychological phenomenon where insiders with malicious intent can't resist talking about their plans before they put them into action.

Spotlight

Can You Afford Not to Have Threat Intelligence-as-a-Service'? In this infographic, learn more about why going “as-a-Service” is the most cost-effective way to address your security needs at every stage of the business cycle.  Keeping up with the ever-evolving elements of the threat landscape - information, brand, and physical security - is tough.

Related News

DATA SECURITY

Brane Capital, a Crypto Custody Company, Recently Earned Cyber Security Recertifications as well as Smart Contract Validation

Brane Inc. | April 05, 2021

Brane Inc., a major cryptocurrency custody provider, has earned important cyber-security recertifications that validate the company's rigorous security and risk management procedures. Brane completed third-party validation of its Ethereum smart contract code, the technology that drives non-fungible tokens (NFTs), by auditor Solidified, in addition to recertification at ISO 27001 and 27017 and NIST level 4 standards by audit and certification firm BSI. "We are fully committed to security as our top priority, and these third-party certifications validate Brane as a world-class pioneer in secure cryptocurrency custody," said Chris Desjardins, Vice President, Product. "As cryptocurrencies grow more prevalent in the global economy, our clients and partners are certain that Brane is one of the most accredited, verified, and security-focused companies in the sector." "Brane's key benefit is the blend of bank-grade security and cutting-edge technology, both built on a fundamental view of blockchain's unique opportunities and challenges," said Dave Revell, a Brane board member, and former EVP and Global Chief Information Officer for CIBC. "Brane has created a custody solution that satisfies the needs of banks and other financial institutions as cryptocurrency acceptance grows." "Obtaining ISO and NIST certifications will take several years and millions of dollars for major businesses. Brane's fast completion of these certifications demonstrates the power of our blockchain-native technology and information security management systems "Brane's founder and Chief Innovation Officer, Patrick McLaughlin, made the announcement. "With this primary strategic advantage, Brane is the perfect partner for financial institutions looking for a truly safe, user-friendly solution for digital asset custody." "As Brane becomes a bank for the world's newest asset class, security and accountability are woven into our company's DNA," said Brane President Jerome Dwight, who previously led Bank of New York Mellon's Canadian operations. "By combining an exceptional internal team with partnerships with other business players, Brane is committed to retaining its place of Canadian and global supremacy in crypto custody services." About Brane Brane is a blockchain innovation company that was established in 2017. Brane assists companies in understanding and utilizing the potential of blockchain and digital assets. Brane Vault, the digital asset custody facility, is ISO 27001 certified – the first in the world with cryptocurrency in scope – ISO 27017 certified, and NIST Tier 4 certified – the first company in any industry in Canada to achieve such certification. Brane Vault provides advanced proprietary technology and processes for over 20 preliminary patents, as well as being fully insured from fraud and crime.

Read More

DATA SECURITY

Flare-X to Launch New Platform to Protect Nation from Malicious AI Use

Flare-X | January 04, 2022

Flare-X has developed a new strategy to defend against the malign use of AI that can potentially affect the nation's welfare, security, and economy. With this vision in mind, Flare-X™, a local Amarillo company, tries to make things possible that were once impossible. As part of the process, the company has decided to launcha real-AI cyber ecosystem in the first quarter of 2022. This launch will help suggest the changes the nation has to undergo to protect itself from the malevolent use of AI. The platform's launch, the Flare- X™ Real AI cyber ecosystem, took over a decade of engineering efforts and hard work. According to Flare- X™, Real AI stands for next-generation AI. The Flare- X™ Real Artificial Intelligence is expected to do things AI cannot. By assimilating, analyzing, and using facts, AI systems help obtain further information. The Flare- X™ Real AI can do the following: Code software, Generate creative content, Make ethical decisions independently, Come to a final decision alone, Innovate and invent. Across every business function, the Flare- X™ Real AI cyber ecosystem will help to deliverastounding benefits. It can include solving the most significant challenges and complex problems.

Read More

Hyper-aware of all the possible types of cyber attacks to network & business

Cicco | June 20, 2020

IT security professional, you must be hyper-aware of all the possible types of cyber attacks to your network and your business. Now is the time to make sure your organization is able to identify and detect the most prevalent, and potentially the most harmful types of cyber threats against your organization. There are a number of common cyber attack techniques that make up intrusions, including multi-routing, covert scripts, protocol impersonation, and traffic flooding. As an IT security professional, you must be hyper-aware of all the possible types of cyber attacks to your network and your business. This has always been one of the most difficult parts of your job, considering the ingenuity and perseverance of the criminals we must guard against, and how frequently cyber attacks can multiply as our systems (and the technology we rely on) evolve and expand. And now, your security operations processes are further challenged as your workforce shifts to 100% remote. Now is the time to make sure your organization is able to identify and detect the most prevalent, and potentially the most harmful types of cyber threats against your organization today. The following are nine types of cyber attacks every security professional needs to be aware of. Intrusion refers to any unauthorized activity on your network, stealing valuable resources that result in placing your organization’s security at risk. Read more: SMALL AND MEDIUM BUSINESSES NEED TO IMPROVE THEIR CYBERSECURITY POST COVID-19 LOCKDOWN That is essentially a brute force attack—letting the computer do the work, trying possible combinations of usernames and passwords until it finds the right one. ~ Cyber Security thought leader There are a number of common cyber attack techniques that make up intrusions, including multi-routing, covert scripts, protocol impersonation, and traffic flooding. Network intrusions often present as unusual behavior, but not necessarily abnormal, which makes them difficult to detect and thus, slip under manual supervision. Perhaps the most vicious of threats posed by cybercriminals, ransomware seeks to hold business systems hostage for the purpose of extorting money from victims. It is one of the most common cyber attack models being used today, in large part because these attacks are successful and often result in payouts in the tens of millions. Over the years we’ve seen several examples of why ransomware is one of the most effective and dangerous types of cyber attacks. What does ransomware look like? An attack often begins with an on-screen notification that data on your network has been encrypted and will remain inaccessible until the specified ransom has been paid, and a decryption key will follow. Failure to pay results in the key being destroyed, rendering the data inaccessible forever. There are a number of common cyber attack techniques that make up intrusions, including multi-routing, covert scripts, protocol impersonation, and traffic flooding. Security insider threats occur when someone close to an organization with authorized access misuses that access to compromise your company’s data or critical systems. Insiders do not have to be employees; they can also pose as partners, third-party vendors, and contractors. That’s the most difficult aspect of detecting an insider threat—it begins with humans, not systems. We’ve all seen an action movie where the criminal mastermind uses a high-powered computer to cycle through thousands of passwords in order to access a government facility. Well, this common cyber attack is not necessarily the stuff of fiction. Among the best defenses against brute force attacks are multi-factor authentication, as well as requiring frequent password changes with complex alpha-numerical character combinations, making threat detection more likely. A distributed denial of service (DDoS) attack takes place when criminals attempt to disrupt normal traffic on a network or to a server or system. Typically this is done by overwhelming the target’s infrastructure with a flood of internet traffic. Think of it like a traffic jam clogging up the highway, preventing normal traffic from arriving at its destination. Data exfiltration is the unauthorized movement of data outside of your organization. Read more: TIME IS RIGHT FOR UNIFIED SECURITY SOLUTIONS, FINDS CHECK POINT'S DIMENSIONAL RESEARCH SURVEY

Read More

Spotlight

Can You Afford Not to Have Threat Intelligence-as-a-Service'? In this infographic, learn more about why going “as-a-Service” is the most cost-effective way to address your security needs at every stage of the business cycle.  Keeping up with the ever-evolving elements of the threat landscape - information, brand, and physical security - is tough.