Fortscale Insider Blog

insider threat security gates

26 Apr Insider Threat Security Gates—Wide Open

Lacking insider threat security? When an employee departs—will she or he have the ability to use prior credentials after termination? Recently, A U.S. federal court in Wisconsin ordered Indian IT provider: Tata Consultancies (TCS), to pay Epic Systems $940 million in damages. Why? Because an employee was using credentials from a previous contracting job to access Epic's Web portal, whereby this portal contained...

Read More
hacking team hacked

25 Apr Short-end security – How Hacking Team got Hacked

Recently, a hacker claiming responsibility for the July 2015 data breach of a firm called “Hacking Team”. Hacking Team is a European company based in Milan with subsidiary branches in Washington D.C. and Singapore. The company sells offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. The company’s product monitors the communications of internet users, deciphers their...

Read More
insider threat is like a volcano

25 Apr The Honest Truth to Insider Threat Security

Nobody wants to think they have an insider threat problem. But in any group you have at least one person that's bound to drag you all down with them. Whether by accident, on purpose, through ignorance, or just bad luck—they will cause some sort of trouble that ends in bad things effecting you all. If you don't see that in your...

Read More
Fort Friday Security Clips

22 Apr Fort Friday Security Clips—Cheap switches & C-suite Whaling

Bank heist that stole SWIFT credentials Reuters reported yesterday Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers (connected to the SWIFT global payment network). Reuters said "after the hack had taken place," the bank was advised to upgrade the $10 switches. Needless to say, security basics should always...

Read More
Cybercrime groups dangerous

21 Apr Cybercrime Groups More Damaging than Hackers

When you think of a hacker, one typically imagines a brilliant but sordid loner that lacks sustained motivation and is totally void of the discipline necessary to hold down a structured job. Certainly there are cyber crooks that fit that description. But lately there’s been an organizational shift among many top cybercriminals. The cybercrime industry, if I can call it that,...

Read More
insider threats

20 Apr Insider Threats – Is it really as intentional as we think?

A couple of years ago I was at RSA and I was being interviewed about insider threats. So when we think about the term “insider threat” we tend to think of someone with a malicious agenda. But when we weigh the percentages of security incidents that result in a breach due to insider malicious activity versus an individual simply making...

Read More
Data Breaches Worse than Thought

19 Apr Data Breaches Worse than Thought–Many Firms Not Reporting

Symantec’s recent Internet Security Threat Report confirms what many of us have suspected for some time–that the number of data breaches is worse than we thought because a significant number of firms don’t report the real number of stolen records. In 2015 there were nine mega breaches, and over 400 million records were reported stolen. But the study from Symantec indicates...

Read More
hackers

18 Apr Security Questions Not Hard For Hackers

Cybercriminals are increasingly obtaining the answers to security questions that only we are supposed to know. With that information these thieves can potentially gain access to our bank or other accounts. So in the annual push to get my taxes done and filed I kept thinking of last year’s IRS data breaches where hackers gained access to a number of online...

Read More
Fort Friday Security Clips

15 Apr Fort Friday Security Clips—Gov has lowest score for cybersecurity, ISACA LA

U.S. federal, state and local government agencies is riding the caboose in cybersecurity, when compared to 17 major private industries. The new report was released by SecurityScorecard on Thursday, and measured the relative security of government and industries across 10 categories. Security Scorecard’s benchmarking platform grades 10 security categories comprised of thousands of unique data points to determine a category score and then...

Read More
naughty list in behavioral analysis

14 Apr The Naughty List Is New Again

So Here's How to Pick the Better Behavioral Analysis Security Product . . . The security industry wants you to behave. That's apparently the latest hurdle to cybersecurity at the corporate level-- behaving. Now imagine a collapsed mother in near tears as kids knock over all the nice things that parents can't have and that's the security industry as a metaphor. Cybercriminals...

Read More