The rising adoption of digital processes in manufacturing has fundamentally changed how this sector does business. The increased reliance on digitization and network connectivity has sharpened the risks of company data exfiltration, intellectual property damages, and more, especially those stemming from insiders. Insider threat actors operate from a position of trust that allows them to circumvent security and evade detection for months, if not years.
Manufacturing ranks among the top five industries with the highest reported insider breaches and privilege misuse. In Verizon's Data Breach Investigations Report, nearly 40% of the cybersecurity incidents in manufacturing traced to insiders, including partners and third-party vendors. The same report outlined 57% of database breaches to an insider within the organization.
According to a CISA report, the manufacturing sector reported the highest number of insider attacks among companies in the critical infrastructure sector. These incidents can be perpetrated by employees of all ranks, contractors, third-party vendors, and partners resulting in severe damages to businesses of all sizes. IBM's annual Insider Threat report estimates the average cost of insider attacks rose by 31% in 2020 to $11.45 million from the previous two years, and the number of insider incidents climbed by 47%.
Insider security breaches in manufacturing are now an impending reality requiring companies to safeguard themselves. This article dives deeper into the dynamics and challenges leading to the rise of insider incidents in manufacturing and ways to mitigate those.
Research data shows insider threat is a dominant risk in the healthcare industry. According to the 2019 Verizon Insider Threat Report, insider threats affected 46% of healthcare organizations. Healthcare is the only industry where insiders were responsible for a higher percentage of breaches than external threat actors (Figure 1). In addition to healthcare staff, contractors, executives, and former employees collectively contribute to the problem.
Social engineering is an insidious way of getting "insider access" into an organization's network and data. Threat actors use it to gain sweeping access to carry out sophisticated attacks while evading detection. This "insider" leeway of social engineering makes it an alarming threat that cybercriminals are routinely exploiting now more than ever.
Remote learning is now an inevitable reality for academic institutions. Even before the pandemic, remote learning was on the rise. The pandemic has only made that trend more pervasive and dominant across institutions, most notably among the public schools.
The Multi-State Information Sharing and Analysis Center (MS-ISAC), a federally funded threat intelligence and cybersecurity advisory organization, recorded a 19% increase in cyberattacks targeting K-12 schools in the 2019-2020 school year. Based on the rising trends of alerts from the academic sector, MS-ISAC projects the number of cybersecurity incidents targeting institutions to jump by 86% in the upcoming academic year.
Nowadays, financial institutions are the custodians of more than just money. They are also keepers of sensitive personal and financial data. As the financial sector leans more towards the cloud and other digital technologies, this data is exposed to cybersecurity threats
October is a month that generates much buzz amongst the cybersecurity community. It’s National Cybersecurity Awareness Month (NCSAM) – a time when security professionals work around the clock to raise awareness of growing cyber risks amongst general user communities.
Ransomware has become an annual event for many organizations, costing them millions in lost productivity and revenue. While there have been some notable successes in fighting off this threat, the industry as a whole must continue strengthening its resolve in order to safeguard against future attacks. Part of this can come down to recognizing the role that users and employees play in fighting off these attacks and providing them with info and tools they need to help reduce risks.
This podcast is brought to you by Veriato.com. Today, Michael Owens, the Business Information Security Officer at Equifax, joins Dr. Christine Izuakor to discuss the risk that ransom attacks on a service providers such as Kaseya can have on their downstream client organizations.
The Kaseya ransomware attack is an eye-opener of sorts. The rising success of ransomware attacks lies in bringing business operations to a grinding halt. In attacks similar to Kaseya, several downstream organizations are forced to stop their operations. The recovery period runs into several days, if not weeks.
Whatever be the size of your company, today, every organization has to rely on third-party solutions and personnel. As supply-chain exploits keep rising, the question that looms large for security leaders is "how to keep organizations safe in an era of Kaseya and Solarwinds attacks"?
In 2020, ransomware attacks increased by 150% from the previous year, and ransom payments grew by 200%. That trend is up in 2021. Within the first six months of this year, many high-profile ransomware attacks targeting critical infrastructure, municipalities, financial institutions, healthcare, and other businesses have hit the headlines. The impact of these attacks spans beyond the victim enterprise, affecting their ecosystem of partners, supply-chain, customers, and even the government.
The escalation in cybersecurity breaches as seen in 2020 has continued well into 2021. According to Verizon’s 2021 DBIR, so far they have looked into 29,207 incidents worldwide. These incidents boiled down to 5,258 confirmed data breaches. An analysis of these breaches shows:
Many of these breaches were financially motivated, targeting sensitive data that can be easily monetized and lucratively too.
Human negligence, consistent with previous years, was the biggest threat to security. Cybercriminals are heavily exploiting social engineering tactics to gain a foothold in enterprise infrastructure. The human factor, intentional and otherwise insider threats, needs serious attention.
With so many new vendors pitching "Insider Threat Detection", how do you separate marketing fluff from reality? Join us in our latest Podcast as we discuss selecting the right tool for your unique business needs.
In our latest podcast, we take a deep dive into the gloomiest part of the internet, the “Dark Web” as we try to demystify everything we think we know. This is the realm of internet land where criminals and offenders can be found lurking around every corner. Though there is some truth to this perception, there are also many misconceptions about the Dark Web and its role in the security or insecurity of businesses. Join Dr. Christine Izuakor and a special guest from Equifax, Dr. Michael Owens as we unravel the Dark Web.
Brought to you by www.veriato.com
In our latest podcast, we discuss 5 of the most concerning trends and statistics over the past year. Join Dr. Christine Izuakor and Frank McGovern, Cybersecurity Architect as they discuss various cybersecurity topics such as the rise of internal threat actors, security and awareness training, and addressing the human element.
Join us in our latest episode hosted by Christine Izuakor and Anthony Lauderdale, Head of Cyber Defense at Zoom, as we discuss the evolution of Employee Monitoring Software, and how the technology can be utilized to increase operational efficiency and data security in the new remote world. We also discuss Insider Threat Detection and how employees could be influenced by financial data to exfiltrate intellectual property.
A typical company has various cybersecurity measures in place to make sure all data is secure while employees are at the office. But the Pandemic changed that so how have companies extended those same measures beyond the office into the home? Listen to our latest Podcast with Dr. Christine Izuakor as we discuss.
The 2020 pandemic resulted in significant challenges to health, wealth, business, and cybersecurity. The early part of the year saw a rapid movement to a remote workforce. According to Gartner, 88% of companies sent their workforce home to work during the height of the pandemic. This remote work environment is continuing for many organizations in 2021.
The COVID-19 pandemic has had serious repercussions on the global economy and has also forced millions to work remotely from their homes. According to analyst firm Gartner Inc., amid Covid-19, 88% of enterprises shifted to remote working for their employees. And, this Work From Home (WFH) isn't going away in the foreseeable future. With companies such as Deutsche Bank now offering long-term WFH to all employees until July 2021. So how do we continue to manage security and compliance in this new remote world?
Join us as we discuss a zero-trust approach to cybersecurity, starting with User and Entity Behavior Analytics.
Regardless of size, all companies will need to conduct an employee investigation in some shape or form. The key is having a reliable set of data to prove indisputable innocence or guilt. Join Cybersecurity expert, Dr. Christine Izuakor and Intelligence expert, Virgil Capollari as they discuss this topic in detail.
Companies will need to permanently account for securing remote workers whether they want to or not. This is the new norm. Join Christine Izuakor and Rolando Lopez as they discuss the measures companies are taking to fully ensure that their company's data is secure both in the office and at home!