Insider threats, such as those associated with the Marriott breach, are considered one of the top concerns in IT security due to the devastating impact on business, reputation, loss of sensitive data, and significant fines. Security solutions that rely on allow lists / block lists and signature files fall far short in their attempt to mitigate this threat. Machine learning and behavioral analysis are uniquely suited to immediately identifying anomalies that indicate an insider threat before any data is lost.

This paper is a theoretical study looking at three famous cases of insider attacks that occurred over the past six years. The paper defines the facts of the attacks and information on the attackers. It then theorizes how a behavioral analytics engine could have been used to detect and prevent these attacks. Although theoretical, the analysis is focused on technical facts rather than on opinions, so that objectivity is maintained. All facts referenced in this document are publically available. No confidential or classified data is used in this document.

From the report, “The large-scale attacks and disastrous outcomes in this paper underscore the fact that targeted phishing is the overwhelming cause of nearly all breaches. Phishing attacks cost companies an incalculable amount of money, prestige, goodwill, confidential data, and competitive advantage, as well as brand identity and integrity. The Verizon Data Breach Investigations report supports the overwhelming impact of phishing, which targets businesses consistently across email, web, and network traffic. Siloed approaches lead only to siloed and ineffective protection. Partial, reactive defenses such as employee education, perimeter protection, and spam filtering simply don’t work against today’s phishing threats.”

From the report, “During the last few months, global corporations have been extremely busy with implementing the needed changes in order to be compliant with the upcoming GDPR regulation. While this happens, cyber-threat actors are preparing themselves for the possible consequences, without a clear picture of whether GDPR will hurt them or benefit them. According to the General Data Protection Regulation (GDPR) any company that handles European Union consumer personal data is obligated to take tangible steps to ensure the information’s security. This means the EU sees any organization that uses EU citizens’ data of any kind, responsible to protect it, whether the organization is headquartered inside EU territory or not. It will, of course, affect the way global corporations handle consumer data encryption, but in even more basic terms, it will affect what kind of information is permitted to be stored and passed along to other users.”

The 2019 SIEM Survey Report represents one of the most comprehensive surveys on SIEM to date, designed to explore the latest trends, key challenges, and solution preferences for SIEM.

This report takes a look at the healthcare industry and seeks to provide insight into the cyber security issues that remain in that industry.

From the report, “DOur objective was to (1) summarize unclassified and classified reports issued and testimonies made from the DoD oversight community and the Government Accountability Office (GAO) between July 1, 2017, and June 30, 2018, that included DoD cybersecurity issues; (2) identify cybersecurity risk areas for DoD management to address based on the five functions of the National Institute of Standards and Technology (NIST), “Framework for Improving Critical Infrastructure Cybersecurity,” April 16, 2018 (Cybersecurity Framework); and (3) identify the open DoD cybersecurity recommendations. This summary report also addresses the Federal Information Security Modernization Act of 2014 (FISMA) requirement to provide an annual independent evaluation of the agency’s information security program by using the identified findings to support the responses made in our assessment.”

This Impact Report provides insights into consumers’ views on authentication. Consumers often don’t understand the mechanics of technologies very well, or even why they’re being used, but they have definite preferences about how and when they want to engage in authentication activities.

From the report, “Widespread data breaches, the EMV migration, and efforts to extend the longevity of the SSN, have created an ideal environment in which synthetic identity fraud is flourishing. Furthermore, consumers’ physical and digital footprints are becoming more complicated, meandering across locations, devices, and geographies. This makes it more difficult than ever to differentiate legitimate user behavior from fraudsters. Businesses need to prevent synthetic identities from entering their ecosystems by understanding anomalies to individual user behavior and helping to correlate the seemingly disconnected events and security incidents in real time. Combining historical and real-time data and leveraging machine learning to analyze individual behavior across channels can reveal complex patterns to help detect and block synthetic identities without causing friction for real customers.”

The ThreatMetrix Payment Processor Cybercrime Report is based on actual cybercrime attacks last year that were detected by the ThreatMetrix Digital Identity Network (the Network) during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

The ThreatMetrix Gaming and Gambling Cybercrime Report is based on actual cybercrime attacks in Q2 2018 that were detected by the ThreatMetrix Digital Identity Network (the Network) during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

This report offers insight into the cybercrime events of 2017.

This report offers these key insights: 49% of all transactions analyzed in gaming and gambling come from a mobile device, Identity spoofing remains the biggest threat to the industry, and Automated bot attacks can account for around half of daily gaming/gambling traffic during periods of peak attacks.

APAC continues to be an exciting region of huge growth, evolution and change; increasing its vulnerability to organized, global cyber attacks. This is particularly true given APAC has a particularly strong cross-border footprint, with a high proportion of digital transactions criss-crossing country boundaries. Cross-border transactions are considered riskier by most organizations, driven by the fact that they are far more likely to be automated bot attacks than domestic transactions, and attract higher instances of location spoofing, as fraudsters attempt to hide behind VPNs and proxies to mask their true location.

This is ThreatMetrix’s Report of events from the second quarter of 2016.

This report from ThreatMetrix compiles the data from their 2016 Cybercrime report to provide insight into the threats in the European sector.

This report offers insight into global threats that occur during the Holiday shopping season.

From the report, “Without trust, the future of our digital economy and its nearly limitless potential is in peril. Piecemeal efforts to address cybersecurity issues—including the Internet’s inherent flaws, vulnerabilities from the Internet of Things (IoT), identity and data veracity and increasing digital fragmentation—have fallen short. Through their decisions above ground on industry-wide governance and their business architecture and technology infrastructure below ground, however, CEOs can have the influence necessary to collaboratively address these overarching issues.”

A new survey by UBM and Vera Security explores the use of encryption and access controls to understand how organizations currently use these technologies and to identify their top priorities in file security. The results of this research establish the reasons why encryption isn’t more widely used and considers how organizations can use this technology effectively to ensure the protection of their data.

How to make threat intelligence relevant to executives, business stakeholders, security operations and incident responders

Ponemon Institute is pleased to present the findings of Assessing the DNS Security Risk, sponsored by Infoblox. The purpose of this study is to understand the ability of organizations to assess and mitigate DNS risks. As part of the research, an online index has been created to provide a global measure of organizations’ exposure to DNS security risks and assist them in their response to DNS security risks.