password-sos1

Windows 10’s Security Reboot, Part I: Authentication

There’s incredible excitement about the Windows 10 release. If you completely quantum leap over Windows 9, you’d expect big things. In December, I was talking with NYU-Poly’s Professor Justin Cappos. He’s a security expert and had nothing but high praise for Microsoft’s security group. But he added their cutting-edge research doesn’t necessarily make it into…

iamyourcustomer

Timely Cybercrime Analysis from FINRA

Hackers stealing passwords, credit card and social security numbers, and health insurance IDs can lead to significant dollar losses. But let’s think the unthinkable: hackers getting access to our retirement, 401(k), and brokerage accounts. Of course, that’s where the real money is. The Financial Industry Regulatory Authority (FINRA), an independent watchdog group, recently published a…

Inside the World of Insider Threats, Part IV: Conclusions

We’ve covered a lot of ground in this series of posts on insider threats. To quickly review, insiders who commit IT sabotage or theft of sensitive information are more technical employees with a predisposition to destructive behavior. However, there’s usually a trigger event associated with a job or career disappointment that puts them over the…

CC_No_33_Sherlock_Holmes

Inside the World of Insider Threats, Part III: Means and Opportunity

If you’ve been reading along, you’ll know that the psychological motives for insiders are complex and worthy of a flowchart. In fact, in our last post we showed you a chain-of-event graph used by real security researchers. After insiders go to the dark side, they have one big advantage over outsiders: by default they are in…

Cookie_jar

US National Breach Notification Law Gets its 15 Seconds

You’re excused if you missed the very brief mention of a new data security law in the President’s State of the Union address two weeks ago. It received a sentence or two somewhere towards the end of the speech. The White House published the proposed legislation (The Personal Data Notification & Protection Act) on its…

Hagadone Logo

Varonis Delivers Real-time Data Insight to Hagadone

The Hagadone Corporation is a privately held, U.S.-based company that owns and manages more than 30 businesses spanning the communication and hospitality industries. Hagadone needed to find a software solution that would help its IT group take control of Active Directory as well as the unstructured data stored on the company’s rapidly growing servers. It…

Inside the World of Insider Threats, Part II: More on Motivation

One area the CMU CERT researchers looked into was the chain of events that cause a law-abiding employee to become an insider menace. For those who want to learn about the models the CMU team came up with, they’re welcome to read this fascinating paper on the topic. But I think I can summarize the…

In_the_office_1

Inside the World of Insider Threats, Part I: Motivation

As someone once said in a different context, never let a good crisis go to waste. While we still don’t have definitive proof, there’s good evidence that employees were in some way involved in the Sony meltdown—see Did North Korea Really Attack Sony? from Schneier. The larger point is that the Sony breach opens the…

campbell-logo

Varonis Keeps Client and Company Data Protected and Private at Campbell Global

Campbell Global is a leader in sustainable timberland and natural resource investment. The company manages approximately 3.1 million acres of land globally and about $6.1 billion in assets. Based in Portland, Oregon, its 300 employees are spread throughout 25 offices. The company critically needed a reliable way to closely document, track and manage activity associated…