Page 132 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 132

The Modern Business Has No Perimeter


            IF  THE  BOUNDARIES  ARE  EVER-CHANGING,  WHAT  DOES  THAT  MEAN  WHEN  IT  COMES  TO  THE
            ENDPOINT AND USER BEHAVIOUR?

            By Dr Jamie Graves, VP, Product Management, Security Analytics, ZoneFox





            According to Haystax Technology, in 2017, 90% of organisations reported feeling vulnerable to insider
            attacks -- up from 64% in 2015. This looked set to rise to 99% in 2018, thanks partly to the rise in risk
            from regular employees too. These stats tell us that a cyber strategy focused on protecting the perimeter
            is now futile -- employees have become the perimeter and they're always on the move, morphing said
            perimeter by logging onto the network from different devices and locations.

            Indeed, as 2018 reaches its final quarter, these predictions seem increasingly accurate. After all, when
            contemplating the various headline-grabbing cyber incidents from the past few months -- of which there’s
            certainly  been  no  shortage  --  the  truly  jaw-dropping  ones  have  tended  to  involve  employees,  with
            motivations ranging from ideology, revenge, and cold hard cash.



            An Unholy Trinity

            2018 saw Apple crowned as the first trillion-dollar company, closely followed by Amazon -- but that’s not
            all these technology giants shared in common. In July, news broke that Apple suffered an insider attack
            after a former employee stole data relating to its autonomous driving project before attempting to flee to
            China and eventually being arrested by the FBI. September saw Amazon staff caught selling customer
            data to third-parties in the US and China.

            Evidently, trillion-dollar valuations mean not only a lot of customer data, but also a large organisation to
            hide illicit activity within. Both of Apple and Amazon’s insider threats came after Tesla’s, whereby a past
            employee tampered with Tesla’s code for autonomous driving software and exported highly sensitive
            data to unknown third-parties. It transpired that the prime motivation behind the incident was an act of
            vengeance after being denied a promotion.

            Of course, insider threats abound in businesses of all sizes, not just technology behemoths. Earlier this
            year, a report from Cybersecurity Insiders revealed that two-thirds of US companies now believe that
            insider threats are more likely than external attacks. This is because, thanks to the ubiquity of shadow IT





                                 132
   127   128   129   130   131   132   133   134   135   136   137