A recently released Insider Threat Report collected data from over 500 cybersecurity professionals to examine industrial efforts against insider threats. According to the report, although there has been a rise of insider threats over the last 12 months, organizations are not fully prepared for it yet. The report also examined which user categories showed the largest threat, the most vulnerable applications and data, common launch points for attacks, budget trends and more.
Last Friday, the White House launched a new security program, dubbed the “30-day Cybersecurity Sprint”, to fortify cyber security protocol across the government and encourage agencies to take specific initiatives over the next month to beef up the protection of proprietary information and prevent future hacking towards federal systems. These initiatives include: fixing cybersecurity vulnerabilities, tightening policies and practices for privileged users, implementing multi-factor authentication procedures and so on.
On the energy conference by Wyoming Infrastructure Authority, Michael Bobbitt, a supervisory special agent with the FBI, stated that the energy industry is facing significant threats from hackers, groups that intended to steal proprietary information and even terrorists. Energy industry should pay special attention to hackers who were especially interested in stealing intellectual property, such as a proprietary way to drill a well. Besides, hackers could also manipulate corporate equipment remotely and lead to real-world physical damages. To prevent this, energy companies should take more efforts in protecting data security both from external threats and from internal threats.
Employees of the St. Louis Cardinals are under investigation by FBI and Justice Department due to the allegation of hacking into databases of Houston Astros to steal player information and track player development. The subpoenas have been issued on the Cardinals and Major League Baseball for electronic correspondence. This attack would be the first known case of corporate espionage in which a professional sports team hacked the network of another.
Over the weekend, cyber security research Austin Epperson exploited a vulnerability in Uber’s petition website and leveraged it to change the content of some petitions and redirect visitors to Lyft’s homepage. The researcher then warned the company to be more cautious when using petition websites since they might be vulnerable to malicious hackers. Both Uber and Epperson stated that the customer information was never at risk.
Follow the SiteLock blog for the latest cybersecurity news and information.