在大型公司和机构上的CyberAttacks举行了CyberActacks,最近索尼图片娱乐,有经理和投资者担心。但是有许多人没有考虑的威胁:在越来越多的情况下,呼叫来自房屋内部。
Cyberattacks.通常被外部人员或实体视为第三方攻击,寻求窃取敏感信息。但作为黑客渗透沃克的报道,透露华尔街公司和索尼事件揭示的初步细节,所谓的恶意内部人士也具有重大危害。
本周早些时候对金融服务的危险是突出的,当时Fireeye是加利福尼亚州米尔皮塔斯的网络安全智能和技术公司发布了一份报告describing the crimesof a sophisticated group that has been stealing sensitive deal information from Wall Street banks and asset managers for more than a year.
“这群体的不同之处在于它们似乎有一个华尔街背景,”威尔威尔威胁情报经理Jen Weedon说。“这些人似乎有内部人的事实是值得注意的。”
According to Eldon Sprickerhoff, founder and chief security strategist at Cambridge, Ontario–based cyberattack protection service eSentire, the group — which FireEye calls FIN4 — used simple technology to ensnare CFOs through e-mail pop-ups bearing each firm’s logo and asking for a user name and password.
Sprickerhoff, who says eSentire became aware of FIN4 in November 2013 and has since been advising its clients of the threat, says the hackers took full control of executives’ e-mail, allowing them to mine contact lists and make the rounds of nearly 100 biopharmaceutical and financial services companies. It’s not clear who the hackers are or what they’ve done with the information, but FireEye’s Weedon says the language they use and the data they target suggest that they could be current or former Wall Streeters.
本周,当索尼图片宣布遭遇数据安全漏洞,由朝鲜和可能赞助的黑客遭受数据安全漏洞,遭遇数据安全漏洞,遭遇了数据安全漏洞。亚博篮球怎么下串科技分析师建议该事件在本月晚些时候释放出现报复面试,一部主演詹姆斯佛朗哥和塞思ROGON的电影,这是亚洲最高领导人的金继红联合国批评。
A group calling itself Guardians of Peace took responsibility for the attack, which leaked several unreleased films to streaming sites as well as disclosing confidential salary information for top Sony executives and compromising thousands of user names and passwords for Sony Pictures computers and social media accounts.
But analysts have speculated that a Sony insider or insiders sympathetic to North Korea might have facilitated the breach. A person claiming to represent Guardians of Peace told technology website The Verge that the group “worked with . . . staff with similar interests to get in,” and security researchers have found a potential connection with seasoned North Korea hacking group Unit 121.
What may seem like a strange plot for a science fiction movie is more real than many managers understand, say experts, who lament the fact that cybersecurity threats are still often seen as something IT will deal with.
“It’s a governance process and a management process, not solely an IT process,” warns Deborah Prutzman, CEO of New York–based Regulatory Fundamentals Group, which advises funds, advisers and investors on regulatory requirements. “That’s a big misconception.”
“实际上,高级管理人员是很重要的itiate the dialogue with the IT department,” Prutzman adds. “IT people are often very much aware of the issues but may not feel empowered or are uncertain how to engage with senior management on issues that may require a change in front-office practices.”
这一建议可能没有停止索尼,家庭仓库,目标公司和一系列华尔街公司的最近的高调攻击,但它可以帮助公司更快地回应这种情况。虽然大多数网络安全专家呼应了短语“不是,但当”,但当“在讨论黑客瞄准的公司的可能性时,有些方法可以降低这些机会并减轻可能的损坏。
信用评分差或过去破产的员工通常被视为与联邦政府的就业人士的危险赌注。Gary Miliefsky,Snoopwall的IT安全专家兼首席执行官,旨在帮助个人的基于拉斯维加斯的服务,确定哪些移动设备应用程序在它们上“间谍活动”,这些应用程序也可能显示出最多的招聘经理当窃取信息的机会时,很容易腐败。
员工在公司做事时,员工成为恶意内幕的潜力会增长鼓励员工使用自己的计算机和其他设备进行工作根据Miliefsky的说法,当工作保障是一个问题时,据Miliefsky表示。“在沮丧的经济中,人类的行为走向黑暗的一面,”他说。
The good news is that “there are not a lot of talented malicious insiders,” Miliefsky adds. They usually get caught; the question is how long they were able to operate beforehand. To stay on guard, it may be time for companies to look inward.