Tag

Insider Threats

Content tagged here examines threats originating from within an organization, including malicious employees, negligent staff, and compromised credentials. Topics cover behavioral indicators, monitoring tools, data loss prevention, insider threat programs, and organizational policies designed to detect and mitigate risks from trusted individuals.

posts

Tailgating Attack

Tailgating Attack Cybersecurity: The Threat at Your Door

In September 2019, a Chinese national named Yujing Zhang walked past security at Mar-a-Lago carrying a thumb drive loaded with malware. She told the front desk she was there to use the pool. That's tailgating — and it nearly compromised one of the most secured private facilities in the

Carl B. Johnson Dec 18, 2021 7 min read
Clean Desk Policy

Clean Desk Policy Cybersecurity: Your Cheapest Defense

In March 2021, a UK-based financial firm was fined after a visitor photographed sensitive client data sitting on an employee's desk — in plain sight, during a routine office tour. No hacking tools. No zero-day exploit. Just a smartphone camera and a messy workstation. That's the reality

Carl B. Johnson Dec 18, 2021 7 min read
Insider Threats

Insider Threat Examples: Real Cases That Cost Millions

In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal credentials. Within hours, the attacker had hijacked accounts belonging to Barack Obama, Elon Musk, Joe Biden, and Apple — tweeting a Bitcoin scam that netted over $100,000. The most sophisticated firewall in the world wouldn&

Carl B. Johnson Dec 20, 2020 7 min read
Insider Threats

How to Prevent Insider Threats: A Practical Guide

In July 2020, a 17-year-old in Florida convinced a Twitter employee to hand over internal tool credentials. Within hours, threat actors had hijacked high-profile accounts — Barack Obama, Elon Musk, Apple — and ran a Bitcoin scam that netted over $100,000. The breach didn't start with a zero-day exploit

Carl B. Johnson Dec 20, 2020 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threats

A Disgruntled Engineer, a Careless Accountant, and $11.45 Billion in Losses In 2018, a former Tesla employee reportedly sabotaged the company's manufacturing systems and exfiltrated sensitive data to third parties. That same year, countless organizations bled data because an employee clicked a phishing link or misconfigured a

Carl B. Johnson Dec 12, 2020 7 min read
Shoulder Surfing Attack

Shoulder Surfing Attack: The Low-Tech Threat You Ignore

A former employee at a financial services firm in Chicago watched his coworker type her password every morning for two weeks. He memorized it character by character. After he was terminated for performance issues, he used those stolen credentials to access the company's client database from a public

Carl B. Johnson Oct 10, 2020 7 min read
Insider Threats

How to Prevent Insider Threats Before They Cost Millions

In 2022, a former employee at Cash App's parent company, Block Inc., downloaded reports containing the personal information of over 8 million customers — months after they'd left the company. The access was never revoked. No alarm was triggered. The breach wasn't discovered until the

Carl B. Johnson Oct 01, 2019 7 min read
Insider Threats

Malicious Insider vs Negligent Insider: Real Threat Guide

One Employee Stole Data for Profit. The Other Just Clicked the Wrong Link. In 2022, a former employee of a major healthcare organization was sentenced to federal prison for stealing patient records and selling them. That same year, the Verizon Data Breach Investigations Report found that 82% of breaches involved

Carl B. Johnson Oct 01, 2019 7 min read