BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Breaches, Breaches Everywhere, It Seems that Insiders Just Don’t Care!

Posted April 24, 2012    Peter McCalister

Let’s take a look at a few of the breaches being reported this week alone – all at the hand of insiders.
The Utah Department of Health reported that about 780,000 claims had been accessed by a hacker. Then they added that 280,000 people’s social security numbers were stolen and 500,000 people had less-sensitive personal data such as name, date of birth and address, compromised. How did this happen? Through a weak password. In this case, the affected server had a configuration error at the authentication level, essentially meaning that the server was put into production without the proper procedure, leaving the weak password protection vulnerable to an attacker.

South London Healthcare NHS is blaming the loss of two unencrypted USB sticks containing patient data on lack of staff training. These USB drives are reported to contain the personal data of 600 maternity patients and the medical and personal data of 33 children. Organizations have a responsibility to meet certain compliance standards and to properly train their employees on procedures and measures to protect sensitive information.
Emory Healthcare, Inc. recently announced it lost 10 computer disks containing information, including patient social Security numbers of about 315,000 surgical patients. The disks went missing from a storage location and while no other information has been provided, it would appear that an inside mistake led to the theft or misplacement of these drives.
And lastly, South Carolina Department of Health and Human Services discovered that a Medicaid employee inappropriately transferred personal information for 228,435 Medicaid beneficiaries to their personal email account. If employees are over-privileged situations like this are far more likely to occur.
What these four stories have in common is a reminder that insider threats pose a risk to companies of all shapes and sizes and that all organizations can benefit from implementing privileged access polices.

Leave a Reply

Additional articles

On Demand Webinar: Because Auditing Stinks Sometimes

Posted July 2, 2015    Lindsay Marsh

Auditing stinks. Well, mostly stinks. In this on demand webinar, lead by Group Policy MVP Jeremy Moskowitz, you’ll learn the three key tenets to real Group Policy auditing. Tenet 1: Why do you care about Group Policy auditing? Tenet 2: How does Eventing help you know “Who did what?” Tenet 3: How does Reporting tell…

skeletonkey3_713678_713680

Stopping the Skeleton Key Trojan

Posted June 29, 2015    Robert Auch

Earlier this year Dell’s SecureWorks published an analysis of a malware they named “Skeleton Key”. This malware bypasses authentication for Active Directory users who have single-factor (password only) authentication. The “Skeleton Key” attack as documented by the SecureWorks CTU relies on several critical parts.

Tags:
, , , , ,
webinar 2

On Demand Webinar: 10 Steps to Building an Effective Vulnerability Management Program

Posted June 26, 2015    BeyondTrust Software

In this on demand webinar, Cybersecurity Expert, Derek A.Smith will take you through his 10 steps for a successful vulnerability management program and how to get started now.

Tags:
, ,