Fear, uncertainty, and doubt (FUD) is no longer just another fancy blockchain-related term used to influence the public’s and investors’ opinions. This concept thrives in many fields, turning our attention to the problems of data, system, and operational security. In this article, we discuss the FUD meaning in cybersecurity and how this concept works.

Cybersecurity threats have been a headache for the hospitality industry for many years. When the COVID-19 pandemic turned this industry upside down, attempts to stay in business put many hotels in an even riskier position in terms of security. For example, many organizations followed the example of hotels in Amsterdam that diversified their services and turned guest rooms into offices for remote employees. Such moves generated profit for the hotels but also created new vulnerabilities.

The more access rights an employee has, the more possibilities they have to misuse or abuse privileges. According to the ENISA Threat Landscape 2021 report, a third of surveyed organizations suffered from privilege abuse by insiders during the period from April 2020 through July 2021. That’s why establishing an appropriate level of privileged account management plays a significant role in ensuring your organization’s cybersecurity.

Privilege abuse is the top misuse-related reason for data breaches according to the 2021 Data Breach Investigations Report by Verizon. To mitigate the risk of data leaks and other incidents, it’s crucial to enhance the protection of critical assets and keep a close eye on the activity of privileged users. Yet it can become a real ordeal for an IT security manager not only to secure access to their organization’s servers but also to track and manage all privileged sessions.

Detecting malicious activity takes weeks or even months despite the many efforts companies put into building cybersecurity threat detection systems. You can increase your chances of uncovering malicious activity by studying insider threat techniques and applying diverse detection methods. In this article, we discuss the most common techniques behind insider threats and their possible indicators as well as ways you can detect insider threats in an efficient manner.

Proper implementation of a user and entity behavior analytics (UEBA) tool can solve lots of cybersecurity challenges by detecting well-hidden and slowly executed attacks, automating the analysis of alerts and logs, and speeding up incident investigation. It can even help you improve employee productivity. But implementing a UEBA solution also requires a lot of time and effort along with a clear understanding of how you are going to use it.

Protecting your sensitive data and other critical assets requires establishing secure access to them in the first place. Lots of organizations do this by protecting their remote servers and corporate systems with SSH keys. However, even SSH keys can be compromised and abused by malicious actors. In this article, we talk about SSH keys and their role in secure authentication processes as well as about the benefits of effective SSH key management.

Departing employees are a source of insider threats that often get overlooked. According to a study by Biscom, one in four departing employees steal data when leaving. Whether they do so out of negligence or with malicious intent, such cases can only have negative outcomes for organizations, from losing their competitive advantage to facing penalties for non-compliance with cybersecurity requirements.

When presented with an opportunity, people who never even planned to attack your organization may turn into a severe cybersecurity threat. Forget to block a dismissed employee from accessing your system and they may steal or alter your critical data. Grant a third-party contractor excessive access to your infrastructure and they may cause a serious data breach. That’s why it’s crucial to make sure you don’t give insiders an opportunity to turn malicious.

Using unapproved tools, software, and devices is risky. You never know what vulnerabilities so-called shadow IT may have. The pandemic that began in 2020 put a new spin on the shadow IT problem. The sudden need to handle all processes remotely was a true challenge, since the majority of corporate networks were not configured to be safely accessed by employees from home.