All news with #insider risk tag

🤝 Organizations are creating a chief trust officer (CTrO) to elevate trust as a business differentiator, responding to breaches, product-safety worries and AI-related uncertainty. The CTrO typically complements the CISO by focusing on reputation, ethics, transparency and customer confidence while CISOs retain technical controls, incident response and security operations. Leaders stress the role must produce measurable outcomes and avoid becoming mere 'trust theatre' by tracking signals such as customer sentiment, retention and external certifications.

🔍 techUK has published its Anti-Fraud Report 2025, warning that fraud now accounts for 40% of crime in the UK and that an estimated 67% is cyber-enabled. The report urges improved collaboration across law enforcement, banks, tech platforms, telecoms and regulators and recommends a connected anti-fraud ecosystem, wider use of AI and machine learning, and a national Tell Us Once victim-reporting model. It highlights the scale of harm—global losses of about $1 trillion in 2024—and cautions that government action is still being finalised.

🔦 Shadow AI — the unsanctioned use of generative and agentic tools by employees — is creating a sizeable security blind spot for IT teams. Unsanctioned chatbots, browser extensions and autonomous agents can expose sensitive data, introduce vulnerabilities, or execute unauthorized actions. Organizations should inventory use, define realistic acceptable-use policies, vet vendors and combine technical controls with user education to reduce data leakage and compliance risk.

🤖 1Password’s 2025 Annual Report finds shadow AI is now the second-most prevalent form of shadow IT, with 27% of employees admitting they used unauthorised AI tools and 37% saying they do not always follow company AI policies. The survey of 5,200 knowledge workers across six countries shows broad corporate encouragement of AI experimentation alongside frequent circumvention driven by convenience and perceived productivity gains. 1Password warns that freemium and browser-based AI tools can ingest sensitive data, violate compliance requirements and even act as malware vectors.

🔍 Organizations are facing a growing threat from applicants who pose as legitimate job seekers but are in fact operatives tied to overseas actor networks. Recent cases — including a July 2024 incident at KnowBe4 and longer running campaigns tracked as WageMole and DeceptiveDevelopment — show perpetrators use stolen identities, deepfakes and remote infrastructure to gain employment. The article outlines practical detection cues for recruitment teams and containment steps to limit insider risk.

🛡️ In a short video for Cybersecurity Awareness Month, ESET Chief Security Evangelist Tony Anscombe explains how unsanctioned hardware and software — commonly called shadow IT — is creating security gaps in the remote and hybrid work era. He warns that growing employee use of generative AI further increases risk by exposing sensitive corporate data outside IT control. The video outlines practical steps IT teams can take to discover, govern and mitigate these hidden risks and points to related guidance on authentication, patching and ransomware resilience.

🔐 Sotheby's disclosed a cybersecurity incident first detected on July 24, 2025, after threat actors removed data from its environment. A two-month investigation found exposed information included full names, Social Security numbers and financial account details. The company notified impacted individuals and offered 12 months of identity protection and credit monitoring through TransUnion. An October update clarified the breach involved employees, not customers.

📞 Outsourced helpdesks are increasingly targeted by vishing and other social‑engineering campaigns. Attackers can exploit service‑desk privileges to reset passwords, disable MFA, enroll devices or elevate access, enabling lateral movement. Clients should require evidence of ISO 27001 compliance, enforce least‑privilege, strict caller authentication and continuous, scenario‑based agent training. Technical controls such as caller ID spoofing detection, deepfake audio checks and MFA on helpdesk tools — combined with MDR monitoring — help close this gap.

🔍 A new Enterprise AI and SaaS Data Security Report from LayerX finds that generative AI has rapidly become the largest uncontrolled channel for corporate data loss. Real-world browser telemetry shows 45% employee adoption of GenAI, 67% of sessions via unmanaged accounts, and copy/paste into ChatGPT, Claude, and Copilot as the primary leakage vector. Traditional, file-centric DLP tools largely miss these action-based flows.

🔁 CISO tenures now often last only 18–36 months, driven by burnout, startup pace, and escalating liability concerns. The role demands constant readiness for breaches, extensive cross‑functional communication, and navigation of company politics, which many find unsustainable long term. Larger enterprises typically retain CISOs longer thanks to scale and resources. As a result, some leaders pursue fractional roles, vendor careers, or advisory positions while organizations push for clearer standards and better board-level alignment.

🔐 The service desk is now a primary enterprise perimeter for attackers, with social-engineering groups like Scattered Spider converting routine requests into broad access — as seen in high-impact incidents such as MGM Resorts and Clorox. Training matters but is not enough; verification must be a security-owned, auditable workflow rather than an agent’s discretionary call. Implement mandatory controls so agents never view credentials, apply role-based verification depths, and use points-based contingency checks when MFA fails. Integrate the flow with ITSM so tickets launch verification automatically, returning results and telemetry for alerting and audit.

🛡️ Coherence is framed as the operational backbone for insider-risk programs, stressing shared meaning and alignment rather than surveillance alone. The author argues most insider incidents stem from two vectors — malicious intent and human error — both amplified by semantic drift. Building coherence requires aligning messaging across HR, communications, legal, and security, training for narrative fidelity, equipping line managers with rituals and lexicons, and creating feedback channels that surface drift before behavioral anomalies.

🔒 CrowdStrike announces four new innovations in Falcon Data Protection to help organizations prevent GenAI-driven data leaks across endpoints, cloud, SaaS and AI tools. The updates include real-time GenAI protections that span browsers, local apps and shadow AI services, unified out-of-the-box detections, AI-powered classifications, and a consolidated Insider Risk dashboard. Beta and general availability windows span late 2025 through mid-2026, with cloud features prioritized earlier.

🔒 The UK's Information Commissioner's Office (ICO) warns that pupils represent a significant insider threat in schools, reporting that 57% of education-sector data breach reports originate from students. In an analysis of 215 breach reports between January 2022 and August 2024, nearly a third of insider incidents involved stolen or guessed passwords, 97% of which were committed by students. The ICO highlights additional causes — weak data protection (23%), staff sending data to personal devices (20%), misconfigured access rights (17%), and deliberate bypassing of controls (5%) — and cites incidents where students accessed systems holding thousands of records. Practical recommendations include strong password hygiene, MFA, tightened access controls, prohibiting pupil use of staff devices, secure shared-device management, and better parental engagement.

🔒 Microsoft announced Purview innovations for Fabric at FabCon to unify discovery, protection, and governance across Azure, Microsoft 365, and Microsoft Fabric. New generally available controls include Information Protection policies for Fabric items, DLP for structured data in OneLake, and Insider Risk Management for Fabric. Preview features add DSPM data risk assessments and enhanced Copilot controls, while the Unified Catalog gains finer metadata, tagging, and data‑quality workflows to improve discoverability and trust.

🔒 McDonald's reportedly configured a major corporate system with the password 123456, illustrating a glaring failure in basic security hygiene. That weak credential makes systems trivially susceptible to brute-force and credential-stuffing attacks and indicates lax oversight of password policies, privileged accounts, and access controls. Immediate remediation should include forcing password rotation, deploying multi-factor authentication, implementing centralized secrets management, and auditing privileged access.

🔒 A 26-year-old man, Al-Tahery Al-Mashriky, has been jailed after UK National Crime Agency investigators linked him to the Yemen Cyber Army and uncovered evidence of widespread website breaches. Arrested in August 2022 in Rotherham, he defaced and compromised sites across North America, Yemen and Israel, including government and faith organisations. Forensically seized devices contained personal data, account credentials and other files that could facilitate fraud; he pleaded guilty and was sentenced to 20 months in prison.

🔓 A publicly accessible rsync repository tied to Blue Chair LLC subsidiaries, including Target Direct Marketing and Gragg Advertising, exposed backups and web configuration files containing personally identifiable information for over one million people. The leak included MySQL backups (≈5 GB) with a peg_historical table listing names, addresses, emails, phone numbers and education details. Gragg Advertising moved quickly after notification and secured the service within an hour, but the incident underscores risks from misconfigured rsync services and weak data retention practices.