After a string of concerning news about some of the world’s biggest brands falling victim to cyber attacks (insider threats), it’s only natural to devote a great majority of your security budget to defending your business from outsider threats. After all, if hackers can penetrate the gates of companies like Sony Pictures, Target, or the University of Calgary, then it should be evident that you must focus on hardening your security from the outside-in, right?
While cyber attacks are a danger, you mustn’t ignore or dismiss the risks that insider threats pose to your company. According to a report from Forrester Research, insider threats are the main source of data breaches. U.S companies alone lost $40 billion in 2014 because of employee theft and fraud.
However, in spite of the importance of keeping your network protected from malicious insiders, many businesses continue to ignore such breaches. That mentality must change. If insider security isn’t your focus yet, you should strive to educate yourself and stay up to date with the latest news.
There is a wealth of knowledge on insider threats and protection strategies on the Internet, but it’s difficult to know where to start. To give you a hand, we’ve compiled a list of the best 17 blogs that discuss topics such as how to protect your network from insider threats, how to prevent them, and other issues that are relevant to your business.
To make things easier, we’ve also provided a link to each blog and their Twitter account.
In no particular order, here at the best 17 blogs covering insider threats topics
ThreatPost is an award-winning security news website, part of The Kaspersky Lab. The editorial team produces content on a variety of topics that are relevant to any business looking to protect its network from insider threats. Due to its great articles and feature reports, ThreatPost has become one of the most important resources for online security, and it’s often cited by major publications, such as The Wall Street Journal, USA Today, or The New York Times.
Digital Guardian is a data security blog run by an American data loss prevention company which provides software to both corporate networks and consumers. With hundreds of corporate clients, including seven of the ten largest brands in the world, Digital Guardian is considered a leader in the data loss prevention niche. So, they definitely know what they are talking about.
In addition to data loss prevention and protection articles, they also offer valuable content on protecting yourself against malicious employees, data leaks, and insider data theft.
The Security Ledger is a security news website that covers a host of cyber security issues and their impact on business, commerce, politics, and even everyday life. Their well-reported articles are a great source for companies that want to stay on top of the latest news on security threats. Their stories have appeared on the front pages of leading technology news sites, such as Slashdot.org or Techmeme, and their work has been recognized as groundbreaking.
The Network Security Blog is run by Martin McKeay, a security advocate for Akamy and a security specialist with over ten years of experience in the field. His articles and podcasts offer plenty of insights on privacy, cyber defense against insider threats, and so on.
As a company whose main focus is to protect your IT infrastructure and prevent insider threats, our ID blog is full of valuable information. We provide frequent, quality content covering a full range of IT infrastructure issues, access and identity, auditing, and privileges for 3rd party applications and servers. Not only that we have excellent insights when it comes to insider threats, but we also write in an easily comprehensible and engaging style, which is a rare trait among security writers.
Dave Shackleford is a security consultant, entrepreneur, and founder of Voodoo Security. He previously worked as a Security Manager for AirTran Airways and Chief Security Strategist at EMC and has a vast experience in the realm of information security. His knowledge and analytical approach to information technology can be seen through his blog posts where he covers topics such as penetration testing, vulnerability assessment, log management, and intrusion detection.
Naked Security is an award-winning computer security news site and a trusted resource for all things infosec. They have a massive readership that tunes in regularly to get the latest security news. And it’s not hard to see why. Their articles are well-written and provide valuable information on a variety of topics, from how to secure the web and email gateway to SharePoint security and mobile control.
If you want to educate yourself about insider threats, vulnerabilities, and technology trends, then Dark Reading is your go-to resource. One of the most popular cyber security news sites on the Internet, Dark Reading has created a strong community of CISOs, security researchers, and technology specialists. Their vast list of authors and contributors has plenty of insights to offer that are relevant to worldwide businesses. They also offer an annual Insider Threat Report where they reveal common barrier to insider threat management and popular approaches to monitoring user behavior.
ObserveIT is an insider threat blog that focuses on empowering businesses to identify and protect themselves against malicious employees and negligent behaviors of third party users. They share news, opinion articles, and tips on a vast array of insider threat hot topics, such as insider attacks, threat detection, data loss prevention, and best practices.
Covering industry news and trend on cybersecurity, insider threats, access control, data loss prevention and management and so on, Security Magazine is a must follow for any respectable CISO who wants to educate himself and stay current.
As part of Carnegie Mellon’s Software Engineering Institute, the CERT Insider Threat Center is devoting to identifying and combating the various cybersecurity issues a company might face. Their articles uncover information from their research and are a valuable resource on how to identify potential insider threats in your company, prevent them, and establish a successful process to manage them if they happen.
The FireEye blogs (yes, blogs) provide information on the threats affecting today’s organization. The site is compiled of three main sections. First, there’s the threat research blog, which discusses cyberattacks, threat intelligence, and threat research topics. Then, there’s the product and service blog which is focused on the latest updates on FireEye’s services. And, lastly, there’s the executive perspective blog which covers the latest news and trends in cyber security and their impact on businesses.
CSO provides news, research, and analysis on a vast array of risk management and security topics. Their main focus includes insider threats, loss prevention, identity and access management, information security, and more.
Threat Stack’s mission is to provide valuable insights to companies on how to operate securely in the cloud. And, they deliver. Their articles, whitepapers, and case studies are a great resource for any CISO who wants to stay on top of the latest news and trends in the industry. They also offer plenty of solutions on how to monitor your network and strategies for dealing with insider threats.
Trail of Bits was founded in 2012, but its creators, Alexander Sotirov and Dan Guido, have more than ten years of experience between them. Sotirov specializes in exploitation techniques, and Guido specializes in application security. So, you can only imagine how insightful and helpful their articles are. If you were looking for a resource that can give you the information you need to make better strategic defense decisions, then look no further than Trail of Bits.
Run by Matthew Pascucci, a cyber security architect, privacy advocate, and freelance writer, the Front Line Sentinel is an amazing resource covering a host of topics. His articles are extremely valuable for CISO’s who want to increase security against both insider and outsider threats and are written in a very engaging way.
If you want to stay current with the latest security news, Brian Krebs, the creator of the highly successful blog Krebs on Security, is the guy to follow. With more than 14 years of journalism experience as a reporter for the Washington Post, Brian Krebs is one of the most-known names in today’s cybersecurity landscape. He covers topics from the latest cyber attacks and privacy breaches to tips on how to keep your network and servers protected against insider threats.
With all this information at your fingertips, you have no excuse now not to educate yourself about the risks posed by insider threats.
Of course, this list is not exhaustive and there are many other great blogs that are worth your time and attention. Let’s find them together. Tell us what other blogs we should include on the list and why.