The insider threat
by: David Jones
An interesting shift in mindset was on display at the recent RSA Security Conference in San Francisco. People have stopped focusing on perimeter security – which is essentially the act of stopping the bad guys from getting into your systems.
Almost every commentator was delivering the same mantra: Perimeter security is no longer enough. So why the change in mindset? And what was their alternative?
The answer is simple. Now, most security and/or data breaches are not where someone has breached perimeter security – people are intruding via perfectly legitimate usernames and passwords. Perhaps they’ve stolen the details, obtained via phishing websites, or even just by watching over someone’s shoulder when they enter their credentials. How that happens is not the point.
continue reading »
