Tag Archives: Imperva Amichai Shulman

Notable rise of in-house data theft recorded

The percentage of employees who steal data from their employers has jumped upwards according to a survey in which respondents were asked whether or not they would consider the theft of secrets in the event of being dismissed from their positions.

Over 1000 people took part in a survey conducted in the UK by Imperva and it was discovered that 70 per cent of those questioned had already planned to steal from their employers if they lost their job.

Twenty – seven per cent said that they were planning to take intellectual property owned by their employers while 17 per cent favoured the theft of customer details.

What is perhaps more worrying is that a majority of the respondents said that they had prepared in advance by storing the appropriated data on a personal device, in anticipation of potentially being put out of a job. Eighty – five per cent said that they had data on their home PCs which belonged to their employer, while 59 per cent said that they would plan to steal data in anticipation of a job change not just a straight forward dismissal.

Imperva’s Amichai Shulman, said that he does not believe the employees are acting maliciously but rather that, in their understanding, the termination of their employment entitles them to take ownership over any data which is in their possession.

Last year Cyber-Ark conducted a survey along the same lines as this and discovered that 48 per cent of those questioned would steal corporate data in they lost their job without warning and 39 per cent would take data they thought would be saleable to rivals, if they discovered that their position with their current employer was uncertain.

Cyber-Ark’s Mark Fullbrook, came out to respond after the publication of Imperva’s study and said that the protection of corporate data from employee exploitation is a difficult area because granting access to the data was necessary to ensure productivity and controlling privileges is difficult.

Mr Fullbrook also pointed to reductions in IT budgets as key in restricting a business’s ability to protect data.

Majority of data loss has malicious roots, survey finds

A new report has galvanised claims, that most data loss incidents suffered by businesses and organisations are caused deliberately and with underlying malicious intent.

A data protection firm conducted a study that took answers from more than 1000 international professionals and it found that 62 per cent of recorded data losses are carried out with harmful motivations driving the antagonists. This figure is broken down into two halves, with 29 per cent of losses occurring as a result of external attacks from hackers, while internal security breaches, initiated by employees, are responsible for 33 per cent of data loss incidents.

Imperva discovered that most IT experts believe the best way to protect private data and corporate systems is to combine both technological deterrents, as well as improving data loss prevention policies, so that staff are better trained.

The report concluded that the use of firewalls is still one of the most significant ways to reduce the chance of losing data to third parties, while point to point encryption of data and the implementation of augmented network technologies, can also have an impact on the total number of losses.

The report unearthed unsettling information relating to the inability of many businesses to actually register when a loss has occurred or an attack been attempted. This leaves close to 66 per cent of businesses without any way of knowing whether or not data has been compromised.

Forty six per cent of firms that were able to keep track of when data was taken illicitly, said that the number of data loss incidents was falling slowly, compared to the 27 per cent who had not detected any drop in the figures year on year.

Imperva’s Amichai Shulman said that most IT security managers were having to navigate a complex route filled with new technologies and mutable threats, in order to properly protect the data for which their businesses are responsible.

By combining the collective experience of international businesses who deal with data loss and security breaches regularly, it is hoped that organisations will be better equipped to deal with whatever they may face in the future.

Cybercriminals harness cloud techniques for phishing attacks

A sophisticated toolkit that enables the automatic generation of phishing attacks has been built to take advantage of cloud computing in a way not seen before.

The kit not only damages businesses and individuals by stealing private data, but it also pulls information right back to the two hackers who wrote the malicious software, bypassing any hackers who distribute the software, effectively using them as unaware middlemen, who cannot necessarily benefit from the phishing attacks.

The malicious genius of the software is that its creators can sit back and watch the stolen data pour in without having to run their own phishing attacks, as hackers from around the world who have begun sharing the kit, once it was distributed via a notorious forums, will be doing all of the work for them.

Security vendor Imperva says that over 200,000 copies of the software have already been downloaded and although the small phishing sites which take advantage of it will be shut down after harvesting information from a few hundred unsuspecting users, the reach could extend much further.

By basing the power of the phishing kit in cloud computing the hackers have created a data theft network that will be almost impossible to eradicate, because there is no central server controlling the whole show. Instead thousands of individual hackers are all exploiting one another and constantly feeding data to the original creators, according to Imperva’s Amichai Shulman.

Authorities will be able to target individual phishing campaigns based on the new toolkit, but the eradication of a single campaign will not impact upon the dozens of others that are still up and running and so it could be the case that a running battle is fought well into the future, according to Mr Shulman.

Basing a phishing toolkit on the cloud computing model is certainly sensible from the twisted point of view of the hackers and ideally it will continue to generate new campaigns and harvest data for its creators. This could signal the dawn of a new era in the fight for data security.

Rapid reaction to close security vulnerability on Yahoo jobs site

The Chief Technology Officer at security firm Imperva has revealed details about a potential weakness within the Yahoo Jobs website, which could have been exploited by cybercriminals to extract customer information. The Israel-based company discovered the vulnerability after monitoring discussions on a criminal forum and Yahoo was quick to plug the gap before serious data theft occurred.

Imperva’s Amichai Shulman outlined the basics of the issue, stating that in essence the hole could be exploited using a method similar to an SQL injection attack. In this case a technique known as blind SQLi would have been used to access personal details and financial information of thousands of Yahoo Jobs users. Continue reading

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal