20 Must-Read Insider Threat Blogs for 2020

CISOs and their teams have to be on their toes all the time. Businesses continuously acquire and store more data, documents, code, and IP. All of which is accessed and used by a variety of insiders - employees, consultants, partners, customers. And so, the threat of information breaches always looms large over security teams.

Some of the world’s biggest brands have fallen prey to insider breaches. McKinsey estimates that more than 50%1 of all data breaches involve an insider. 34% of data breaches in the 2019 Verizon Data Breach Investigations Report2 involved internal actors. Additionally, with the ongoing COVID-19 pandemic insiders now use their own networks and devices, making these threats even more imminent.

We’ve collated a list of 20 great blogs on insider threats for you to skim through. 

PRO TIP: Bookmark your favorite blogs on your browser so you can read them on an ongoing basis (if you use Chrome, Command + D willl do the trick).

1. ObserveIT

This is a treasure trove. Their latest report with Ponemon Institute has many interesting metrics. Did you know, the average annual cost of insider threats is $11.45m! Also, it takes 77 days on average time to contain an insider incident. Check out the 2020 Cost of Insider Threats Global Report to learn more.


5 Strategies to Better Secure the Work-from-Home Enterprise

Whether you are a work-from-home enterprise or are now compelled to work from home thanks to the pandemic, data  security is essential. COVID-19 has led to growth in insider threats; ObserveIT brings 5 strategies to counter the menace.


2. The Security Ledger

The security news website talks about the impact of security issues on business, commerce, politics and everyday life.


How Scammers Weaponize COVID Anxiety

Bolster AI reports a 200% increase in phishing attacks compared with the same period last year. It has also noted a flood of COVID-19 themed scams in just one month. 

3. Krebs on Security

Untitled design (20)

Tech talk simplified! If you’re looking for an informative yet easy read, with little number crunching, Brian Krebs has it all under one roof.


COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Information security professionals have come together, battling cyber-criminals who are looking to capitalize on the panic caused by the COVID-19 pandemic. The world has seen a massive rise in attacks against healthcare systems and officials, leading to a rising urgency for protection. However, will the unity survive this pandemic?

4. FireEye Threat Research 

Fire Eye delivers great content across the board in terms of security. Their blogs keep you on top of the latest news and trends in insider as well as outsider threats.


Security Best Practices for Collaboration Platforms

Utilizing collaborative platforms puts at risk individual privacy and an organization’s security. The blog post offers handy tips to manage the complexities of meeting security & privacy, along with a checklist for securing collaborative platforms.

5. Graham Cluley’s Blog

Industry-leader Graham Cluley is responsible for having written the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He has been an independent blogger since 2013.


How to Host Safer Zoom Meetings 

grahamcluley - our pick

If you’ve experienced ‘zoombombing’, you’ll know what we’re talking about. The newly-coined word refers to the gate-crashing of meetings with racist, obscene or violent material being shared. This article discusses how you can work safely while working remotely. 

6. ThreatPost 

A reliable treasure-trove, ThreatPost is an award-winning, independent news site, referenced as an authoritative source of information security by leading news outlets like The New York Times, Wall Street Journal, and USA Today.


2020 Cybersecurity Trends to Watch 

‘Mobile will become a primary phishing vector for credential attacks in 2020’, says the article. Hackers are most likely to employ machine learning to attack vulnerable insiders using their mobile devices. Scary thought, right?

7. ARKReading

It gets your attention by its name before drawing you into a realm of insights from a vast and trusted community of security professionals, including thought-leaders and tech experts.


Time for Insider-Threat Programs to Grow Up

Sketchy planning and weak implementation of an insider threat program may leave your employees feeling stifled while making the management come across as suspicious. Though 86% of organizations are creating insider threat programs, only one-third believe they’re cohesive. 


8. The Lookout Blog 

Lookout caters to a three clearly-called out audience: security executives, researchers, and individuals. Even if you're not a CISO, we'd strongly recommend checking out the articles in the executive blog.


The Next Normal is Emerging

Another very relevant article on the current times. It also includes some alarming trends e.g. the threat vector on employees' personal mobile devices is as much as three times higher than company provided laptops. 

9. TaoSecurity 

Richard Bejtlich has been blogging on digital security since as early as January 2003, on topics such as digital security and military history.


The Origin of Threat Hunting

Want to counter targeted attacks from the inside-out? You’ll need to actively hunt, detect and deal with intruders. Where did the term first originate? Read on to learn!

10. DATA INCIDER - Digital Guardian's Blog 

The Digital Guardian blog offers a wide variety of  news and best practices beyond the realm of DLP.


Now That the SHIELD Act is in Effect, Does Your Company Comply?

The SHIELD Act came into effect on 21 March 2020 in the NY state. It previously improved data breach notification requirements and has now been modified further. The article lists everything you need to know about the Act.

11. Forrester  

Forrester is one of the most influential analyst firms in the world. They offer a plethora of information and detailed articles in the security space. Did you know, there exists a National Awareness Month for insider threat?


Insider Threat Gets its Own National Awareness Month

Forrester says, of the insider threat cases reported in 2018, more than 50% were malicious. Keeping this in mind, 2019 became the first year when ‘insider threat’ was acknowledged as an essential aspect. In turn, the US National Counterintelligence & Security Centre declared that September will be the National Insider Threat Awareness Month.

12. Carnegie Mellon University 

Carnegie Mellon, the reputed and respectable private research university, features among the world’s leading names. An insightful and descriptive section dedicated to insider threat reveals a world of information you may not have known before.


5 Best Practices to Prevent Insider Threat 

Prevention is undoubtedly better than cure, particularly with regards to insider threats. Randy Trzeciak, Director of the CERT National Insider Threat Center (NITC) - the man himself! - takes us through 5 best practices to keep insider threats at bay. From knowing your critical assets to training your employees, you’ve got it all.

13. TechJury 

The TechJury team comprises a set of software experts whose focus is on helping software companies improve their offerings as well as helping end users select the best product for their needs. Their reviews are thorough, precise and honest.


50 Data Breach Statistics to Help You Run a Safer Enterprise in 2020

Did you know, the most notable compromised social media platform in 2018 was Facebook? TechJury lets numbers do the talking, by taking you through a list of mind-numbing statistics to help you figure out how to run a secure venture in 2020.

14. LiquidMatrix

Run by Dave Lewis since 1998, LiquidMatrix is an information technology blog run by Dave Lewis since 1998. He has worked in the financial, military, government, critical infrastructure and health care verticals.


USB Drives Pose Insider Threat 

liquidmatrix - our pick

Who would’ve suspected the humble and handy USB drive? Way back in 2005, 37% of businesses blamed USB drives for contributing to the disclosure of company information. The survey was conducted by the Yankee Group. Surprisingly though, even today in 2020 many companies don't harden their end points by cutting off access to flash drives.

15. CSO Online 

Security decision-makers and users hit the jackpot with CSO Online's blog posts, news articles, facts and stats. Explore content that taps into various security disciplines from risk management to network defense and data loss prevention.


The 15 Biggest Data Breaches of the 21st Century

Have the heart to learn all about some of the biggest, most shocking data breach incidents involving Adobe, LinkedIn, Dubsmash, Yahoo and eBay? CSO Online has prepared a list of 15, based on ‘the number of people whose data was compromised’.

16. Security Magazine 

security magzine

Whether you’re a CISO or you run a smaller organization,  data  security remains at risk and protecting it is your job. The Security Magazine brings a world of important information to your fingertips so you’re always on top of your game.


The Value of Whistleblowing and Hotline Reporting

Despite the negative connotations, whistleblowing is now being looked at from a positive angle - meaning, it is essential to create an environment that encourages employees to report problems internally. This will prevent them from feeling suppressed which may otherwise lead to data theft and external leakages.

17. Trail of Bits 

The blog has been catering to technical security professionals since 2012. They offer solutions that address real-world technical challenges.


How Safe Browsing Fails to Protect User Privacy

How does safe browsing protocol work? Why is ‘safe browsing’ incapable of protecting your privacy? The blog answers all your pertinent questions and then some.

18. Naked Security 

An award-winning threat news room, Naked Security brings you news, opinion, advice and research on computer security issues and the latest internet threats.


Data of 10.6m MGM Hotel Guests Posted For Sale on Dark Web Forum

naked security

The month of February saw the leaked data of 10.6 million (10,683,188 to be precise) MGM Resorts guests being posted for sale on the Dark Web. The Las Vegas hotel says that despite personal information being leaked, no payment information was found to be compromised.

19. Infosec Institute 

Want to put cyber criminals out of business? Do it with Infosec - a technology training company that builds confidence in and raises awareness among security professionals.


How to Avoid Becoming a Victim of the Next Global Cyber Attack

What you must understand is that even a 100% vigilance on your part may not be enough; there’s always a possibility of a threat going undetected. Infosec gives you a download on what you need to do, besides exercising a fair amount of skepticism, to avert an impending attack.

20. The Dasera Blog 

We would not be doing justice to this list if we did not call out the true and fair effort being made by the Dasera team to bring insider threats and risks to the fore.


'Inside Scoop' Infographic: Three Unique Insider Breaches Explained

This infographic tells the story of three very unique insider breaches and how they happened. It also asks questions all of us in the security world need to be asking ourselves, our teams, and our companies.

------------ And that's a wrap!

Hope you enjoyed this list of 20 great bogs that we curated for you. Take some time to go through them and don't forget to bookmark your favorites so you can keep coming back to them.


[Source 1: https://www.observeit.com/about-us/  

Source 2: https://www.varonis.com/blog/insider-threats/ ]


Thi Thumasathit