VMblog: September is National Insider Threat Awareness Month – Experts Weigh In
On September 6, NetSPI Managing Director Nabil Hannan was featured in VMblog’s article on September is National Insider Threat Awareness Month – Experts Weigh In. Read the preview below or view it online.
+++
September marks National Insider Threat Awareness Month, a time dedicated to emphasize the importance of detecting, deterring and reporting insider threats. This began as a collaborative effort by U.S. government agencies, three years ago and has now grown to both the public and private sector.
In honor of the month, industry experts have shared their thoughts on different strategies organizations can use to protect themselves from these threats.
Nabil Hannan, Managing Director, NetSPI
“To account for internal threats there must be a mindset shift in what constitutes an organization’s threat landscape. Most companies focus exclusively on external threats and view their own people as trustworthy. As a result, insider threats are often under addressed cybersecurity threats within organizations. We learned with SolarWinds that detecting such a threat is vastly different from traditional pen testing, code review or other vulnerability detection techniques. Security teams need to move from only looking for vulnerabilities to also looking for suspicious or malicious code. With a vulnerability, the threat actor interacts with the attack surface in a way that exploits a weakness. With malicious code, the threat actor is either choosing or creating the attack surface and functionality because they have control over the system internally. So, instead of the threat actor exploiting vulnerabilities in the attack surface, now the threat actor creates the attack surface and exercises the functionality that they implement. Failing to implement threat modeling that studies potential threats to both vulnerabilities and malicious code can set your organization up with a false sense of security.”
You can read the full article at VMblog!
Explore More News
Proof Over Promises: A New Doctrine for Cybersecurity
As cyberattacks grow in frequency and sophistication, traditional assurances like contracts and certifications are no longer sufficient. Instead, vendors must actively demonstrate their security resilience through measurable and continuous validation, such as penetration testing. This proactive approach not only strengthens vendor-customer relationships but also mitigates risks in an increasingly interconnected and vulnerable digital landscape.
The Age of Promises is Over, Vendors Must Now Lead with Evidence-Based Assurances
In today’s evolving cyber threat landscape, traditional vendor assurances like contracts and periodic audits are no longer sufficient. Sam Kirkman emphasizes the need for vendors to shift from trust-based compliance to evidence-based security, where measurable and continuous validation replaces outdated promises.
NetSPI Redefines Pentesting with New User Experience
NetSPI, the global leader in modern penetration testing, today announced a new, modern user experience for the NetSPI platform, reimagining what penetration testing should feel like for today’s enterprise: focused, fast, and easy.