Day: October 18, 2024

DUBAI, UAE, Oct. 18, 2024 (GLOBE NEWSWIRE) — In today’s interconnected digital world, organizations face a multitude of cybersecurity challenges, with insider threats posing a significant risk. These threats, whether malicious or unintentional, pose a significant risk to organizations of all sizes and industries.

The Evolving Nature of Insider Threats

Traditionally, insider threats were often disgruntled employees or those motivated by personal gain. However, the landscape has shifted. State-sponsored actors, and sophisticated hacking groups are now actively planting threat actors inside of target organizations. This new breed of insider threat is patient, highly skilled, and often backed by substantial resources.

Recently, KnowBe4 inadvertently hired a North Korean threat actor who attempted to infiltrate the organization by posing as a software engineer. Thanks to our strong security protocols and the vigilance of the InfoSec team, they were exposed within 25 minutes of showing suspicious activities during onboarding, preventing any unauthorized access to systems.

Incidents like these underscore a well-known and widespread tactic employed by North Korean threat actors. This was confirmed later when we shared the collected data with the FBI and cybersecurity experts at Mandiant. It’s a reminder that in cybersecurity, information sharing is crucial.

Other recent incidents across various industries have also highlighted this growing trend. Organizations have found themselves unknowingly hiring individuals with malicious intent. These threat actors often pose as legitimate job seekers, using stolen or fabricated identities, and leveraging advanced technologies like AI to create convincing personas.

The Modern Insider Threat

Today’s insider threats are mostly characterized by:

• Sophisticated Identity Theft: Using stolen identities complete with verifiable background information.
• Advanced Technology: Employing AI-generated images and deep fake technology to bypass visual verifications.
• Social Engineering: Expertly navigating interview processes and social interactions within the organization.
• Technical Skills: Possessing genuine skills to perform job functions while covertly pursuing malicious objectives.
• Patience and Persistence: Willing to invest significant time to gain trust and access within an organization.

The Stakes Are Higher Than Ever

The potential damage from insider threats extends far beyond data breaches or financial losses. These threat actors can:

• Exfiltrate sensitive data
• Sabotage critical infrastructure
• Manipulate financial systems
• Compromise national security
• Damage brand reputation and erode customer trust

Mitigating Insider Threats

To combat this evolving threat, organizations must adopt a multi-faceted approach:

• Enhanced Vetting Processes: Implement rigorous background checks, including cross-referencing multiple sources.
• Continuous Monitoring: Employ advanced behavioral analytics and anomaly detection systems.
• Zero Trust Mindset: Adopt a “never trust, always verify” approach to access control.
• Security Awareness Training: Educate all employees about the signs of insider threats and reporting suspicious behavior.
• Regular Security Audits: Conduct frequent assessments of access privileges and system vulnerabilities.
• Incident Response Planning: Develop and regularly test plans for quickly containing potential insider threats.
• Cross-Departmental Collaboration: Foster close cooperation between HR, IT, and security teams to create a unified defense.

The Path Forward

As insider threats evolve, organizations must adopt a holistic strategy combining technology with human vigilance. Building a culture of security awareness is crucial, empowering employees to act as human firewalls. Information sharing within industries and with law enforcement is vital, as collaboration is key to combating these sophisticated threats.

Conclusion

The fight against insider threats is an ongoing process of adaptation, learning, and vigilance. In this new era of cybersecurity, our greatest assets are our people, our processes, and our willingness to evolve. By harnessing these strengths, we can create resilient organizations capable of withstanding the threats that lie within.

To learn more about how you can protect your organization, read the KnowBe4 whitepaper on the topic here.

By Dr. Martin J. Kraemer, Cybersecurity Awareness Advocate at KnowBe4

Kathy Wattman
KnowBe4
7274749950
kathyw@knowbe4.com

GlobeNewswire Distribution ID 9258231

Recognized for Completeness of Vision and Ability to Execute

BOSTON, Oct. 17, 2024 (GLOBE NEWSWIRE) — Duck Creek Technologies, a leading and innovative provider of solutions in the SaaS P&C insurance core platforms market, today announced Duck Creek Technologies has been positioned by Gartner as a Leader in the 2024 Gartner® “Magic Quadrant for SaaS P&C Core Platforms, North America”. The evaluation was based on specific criteria that analyzed the company’s overall Completeness of Vision and Ability to Execute.

Magic Quadrant reports are a culmination of rigorous, fact-based research in specific markets, providing a wide-angle view of the relative positions of providers in markets where growth is high, and provider differentiation is distinct. Providers are positioned into four quadrants: Leaders, Challengers, Visionaries and Niche Players. The research enables you to get the most from market analysis in alignment with your unique business and technology needs.

“Our low-code, configurable SaaS platform helps insurance carriers stand out in today’s competitive market. We continue to enhance our platform through AI, machine learning and by bringing new solutions to carriers, including Payments Facilitator, to grow their business with speed, efficiency and an excellent customer experience,” said Michael Jackowski, CEO of Duck Creek Technologies. “We are proud to be recognized again this year by Gartner as a Leader in the P&C insurance technology space. As we look ahead, we will continue to enrich our platform by providing more for carriers to stay ahead of their competition including eliminating upgrades through Active Delivery and increasing efficiency and scalability with multi-tenancy.”

View a complimentary copy of the Magic Quadrant report to learn more about Duck Creek’s strengths and cautions, among other provider offerings, here

Source: Gartner Reports: Gartner, Magic Quadrant for SaaS P&C Insurance Core Platforms, North America, Sham Gill, James Ingham October 2024

Gartner Disclaimer:
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.

About Duck Creek Technologies

Duck Creek Technologies is the intelligent solutions provider defining the future of the property and casualty (P&C) and general insurance industry. We are the platform upon which modern insurance systems are built, enabling the industry to capitalize on the power of the cloud to run agile, intelligent, and evergreen operations. Authenticity, purpose, and transparency are core to Duck Creek, and we believe insurance should be there for individuals and businesses when, where, and how they need it most. Our market-leading solutions are available on a standalone basis or as a full suite, and all are available via Duck Creek OnDemand. Visit www.duckcreek.com to learn more. Follow Duck Creek on our social channels for the latest information – LinkedIn and X.

Media Contacts:
Tara Stred/Marianne Dempsey
Duckcreek@threeringsinc.com

 

GlobeNewswire Distribution ID 9258084