Connect with us

Industry News

5 Best Practices to Prevent Insider Threats in 2019

George Miller



5 Best Practices to Prevent Insider Threats in 2019
Image Source:
Reading Time: 4 minutes


Data breaches caused by insiders cost enterprises millions of dollars. According to the Ponemon Institute, every year, companies lose up to $8.7 million due to insider threats. To ensure an appropriate level of enterprise data protection, security officers continuously look for ways to improve their current insider threat management solution. With the following insider threat management best practices, you’ll be able to protect your sensitive business information and keep malicious insiders at bay.

1. Consider access controls

It’s essential to keep your critical assets inaccessible for malicious insiders. First and foremost, deploy multi-factor authentication (MFA) for the most valuable systems, applications, and services. Your goal is to make sure that any malicious insider won’t be able to borrow a password from their colleagues and get a hold of the data they aren’t supposed to have access to. Therefore, you need to look for an insider threat management solution with a built-in MFA functionality.

By implementing MFA, you can make sure that the person attempting to enter the protected perimeter are who they claim to be. At the same time, the use of MFA makes it way harder for malicious insiders to access your company’s sensitive information.

It’s also important to have a good password management policy in place. The most basic recommendations include forbidding the use of default and simple passwords and changing passwords upon certain events (say, employee resignation) or after some periods of time (say, every month or every quarter).

2. Limit access whenever possible

Once you managed to make sure that only the right people can get access to your network and critical assets within it, it’s time to think about the access permissions each of your company’s employees has. It’s best to take some technical measures to mitigate insider threats and deploy the so-called least privilege principle when employees only have the exact access level they need to do their job.

But today, more and more companies go even further and deploy a zero trust security model. In a zero trust network, there’s no general protected perimeter that distinguishes trusted insiders from untrusted outsiders. Instead, each critical asset or system is fully protected from both insiders and outsiders, thus mitigating internal and external threats to cyber security.

Such an approach works best for the companies that cooperate actively with third-party vendors and subcontractors. It’s also a great solution for the enterprises with a bring your own device (BYOD) policy in place, allowing their employees to use personal devices for work purposes.

3. Monitor employee activity

User activity monitoring is the basis of many insider threat protection techniques. You need to be able to see what’s going on within your network, in real-time at best. When choosing among the solutions to protect against insider threats in cybersecurity, pick the one that allows to see a particular user session and terminate it if necessary.

Many companies also look towards User and entity behavior analytics (UEBA) as the key to effective threat monitoring and protection against insider threats. Advances in machine learning technologies allow building user profiles that include normal baseline behavior patterns for particular users or roles. Registering activities that deviate from these patterns may help detect malicious insiders and mitigate possible threats at an early stage.

4. Analyze logs and respond to security incidents

Continuous user activity monitoring is meant to give you full visibility across the enterprise network and provide you with detailed data for further analysis. Depending on the user monitoring solution, user activity logs may contain different types of information:

Names of files and applications opened by the user:

  • URLs to the visited websites;
  • Logged keystrokes;
  • Recorded sessions, and more.

The proactive incident response also plays a significant part in building an effective insider threat cyber security program. There’s no point in detecting a malicious action if you’re unable to respond to it properly and, therefore, prevent a data breach from happening.

Look for an insider threat prevention solution that allows you both receiving real-time notifications about the detected security incidents and automating responses to the most common types of incidents. For instance, if the system registers, say, three unsuccessful login attempts, the account a user tried to access will be blocked.

Finally, if you want to be able to analyze all of the logged information on a deeper level, make sure that your insider threat prevention solution supports forensic data export.

5. Pay special attention to third-parties

Remote access control and protection is an essential part of the modern insider threat management program. Today, more and more organizations hire remote employees and grant access to critical corporate resources to third-party vendors and contractors. But, as reported in a 2018 study by the Ponemon Institute, third-party vendors were the cause of nearly 60 percent data breaches.

If granting third-party vendors access to business-critical data, systems, and application is a common practice for your organization, make sure you have an appropriate third-party management solution in place. Leverage all of the above-mentioned tools and practices to protect your corporate data from unauthorized access and use.

If your third-party subcontractors are using a shared account for accessing your corporate network or business applications, it’s preferable to add secondary authorization as an additional protection layer. This way, you’ll be able to clearly associate each session initiated under the shared account with a particular user.

And, finally, make sure that your third-parties are well aware of your organization’s cybersecurity policy and know what cybersecurity rules they must follow.


Insider threats have one of the biggest impacts on enterprise cybersecurity. In order to mitigate the risks related to insider threats, organizations should deploy complex solutions that include monitoring and audit of user activity, granular access and privilege management, and effective incident response.


This article is a contribution from Marcell Gogan.  Marcell is a specialist within digital security solutions, business design and development, virtualization and cloud computing, R&D projects, establishment and management of software research direction – working with Ekran System. He also loves writing about data management and cybersecurity. 


Industry News

GVC Adds Senior Gaming Executives David Satz and Robert Hoskin to its Board

Niji Narayan



GVC Adds Senior Gaming Executives David Satz and Robert Hoskin to its Board
Reading Time: 2 minutes


GVC Holdings PLC has announced the appointment of David Satz and Robert Hoskin to its Board of Directors.

David Satz has joined as an Independent Non-Executive Director on 22 October 2020, and Robert Hoskin will be promoted to the Board as an Executive Director on 1 January 2021 in the role of Chief Governance Officer.

David Satz most recently served as the Senior Vice President of Government Relations and Development for Caesars Entertainment Corporation in Las Vegas, where he worked from 2002 to 2019.

Robert Hoskin has been at GVC since 2005 and will take up the role of Chief Governance Officer, overseeing GVC’s legal, regulatory, governance and social responsibility affairs. He is currently Group Director of Legal, Regulatory and Secretariat.

“I am delighted to be welcoming two such high calibre individuals to our Board. David has unrivalled regulatory and legislative expertise in the all-important US gaming market. His knowledge and insight will be hugely additive in helping us to achieve our ambition of being the leading operator in the US through BetMGM, our fast-growing joint venture with MGM Resorts,” Barry Gibson, Chairman of GVC, said.

“Robert has made an outstanding contribution to GVC in his 15 years at the Group, and his promotion is richly deserved. The fact that regulation, legal and governance are now represented at Board level will give us even greater oversight of these critically important areas, all of which are central to our long-term growth plans,” Barry Gibson added.

“I have long been an admirer of GVC’s diversified business model, industry-leading brands, and unique proprietary technology platform. I look forward to working closely with the Board and the executive management team in order to help support GVC’s impressive growth trajectory, especially in light of the unprecedented opportunity presented by its strong position in the nascent US sports betting market,” David Satz said.

“It has been an absolute pleasure to have witnessed GVC’s extraordinary growth story from an AIM-listed company to the successful and international FTSE 100 business that it is today. I am honoured to be joining what is an outstandingly strong Board and am delighted that the importance of Governance is being recognised in this way,” Robert Hoskin said.

Continue Reading

Industry News

AC Milan Extends its Partnership with StarCasinò.sport

Niji Narayan



AC Milan Extends its Partnership with StarCasinò.sport
Reading Time: < 1 minute


AC Milan football club has extended its partnership with StarCasinò.sport. The sports entertainment platform, part of the Betsson Group, will continue to be an AC Milan Official Partner for the next three years, until the end of the 2023 season.

“The aim of Betsson Group is to create engaging, amazing and safe experiences for all users and, through our brand StarCasinò.sport, we propose an innovative and exciting storytelling of sports. The renewal of the partnership with AC Milan, a top-class Club, is very important for us in terms of broadening our image and it allows us to create high-quality entertainment for the Rossoneri fans as well as for all football fans,” Ronni Hartvig, Chief Commercial Officer of Betsson Group, said.

“We are delighted to announce the renewal of our partnership with StarCasinò.sport. In recent months we jointly created exciting and innovative special content dedicated to our fans and we are both very pleased with the results we have achieved. We want to keep surprising AC Milan’s fans and we are ready to engage them in many new Rossonero initiatives,” Casper Stylsvig, Chief Revenue Officer at AC Milan, said.

Continue Reading

Industry News

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

George Miller



MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability
Reading Time: 3 minutes

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.

The Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.

Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.

Other games created by BigMage Studios are also potentially vulnerable to the same type of attack, which means that there is a possibility that even more users might be at risk.

The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.

Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.

What is SQL Injection?

First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.

Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.

The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.

The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.


How we found this vulnerability

Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.

What’s the impact of the vulnerability?

The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:

By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.

The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.

Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.

What to do if you’ve been affected?

If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks.

However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.

Disclosure and lack of communication from BigMage Studios

Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well.

We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration.

Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue.

Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on, without informing either or CERT Bulgaria about that fact.



Continue Reading

Subscribe to our News via Email

Enter your email address to subscribe to our news and receive notifications of new posts by email.


Notice for AdBlock users

We are constantly showing banners about important news regarding events and product launches. Please turn AdBlock off in order to see these areas.