ITMG Insider Threat News – April 26, 2022

How to Stop New Employees from Becoming Insider Threats

A recent Forrester Research study commissioned by Imperva, “Insider Threats Drive Data Protection Improvements: Threat Detection, Analytics, and Staffing Lead Investment Priorities” revealed that in 2022, nearly half of all organizations are looking to automate this process and want to improve overall threat detection and prevention.

Almost two-thirds of businesses train employees to follow data loss prevention (DLP) policies, but less than one-third have an insider risk management policy. The study suggests this may be due to companies tending to check-box compliance rather than creating and implementing genuine and practical policies that identify real data security gaps – an approach IT security teams cannot afford to take in today’s dynamic security landscape.

Managing Risk of Insider Threats in Healthcare Cybersecurity

HHS’ Health Sector Cybersecurity Coordination Center (HC3) issued a brief outlining risk factors and mitigation tactics for managing insider threats in healthcare cybersecurity. From malicious insiders to careless workers and third parties, insiders with access to sensitive information could use that information to impact the organization negatively.

Specifically, HC3 defined an insider threat as “a person within a healthcare organization, or a contractor, who has access to assets or inside information concerning the organization’s security practices, data, and computer systems.”

Why Striking the Balance Between Insider Risk and Privacy is More Important Than Ever

While this is dominating the current headlines, the reality is that hybrid and “work from anywhere” are here to stay. Employees are now working on devices outside the network, so traditional security efforts to monitor and protect against insider risks are losing visibility and no longer as effective. This creates a struggle for organizations to balance the heightened risk of insider threats with employee privacy. Unfortunately, we’ve seen an increase in the use of invasive employee monitoring technologies that give organizations visibility into insider threats at the expense of privacy.

FBI Chief says Espionage Threat Posed by China ‘Unprecedented in History’

FBI Director Christopher Wray said on Sunday that the current scale of espionage and cybersecurity threats from China were “unprecedented in history.”

“They have stolen more of Americans’ personal and corporate data than every nation combined,” he also said, adding that China’s targets span nearly every sector of the economy.

5 Tips to Protect your Company’s Trade Secrets

A trade secret includes any business information “which is secret and of value.” This includes customer lists and contact information as well as financial and pricing information. But this information has to be secret — the identity of your customers isn’t a trade secret if you make it public. The more valuable your information is to you (and your competitors) and the more effort you take to keep it secret, the more likely it will be considered a trade secret.

Mandiant M-Trends 2022 Report Provides Inside Look at the Evolving Global Cyber Threat Landscape Directly from the Frontlines

According to the M-Trends 2022 Report, the global median dwell time––which is calculated as the median number of days an attacker is present in a target’s environment before being detected––decreased from 24 days in 2020 to 21 days in 2021. Digging deeper, the report notes that the APAC region saw the biggest decline in median dwell time, dropping to just 21 days in 2021 compared to 76 days in 2020. Median dwell time also fell in Europe and Middle East (EMEA), down to 48 days in 2021 compared to 66 days the year before. In the Americas, median dwell time stayed steady at 17 days.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading