ITMG Insider Threat News – August 23, 2021

FBI warns Big Tech that Chinese or Russian employees could be coerced into SPYING by enemies putting pressure on their families

The FBI has warned tech firms that employees with ties to China and Russia may be spying on them – and says insiders are often coerced into stealing secrets against their will.

The agent said in one case he worked on, Chinese government agents threatened to deny an employee’s mother dialysis back in China if he didn’t steal proprietary information from a large technology company.

The Insider Threat That Too Many Companies Ignore

Evolving privacy regulations, devastating cyberattacks and the rapid shift to work-from-anywhere (WFA) business models have created a perfect storm of security concerns. WFA has been particularly challenging, as seemingly overnight, companies needed to ensure secure connectivity for employees working from home using unsecured devices. And now that many of us are returning to the office, companies are entering a new era of hybrid workforces, in which employees will regularly access applications from inside and outside the company firewalls.

Why Ransomware Protection Should Start with User Awareness

Ransomware is now the biggest threat to UK businesses, according to the National Cyber Security Centre (NCSC). Throughout the pandemic, breaches have soared as threat actors targeted distracted home workers and insecure devices and networks. For many smaller businesses, a serious ransomware attack could represent an existential threat. In this context, security operations (SecOps) teams have plenty to keep them busy. But while monitoring for ever-changing tactics, techniques and procedures (TTPs), they must also remember the one constant in many attacks: human error.

T-Mobile Suffered a Massive Data Breach. Its Response is the 1 Thing No Company Should Ever Do

The information belongs mostly to individuals who applied for accounts with T-Mobile and provided the information for the purposes of a credit check. That means that even people who aren’t actually customers are likely affected if they ever tried to open an account.

The company’s response has been, well, disappointing. For example, I’m a T-Mobile customer, and I’ve yet to receive a single communication from the company about the breach. Does that mean my information is safe? It’s hard to know.

Your Money: Underreported data breach may have exposed the private health information of 750K people

We hear about data breaches all the time, but it’s more troublesome when it includes protected health information, also known as PHI to those in the medical industry. On top of having a social security number compromised, a thief could also learn and expose your diagnosis — something that a hospital or its contractor should legally protect under HIPAA, the Health Insurance Portability and Accountability Act.

Med-Data is a health care provider that houses and stores private medical information and as a third party for hospitals, runs billing and accounting for those providers. The class-action lawsuit was filed in Jackson County, Missouri, and served to a registered agent in St. Louis.

Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come?

Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps.

A confidential memo from inside Amazon explained that customer service credential abuse and data theft was on the rise, according to Motherboard which reviewed the document. Keystroke monitoring would be a way for the company to verify the identity of who was accessing data.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading