ITMG Insider Threat News August 26, 2022

Tangibly Announces $1.3 Million in Funding from Wilson Sonsini and Madrona for Platform to Help Companies Protect their Most Important IP Assets – Trade Secrets

Tangibly, a trade secret management platform, announced today a pre-seed financing of $1.3M with participation from WS Investment Company (Wilson Sonsini’s venture arm), Madrona Venture Group, and a number of seed funds, influential founders and angel investors.

Trade secrets are widely considered the most valuable intangible assets of technology, life sciences and manufacturing companies alike. According to Ocean Tomo, 90% of the S&P 500’s market value is intangible assets, which is up from 17% in 1975. Trade secret laws protect these assets but require companies to proactively follow best practices to enable enforcement.

How to Mitigate Insider Threat Using Internal Controls

CISA defines insider threat, generically speaking, as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.” The CERT Insider Threat Center of Carnegie Mellon University’s Software Engineering Institute (SEI) recognizes – based on an analysis of more than 1,000 cases of insider theft – that the primary forms of malicious insider threats are intellectual property theft, IT sabotage, fraud, and espionage. According to CISA, these can be the product of collusion with outsiders, or they can be posed by third parties. In addition, unintentional insider threats are increasingly relevant. These can be the product of accidental acts or negligence.

Countering Insider Threats and the “Little Hook”

One of the most effective techniques used by intelligence officers to recruit insiders as spies is known as the “little hook.”

As the name suggests, the little hook is a subtle approach that is used after a recruitment target has been identified and as the intelligence officer works to develop a close working relationship with the target during the recruitment process.

Rather than just openly pitching the target for recruitment at once, the little hook involves asking the target for information that is not particularly sensitive or classified.

Home Working Drives 44% Surge in Insider Threats

The security vendor’s 2022 Cost of Insider Threats Global Report was compiled from interviews with over 1000 IT professionals and analysis of more than 6800 incidents across the globe.

It revealed that the cost and frequency of insider incidents are on the rise. Associated costs jumped 34%, from $11.5m in 2020 to $15.4m in 2021, while the overall volume surged by 44% over the period.

The frequency of incidents per company also increased, with 67% of companies experiencing between 21 and more than 40 incidents per year, up from 60% in 2020.

Negligence continues to account for the majority (56%) of insider threats, at the cost of nearly $485,000 per incident.

Organizations Struggle to Fend Off Cloud and Web Attacks

Many organizations are struggling to adequately protect the cloud environments implemented during the pandemic and adapt their comprehensive cybersecurity strategy to evolving threats.

The data comes from a joint research report by the Cloud Security Alliance (CSA) and Proofpoint, which queried more than 950 IT and security professionals at organizations of different sizes and in various locations across the Americas, EMEA and APAC.

Dubbed the “Cloud and Web Attacks” study, the report suggests that while many companies substantially accelerated their digital transformation to adapt to a remote workforce during the pandemic, the speed of the transition presented unintended consequences, mainly due to the large-scale structural changes required.

Rise in Ransomware: Exploring the Driving factors

It is not surprising that the human element was associated with most data breaches in recent years. The Verizon 2022 Data Breach Investigations Report (DBIR) revealed that more than 80% of data breaches resulted from human error, social attacks, misuse or a combination of these.

In short, if you discover that a hacker gained access to your organization’s system, that does not necessarily mean there was a security problem with your company’s network. It could be because people click on malicious URLs or share sensitive information in public places.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading