ITMG Insider Threat News – December 7, 2020

itmgnews120720

Energy Espionage is Threatening the Renewable Boom

At the height of the shale boom, the Eagle Ford was a spy den on the level of Beirut.  Industrial espionage was in full swing, with foreign governments and foreign companies dying to get their hands on American fracking trade secrets.  The Chinese consulate in Houston was likely the epicenter of Beijing’s fracking espionage efforts. Consulates always are. That’s how it works. This is nothing new, and no one should be surprised. But more recently, a new report out of Norway sheds light on how oil and gas spies have trained their sights on a country widely regarded as one of the greenest on the planet. The fracking trade secrets have all largely been uncovered at this point. Now, it’s time to move on to … greener pastures.  The Norwegian counterintelligence service PST has sounded the alarm over industrial espionage by Russia, China, and other countries looking to glean secrets from Norway’s petroleum industry. But it’s also warned that the country’s renewable energy sector could soon become the target of cyberattacks by foreign spies.

Insider Threat Mitigation: The Role of AI and ML

It needs no telling how damaging insider threats can be. Amongst its numerous impacts, the most significant involve the loss of critical data and operational disruption, according to statistics from the Bitglass 2020 Insider Threat Report. Insider threats can also damage a company’s reputation and make it lose its competitive edge. Insider threat mitigation is difficult because the actors are trusted agents, who often have legitimate access to company data. As most legacy tools have failed us, many cybersecurity experts agree that it is time to move on. Artificial Intelligence and Machine Learning are the most promising technologies in the coming years of cybersecurity. What roles do they play in addressing insider threats?

2021: The Year Dark Data Turns Light

2021 will be the year companies begin to shed light on and harness the power of their dark, unstructured data. Notably, over 80% of companies’ data is considered “dark,” or unused and unanalyzed. The majority of which is unstructured, meaning it is information created by humans, for humans: emails, file shares, messages, etc. Despite the mass number of insights hidden in dark data, few organizations have had the capacity or knowledge to properly leverage this information for decision making. However, the efforts required to adopt solutions to govern unstructured data are well worth it, as the benefits of analyzing this information range from increasing efficiency to mitigating risks of insider threats.

Hackers will tailor attacks to target specific verticals – in particular, critical infrastructure, pharma and healthcare, industrial IoT, and education.

Thread hijacking, unintentional insider threats, and human-operated ransomware – are set to increase in the next 12 months. Hackers will tailor attacks to target critical infrastructure, pharma and healthcare, industrial IoT, and education  Covid-19 not only upended lives but enacted a paradigm shift in how businesses and employees work. Undeniably, this rapid shift brings a host of security challenges for companies. Most cybersecurity predictions for 2021 show the ripple effect of the pandemic is likely to continue. According to HP’s 2021 predictions security threats such as human-operated ransomware, thread hijacking, unintentional insider threats, business email compromise, and whaling attacks – are set to increase in the next 12 months.

AMA Warns of Telehealth Cyber Risks, Insider Threats Tied to COVID-19

AMA sheds light on strained security resources, cyber risks, and the expanded threat landscape in the healthcare sector brought on by COVID-19, including insider threats and telehealth flaws. Hospitals, health systems, and other providers should reassess their security posture in light of the COVID-19 pandemic, which has increased the number of cyber risks within the sector, such as telehealth flaws, insider threats, and the rise of targeted cyberattacks, according to the American Medical Association. AMA released insights on the technology considerations these healthcare organizations should consider as the year draws to a close. Laura Hoffman, AMA assistant director of federal affairs, recently shed light on some of the biggest issues facing the sector during an AMA update on COVID-19. As noted by a range of federal agencies and security researchers, the pandemic has burdened provider organizations, not only with patient care, but with the number of targeted cyberattacks and the expanded threat landscape brought on by telehealth and remote work.

Cyber-espionage campaign opens backdoor to steal documents from infected PCs

Researchers at security company ESET detail Crutch, a malware backdoor implanted onto the systems of a European foreign ministry by the Kremlin-linked Turla hacking group. Dubbed Crutch by its developers, this malware campaign has been active from 2015 through to 2020 and researchers have linked it to the Turla hacking group, due to similarities with previously uncovered Turla campaigns such as Gazer. The working hours of the group also coincide with UTC+3, the timezone that Moscow sits in. The UK’s National Cyber Security Centre (NCSC) is among those organisations that has attributed Turla – also known as Waterbug and Venomous Bear – to Russia.

Loyal Employee … or Cybercriminal Accomplice?

Can the bad guys’ insider recruitment methods be reverse-engineered to reveal potential insider threats? Let’s take a look. While most employees don’t join their companies with the intent to do harm, some end up doing exactly that. Whether from discontent, activism, malintent, or mere opportunity, employees who go bad create significant harm to their employers. Cybercriminals are good at finding such people to serve as their accomplices, so the question becomes: Why aren’t employers good at that, too? Keep in mind that it’s not just employees who populate the field of insider threats. This threatscape “extends to partners, contractors, and related third parties that are integrated with the organization and quickly becomes a difficult problem to solve,” says Greg Foss, senior cybersecurity strategist at VMware Carbon Black.

Insiders pose greater threat to cybersecurity in remote workforces

With many companies turning to large-scale remote workforces for the foreseeable future, employers have less oversight into how employees are using their time on a day-to-day basis. As a result, company insiders — such as employees, contractors, vendors, and suppliers — pose a greater threat to cybersecurity than in the pre-pandemic workplace. In recent years, companies have seen a rise in security incidents caused by insiders, whether malicious or accidental. That threat may increase further in remote work environments where employers have reduced visibility over their employees’ online activity and the information they are accessing.

Insider Threats: Risk Assessment Considerations for Remote Work

The outbreak of COVID-19 has led many businesses to transition a large number of employees to remote work. The shift could end up becoming a long-term trend; it’s expected to continue after the pandemic ends. Therefore, it is more important than ever to develop strategies for managing and responding to risks within your organization. Internal risk management procedures will need to adapt to the issue of insider threats, a challenge which is compounded by remote work.

Top 16 Tips for Preventing Insider Data Theft

The damage that trusted insiders can cause is extraordinary. According to the 2020 Ponemon Institute Cost of Insider Threats report the average cost per insider incident was a staggering $11.5 million in 2020. Follow these tips to protect your company’s sensitive data against theft, misuse, and loss from malicious and negligent insider threats.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading