ITMG Insider Threat News – June 17, 2022

Espionage, Profiling and Economic Control Mark Chinese Commercial Companies

A two-year crackdown on Chinese entities by enforcement agencies have revealed a web of companies and individuals indulging in espionage, profiling of high value idividuals, large-scale tax evasion and exfiltration of bulk data that point to Beijing’s growing hunger for data and secrets.

Trade Secrets: Cultural Sensitivities and Coke Cans

The article makes the startling point that “about 80% of economic espionage prosecutions brought by the US Department of Justice allege conduct that would benefit the Chinese state.” The article goes on to say that a 2017 estimate put the cost of stolen trade secrets, pirated software and counterfeiting by Chinese organizations at between USD225 and USD600-billion per year.

Phishing Hits All-Time High in Q1 2022

The industry, law enforcement and government coalition’s new Phishing Activity Trends Report also revealed that March was the worst month on record for phishing, with 384,291 attacks detected.

The financial sector was the worst hit, accounting for 24% of all detected attacks, although webmail and SaaS providers were also popular targets.

#RSAC: Putting Humans at the Center of Incident Response

Opening up, Brian Reed, sr. director, strategy at Proofpoint, observed that “a lot of the time we get caught up looking at technology, but it’s people at the end of the day who matter.”

He highlighted the NIST 800-61 incident response framework, which sets out what security teams must do before, during and after an incident. This framework can be used to help build an incident response program “in a people-centric way,” said Reed.

Smishing and Vishing Attempts Surged in 2021

SMS phishing (smishing) attacks more than doubled year-on-year in 2021 as cyber-criminals looked to exploit human error to compromise devices, according to Proofpoint.

The security vendor’s latest annual Human Factor report is based on an analysis of over 2.6 billion email messages, 49 billion URLs, 1.9 billion attachments, 28 million cloud accounts, 1.7 billion mobile messages and many other data points.

Social Care Organizations Get Cybersecurity Boost

Developed in partnership with Digital Social Care, the assets are part of the NHS “Keep IT Confidential” campaign and cover key areas such as phishing, password management, secure data sharing, data protection best practices and the risk of unlocked phone screens.

Improving the cybersecurity of the sector is of acute importance. In the UK, it’s largely run by small and medium-sized enterprises (SMEs) with limited IT resources. However, as part of the healthcare sector, it’s among those most likely to hold personal data on customers, making it a potentially attractive target for cyber-criminals.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading