ITMG Insider Threat News – June 22, 2020

CIA Cyber Weapons Stolen in Historic Breach Due to ‘Woefully Lax Security’, Internal Report Says

The largest theft of data in CIA history happened because a specialized unit within the agency was so focused on building cyber weapons that an employee took advantage of “woefully lax” security and gave secret hacking tools to WikiLeaks, according to an internal report released on Tuesday. The hacking tools stolen in the breach, which occurred in 2016, came from its clandestine Center for Cyber Intelligence (CCI). The amount of data stolen is unknown, the memo said, but could be as much as 34 terabytes of data — the equivalent of 2.2 billion pages of text. The theft was revealed around a year later, in March 2017, when WikiLeaks published what it claimed was the largest trove of CIA documents, dubbed “Vault 7,” detailing some of the agency’s sophisticated cyber weapons, which was first reported by the Washington Post.

How Do You Assess Your Insider Risk Management Program’s Current Capabilities?

By taking the time to assess your insider risk management program, you can identify strengths and weaknesses of your current system and plan out further improvements. Assessments are powerful tools that help organizations see a clearer picture of current capabilities and plan out how to improve those capabilities in the future. Your organization likely conducts reviews for nearly every department, employee, process, and more. Your insider risk management program should be no different, as the safety and the security of your sensitive data depend on the continual improvement of protocols and strategies.

9 Types of Cyber Attacks Organizations Must Prepare For

As an IT security professional, you must be hyper-aware of all the possible types of cyber attacks to your network and your business. This has always been one of the most difficult parts of your job, considering the ingenuity and perseverance of the criminals we must guard against, and how frequently cyber attacks can multiply as our systems (and the technology we rely on) evolve and expand. And now, your security operations processes are further challenged as your workforce shifts to 100% remote. Now is the time to make sure your organization is able to identify and detect the most prevalent, and potentially the most harmful types of cyber threats against your organization today. The following are nine types of cyber attacks every security professional needs to be aware of: Insider threats: Security insider threats occur when someone close to an organization with authorized access misuses that access to compromise your company’s data or critical systems. Insiders do not have to be employees; they can also pose as partners, third-party vendors, and contractors. That’s the most difficult aspect of detecting an insider threat—it begins with humans, not systems.

China Charges Two Canadians with Espionage Following U.S.-Huawei Spat

The two were arrested soon after Canada detained Meng Wanzhou, the telecom giant’s chief financial officer, on a U.S. extradition warrant. China charged two Canadians with espionage on Friday in a case widely seen as retaliation for the 2018 arrest in Vancouver of a senior executive of the Chinese telecommunications giant Huawei. Former diplomat Michael Kovrig and businessman Michael Spavor were arrested in late 2018, soon after Canadian authorities detained Meng Wanzhou, Huawei’s chief financial officer and daughter of the company’s founder, on a U.S. extradition warrant. The charges Friday represent the next step in judicial proceedings against the pair and mean a formal trial can begin. Canada has called the arrests “arbitrary.”

How to Minimize the Risk of Insider Threats (Physical and Cyber) During COVID-19

Many businesses have severely reduced their operations or shut down completely during the COVID-19 global pandemic. Rather than the number of business risks being reduced through lower operations, in many instances risks have been magnified. Idle or under-utilized sites can be under-guarded and can be soft targets for several different forms of attack. The main types of threats can largely be broken down into physical and cybersecurity threats. Security leaders are advised to pay attention to the following threats.

Back to School: Tackling the Insider Cyberthreat with Education

How businesses can best manage the insider cybersecurity threat at a time when remote working and altered workplaces are driving greater risk. Today’s reliance on information technology presents a single point of failure and is as much an existential threat to business survival as it is an opportunity for growth. Considering Covid-19 and the ‘new normal’, businesses and employees are navigating uncharted waters with the sudden shift to remote working, furloughing of staff and changing work patterns. The complicated process is further agitated as criminals exploit heightened levels of both technical and personal vulnerability.

Help Desk: Detecting and Managing Employee Fraud in a New Virtual Work Environment

The Covid-19 pandemic has ushered in a new era for virtual workforces that presents added challenges and opportunities on the horizon. In addition to providing more flexibility and potentially enhanced productivity, there are also now opportunities for employees to commit fraud — whether intentionally or not. From time stealing to cutting fake checks using digital signatures, the Covid-19 pandemic is creating the potential for less corporate oversight and controls, along with employees potentially dealing with the loss of income from a spouse or partner. This creates an ideal environment for fraud.

As the Intelligence Community Returns to Work, Employees Confront New Anxieties

More federal employees and contractors in the intelligence community have been gradually returning to their office spaces in the past two weeks. But for IC leadership, “reopening” isn’t only about rearranging office spaces and cobbling together cleaning supplies and hand sanitizer, it’s also about easing the concerns of their employees and contractors who are uneasy or nervous to return to the physical workplace. “They’ve been home for so long, and they’re trying to come back to an environment that they hadn’t been in for almost three months now,” John McDermott, an emergency management specialist at the State Department’s Bureau of Intelligence and Research (INR), said Tuesday during a webinar organized by the Intelligence and National Security Alliance. State began bringing employees back to the office on Monday. Weeks before, INR surveyed its employees to hear more about their concerns, child care needs and other challenges during the pandemic.

Taking a People-Centric Approach to Federal Cybersecurity

Humans have become the weakest link in the cybersecurity chain. So, federal agencies must adopt human-centric cybersecurity strategies to successfully anticipate the growing number of threats that now focus on the end user, according to research from Proofpoint. In a new white paper, Proofpoint Resident CISO Bruce Brody highlights new research that shows that more than 99% of cyberattacks are human-activated, meaning “they need a human being to activate the attack by opening a file, clicking a link or being tricked into taking some other type of action.”

Misconfigurations That Can Silently Threaten Your Network: Here Are 6 Tips to Discover and Recover From Them

In our rush towards a remote workforce, security had to make sudden and risky decisions in a” new normal.” We reconfigured security controls, made temporary policy exemptions, and shipped equipment to employee’s homes. At the same time, our SecOps teams work remotely, limiting visibility into the systems that may be compromised. Further, working remotely often results in a lack of access to reporting, alarms, and dashboards. Working blind is a nightmare for security pros. Data tells us that one of our biggest threats is due to misconfigurations, lax policies, and simple errors. The 2020 Verizon Data Breach Investigations Report (DBiR) confirms this and shows dramatic growth of misconfigurations of security equipment leading to data breaches.

Innocent Insider Threats: Defending Against Human Error

Insider threats are notoriously hard to detect. Keeping malicious attackers out is challenging enough, defending against those already on the inside is a different proposition entirely. An insider threat does not need to bypass as many defences, it may raise no suspicion and it can often go undetected. In fact, it takes an average of 77 days to spot and contain an insider incident. All forms of insider threats are on the increase. Last year, insiders cost organisations $11.45m, up 31% on 2018.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading