ITMG Insider Threat News – June 29, 2022

MITRE’s Inside-R Protect Goes Deep into the Behavior Side of Insider Threats

Insider threat and risk management programs are the Achilles heel of every corporate and information security program, as many a CISO can attest to. The MITRE Inside-R Protect program is the organization’s latest initiative to assist both public and private sector efforts in addressing the insider threat. The Inside-R program’s bar for success is high. The focus of Inside-R is on evolving analytic capabilities focused on the behavior of the insider. To that end, MITRE invites the participation of government and private organizations to provide their historical insider incident data to the organization’s corpora of information from which findings are derived.

Cloud Email Threats Soar 101% in a Year

The vendor stopped over 33.6 million such threats reaching customers via cloud-based email in 2021, a 101% increase. This included 16.5 million phishing emails, a 138% year-on-year increase, of which 6.5 million were credential phishing attempts.

Trend Micro also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware.

Attack on Kaiser Permanente Exposes Data on 70,000 Customers

A leading US healthcare provider has warned that as many as 70,000 individuals may have had sensitive personally identifiable information (PII) stolen by a malicious third party.

However, a data breach notice sent to customers earlier this month claimed to have discovered an unauthorized access incident on April 5.

Although the firm didn’t reveal in its letter the scale of the breach, a separate filing with the US Department of Health and Human Services noted that 69,589 individuals were affected.

ClubCiso Report Shows Material Security Incidents Reduced by 54% Compared to Last Year

A new report by Telstra Purple’s security forum ClubCISO suggested material security has significantly improved over the last year, driven by a positive shift in organizational influence by chief information security officers (CISOs).

The survey analyzed the answers of more than 100 information security executives from private and public organizations worldwide. The majority (54%) said that “no material incident occurred” over the last year. For comparison, in 2021, only 28% of those surveyed responded thus.

Insider Threat Program (TIP) For Industry Job Aid

This job aid gives Department of Defense (DOD) staff and contractors an overview of the insider threat

program requirements for Industry as outlined in the National Industrial Security Program Operating

Manual (NISPOM) that became effective as a federal rule in accordance with 32 Code of Federal

Regulations Part 117, also known as the “NISPOM Rule.” This job aid addresses policy, responsibilities,

requirements, and the procedures consistent with Executive Orders (EO), 12869, “National Industrial

Security Program;” EO 10865, “Safeguarding Classified Information and Security;” and 32 CFR Part 2004,

“National Security Industrial Security Program.

3 Tips for Mitigating the Insider Threat Facing Government Organizations

Verizon’s Data Breach Investigation Report for 2022 (DBIR) was recently released and it has some good news and it has some bad news when it comes to the risk of insider attacks.

First the good news, sort of. According to the DBIR, the vast majority of breaches continue to come from external actors (80% vs 18% of insiders). Hopefully we can be a little less suspicious of Bob who sits two offices down from you.

The DBIR found that the median number of records compromised from an insider breach last year was 80,000. This is not great, but it gets worse. When we look at the totals, the number of records breached by insider attacks surpassed 1,000,000,000 as opposed to the far less than 250,000,000 from external actors.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading