ITMG Insider Threat News – March 13, 2022

A Locked Room Mystery: How Cleared Companies can Protect Against Insider Threats

What can we do to protect against such insider threats? Take the case of Sergey Alenikov. He downloaded vast amounts of computer codes, proprietary to his American company. He was caught through routine network monitoring.

Chinese immigrant Chi Mak obtained, from his American defense industry job, the details about how American submarines remained quiet. Then he stole information about the Aegis radar system, and even about stealth naval craft. His planning for theft included copying and encrypting information which he then secretly carried back to China by his own relatives. In each of these cases, careful methods of our own protection ultimately worked, and the violators were arrested.

How to Protect your Trade Secrets and Confidential Data

The rapid shift to digital work is happening so quickly, it’s hard to know what’s possible for your company. The benefits are many – increased productivity, happier employees, lower cost of living. But before you take the plunge, there are some considerations to be made. One of these is cyber security. You may have heard that remote working increases the risk for data theft and other security breaches. That is correct. You have less control over where your data is stored and how many others have access to it when you operate remotely.

Nvidia Hackers Leak Employee Credentials, Threaten to Release ‘Nvidia’s most Closely Guarded Trade Secrets’

Hacker group Lapsus$ has leaked the credentials of more than 71,000 Nvidia employees after the company did not acquiesce to its demands. The group stole the corporate data during a recent ransomware attack and threatened to release it if Nvidia didn’t remove its cryptocurrency mining limiter (LHR) from its RTX 30-series video cards. Nvidia refused to do so, and the group has since issued another demand and claims it will release even more data if Nvidia doesn’t comply.

How to Stop Malicious or Accidental Privileged Insider Attacks

Insider threats are receiving their share of the spotlight as companies increasingly realize that unchecked employees can cause just as much damage as external actors. Companies are further realizing that privileged insiders are of particular concern. How privileged a user’s access rights are impacts how dangerous they are, whether their actions are malicious or negligent.

Incidents involving insider threats have increased 44% since 2020, according to Ponemon Institute’s 2022 Cost of Insider Threats report. The average cost per breach was $15.38 million, with the majority going toward containing the incident.

Why Modern Privacy Security Requires Automation, Cross-Functional Team Collaboration

When I look at privacy, it reminds me of how compliance and risk management departments of old operated, focusing narrowly on processes, teams, and tools specific to each type of data and regulation. This is difficult to scale while anticipating how rapidly evolving enterprises use data and account for immediate compliance requirements. A more modern privacy approach is to leverage technology, automation, and data management to create an integrated hybrid strategy for compliance.

Insider Data Theft on the Rise

According to a report by research firm Aberdeen Group, Understanding Your Insider Risk and the Value of Your IP, organizations should expect a surge in corporate data loss and exfiltration. Despite a few high-profile lawsuits in favor of organizations betrayed by insiders, a good percentage of employees still don’t see much problem in taking data or intellectual property (IP) with them to their next employer.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading