ITMG Insider Threat News – November 16, 2020

itmgnews111620

Stressed employees behind 4 in 10 data breaches

A recent Outbound Email Security Report from Egress has revealed that stressed, tired employees are behind four in 10 of the most severe data breach incidents. As stress levels rise, rushed employees are more likely to make simple mistakes such as sending an email to the wrong person, or attaching the wrong file. With remote workers facing distractions from childcare to delivery drivers ringing the doorbell, and stress levels spiking as we head into new lockdowns around the world, employees are likely to make simple mistakes such as sending an email to the wrong person, possibly exposing sensitive data.

Future Insights – The Rise of Insider Threat-as-a-Service

Insider Threat-as-a-service. In the past we’ve thought of “insider threats” as disgruntled employees who walk out of the building with proprietary information hidden in their briefcases. But today, your employees may be scattered around the world, you may hire them after only meeting via Zoom, and they may never step foot inside one of your offices. And today, you can buy almost anything on the dark web, including “trusted insiders.” In 2021, I expect to see organized cells of recruitment infiltrators offering specifically targeted means for bad actors to become trusted employees, with the goal of exfiltrating priceless IP. These “bad actors,” literally, will become deep undercover agents who fly through the interview process and pass all the hurdles your HR and security teams have in place to stop them. We want to believe our employees are good people—but the stats tell us that between 15 and 25 per cent are not. The only way to find these people before they do irreparable damage to your organization is by understanding human behavior and knowing when their activities don’t match their profile.

Dealing with insider threats in the age of COVID

Dangerous grey areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working. So says CEO of Vectra, Hitesh Sheth, writing for Dark Reading. Although the toll of an insider attack in North America can cost a company more than $11 million a year, many still consider insider threats to be too rare to constitute a real threat. Attacks resulting from insider threats are widely regarded as extreme outliers and consequently taken less seriously by leadership and security teams. Nonetheless, companies should be mindful of dangerous grey areas, especially when considering attackers are always looking for the path of least resistance. These grey areas may include new bring-your-own-device policies and shadow IT devices that result from the rapid shift to remote work or high employee turnover rates. The average impact of insider threats does not say anything about the overall frequency. Even if the average per-breach loss to a company is minor, cumulative losses can intensify if insider threats occur frequently. And this doesn’t include reputation loss, which is tough to measure and harder to overcome.

The new Battle of Triangle Hill: China’s bid for technological supremacy

During the Korean War, the U.S. military under United Nations command engaged in a 42-day battle, Operation Showdown, against the People’s Liberation Army (PLA) to capture a forested ridge called Triangle Hill — Shangganling in Chinese. The U.S. terminated the operation because of high casualties, and since then the Chinese have propagandized it as a great victory over the United States. Largely forgotten by the West, it is framed by the Chinese Communist Party (CCP) as the iconic symbol of defeating its arch enemy through great sacrifice, focus and determination.   At the party’s Fifth Plenum last month, Chinese leader Xi Jinping revealed a plan for a “new Battle of Triangle Hill.” This battle is about technology, not terrain. China possesses the same determination and focus as it did 70 years ago, to realize its aim of seizing the commanding heights of science and technology from the United States. For the first time in the CCP’s history, this objective is included in the 14th Five-Year Plan. The plan requires that China focus on technological innovation as a core component in all of the country’s modernization. It also compels China to make technological self-sufficiency a strategic pillar of national development. Notably, this receives priority over all other planned missions.

Five tips for chief information security officers to increase their strategic value to the CEO and board of directors

The role of the chief information security officer – or CISO for short – is to understand a corporation’s cyber threat landscape and know where vulnerabilities lie. And given the relentless increase in sophisticated hacking, their clout and importance to the CEO and Board is increasing exponentially. Given COVID-19, as millions of American white-collar workers have moved from the office to their home to work remotely and stay in touch with colleagues solely online, it has been CISOs who have been charged with making sure this eruption of new endpoints isn’t compromising corporate network security.

Are Rogue Insiders an Excuse, Symptom or Root Cause?

Whenever there is a breach, there is a single burning question: What happened? Here is an industry secret: the initial answer to that question is never the cause. It is just the first potentially culpable event to be noticed – a convenient way to quell the initial wrath of the offended parties – the senior executives and disgruntled data breach victims. The #1 favorite is: “Somebody clicked on a link” – as though link-clicking was the digital equivalent of using a metal rod to touch a pylon. Are you a link-clicker? When was the last time you did something as stupid as clicking on a link? What do you mean you do it all the time? Are you insane? Cybersecurity pros all know that clicking on a link is never the real cause. It’s like identifying life as the leading cause of death. Clicking on links happens all the time. It has to happen for work to progress.

Identity Verification: Is Your Potential Employee Who They Say They Are?

Identity verification has taken on a new urgency for cybersecurity and IT teams in the new era of remote work. Confirming a person’s identity has been important since the advent of data privacy laws and the need to verify those requesting to see their personal data or the right to be forgotten—no company wanted to risk handing over data to the wrong person and risk identity theft. But now, as the pandemic continues to restrict in-person meetings and organizations still have many employees working remotely, the hiring process has taken on an unforeseen challenge: How do you know the person you are planning to onboard is who they say they are? Identity Verification’s History: Identity verification was designed to ensure businesses would comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) laws. In the digital age, identity verification has become an important tool to help organizations prevent fraud and identity theft.

7 key cybersecurity metrics for the board and how to present them

Cybersecurity is critical. Everyone knows that. Justifying to the board of directors the amount of money needed to sustain cybersecurity? That’s not as straightforward, and that’s why IT security managers must continually find ways to explain the value a comprehensive cybersecurity strategy brings to the overall business. The goal should be to illuminate — without getting too technical — those cybersecurity operational metrics and measures that paint a picture of the current threat landscape. Let’s look at some of the most important cybersecurity metrics for the board. Detected intrusion attempts. Graphing intrusion attempts over time may not be the most important statistic from an IT security standpoint. But it does give the board a picture of the overall number of threats the business faces at any given time. The trouble with IT security is that, when prevention mechanisms work and few incidents occur, business leaders tend to assume they’re no longer a target. Sharing statistics that prove otherwise is a good way to prove that cybersecurity threats continue to exist and are growing all the time.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading