ITMG Insider Threat News – November 17, 2021

How to Protect Trade Secrets in Remote Working World

The protection of trade secrets has always been vital to maintaining a successful business, particularly as companies innovate and use technology in creative ways to obtain a competitive edge in manufacturing and delivering goods and services.

This risk is not going to go away and, in fact, will only increase as workers seek more flexibility and businesses struggle to find good talent. Fortunately, federal and state law recognizes these business challenges and there are some powerful tools for risk mitigation and defense.

U.S. Warns Against IP, Trade Secret Risks in Draft EU Tech Rules – Paper

Draft landmark EU rules requiring U.S. tech giants to share information with rivals could put at risk companies’ intellectual property and trade secrets, the United States government warned in a document seen by Reuters.

The paper said requiring gatekeepers – companies that control data and access to their platforms – to change their business practices and the design of their software may have implications for security and consumer protection.

Major Water Supplier Suffers Nine-Month Long Breach

One of Australia’s largest regional water suppliers was breached for several months before detecting the unauthorized access, another worrying sign of weaknesses in critical infrastructure security.

“Threat actors targeted an older and more vulnerable version of the system. The web server that stores customer information contained suspicious files that increased visitor traffic to an online video platform,” the report explained.

Lack of visibility into user activity increase risk of credential theft and insider threats – CyberArk

Organizations with limited visibility into user activity and web application sessions are courting risks such as credential theft and insider threats, according to a recent survey from CyberArk.

A survey of 900 medium-to-enterprise organizations in Australia, Singapore, France, Germany, the United Kingdom, and the United States found that globally, 80% have experienced situations where employees have either misused or abused their access to business applications.  In Singapore, 83% of organizations had experienced the same, followed by 77% of organizations in Australia.

Phishing is an Insider Risk – It’s Time to Tackle It Like One

The cybersecurity industry has a problem in how it talks about phishing, leaving organizations – and their employees – at risk. Although phishing attacks originate outside of the organization, many often fail to consider the internal aspect of an attack. We need to talk about phishing as an insider risk.

This is because there’s one thing that all successful phishing attacks have in common: an insider let them in.

Robinhood Data Breach Hits Seven Million Customers

The firm claimed an unauthorized third party could access the data on November 3, after targeting an employee.

“The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems. At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people and full names for a different group of approximately two million people,” a statement explained.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading