ITMG Insider Threat News – October 26, 2020

itmgnews102620

Protecting Company Data From Disaster

CHICAGO — The United States has seen so many hurricanes this season that experts have run through the alphabetical naming convention and are using the Greek alphabet to identify the remaining storms. Meanwhile, wild fires continue to burn along the West Coast and beyond as climate change threatens further natural disasters in the future. Hurricanes and fires might not be the first images that come to mind when building a cybersecurity system, but their potential to adversely affect a company’s data is very real. So said Doug Braun, director of product marketing for Infrascale, a cybersecurity firm which specializes in data recovery. Before data can be properly secured, Braun said retailers need to thoroughly assess their existing data landscape and determine the scope of their security needs. “The first rule of data protection is to know all about the ecosystem of the data you are protecting,” said Braun. This process is more than knowing what data an organization has and its physical location. Properly assessing a data landscape also includes knowing how the data is used, with what frequency and by whom. Having this information handy will make any backup or security plan more comprehensive and effective.

Goldman Sachs To Pay Record Fine to Resolve Bribery Investigation

Goldman Sachs Group Inc. will pay $2.9 billion as part of a coordinated resolution with criminal and civil authorities in the United States, the United Kingdom, Singapore, and elsewhere over bribes it paid to Malaysian and Abu Dhabi officials to secure business deals. The DOJ said the scheme went on from 2009 to 2014, and that Goldman admitted to engaging in bribery through its employees and agents—former Southeast Asia Chairman and Participating Managing Director Tim Leissner, former Managing Director of Goldman and Head of Investment Banking for GS Malaysia Ng Chong Hwa, a third former executive known as Employee 1, and Low Take Jho—to secure deals with 1MDB, a Malaysian state-owned and state-controlled fund to pursue investment and development projects. The bribes were paid for a variety of business initiatives, including Goldman’s role as an advisor on energy acquisitions, underwriter on three bond deals valued at $6.5 billion, and a potential role in a “highly anticipated and even more lucrative initial public offering for 1MDB’s energy assets,” according to the DOJ. These measures include redesigning its framework for addressing reputational risk, doubling its global compliance division, imposing additional conditions for sovereign-related financings, creating a compliance forensics program, and establishing an insider threat program to leverage enhanced surveillance analytics to prevent and detect potentially harmful action by employees.

NIST Needs Tech Providers Help Developing Zero-Trust Practice Guide

The National Institute of Standards and Technology has laid out components of a comprehensive zero-trust system and is asking product developers to come together and build it. The end result will be the foundation of a practice guide in a series of special publications. Prospective participants will be evaluated on a first-come, first-serve basis according to a notice posted in the Federal Register Wednesday with kick off happening within the month. “Collaborative activities will commence as soon as enough completed and signed letters of interest have been returned to address all the necessary components and capabilities, but no earlier than [30 days after the posting date],” the notice reads. Entities with commercial offerings essential to zero trust—the buzzy premise that an organization’s internal network is not an inherently safe space—have an opportunity to demonstrate their wares in collaboration with NIST and other vendors, the notice said.The popularity of a zero trust approach to security has grown along with the adoption of cloud services and an increase in network-connected devices. Demarcation of the perimeter is no longer clear and the persistence of insider threat has increased focus on the need to carefully manage user identity and limit access to sensitive data and operations.

Keeping HR Data Secure in a Time of Data Breaches

Risk management has never been more important, especially at a time when data breaches continue to increase. There are numerous high-profile examples involving the theft of employee data. Identity fraud cases exceed 10 million annually, but that’s just the tip of the iceberg. More than 4 billion records were breached in the first half of 2019 alone. By September, that number had nearly doubled, reaching 7.9 billion for the first nine months of the year. To mitigate the risk of future cyber incidents, HR teams need to feel confident that their processes and the providers they work with treat their employees’ data with the care it deserves. And by establishing the right policies and procedures, organizations can ease employee concerns by being open about how data is used, stored and protected. Risk management efforts are often hampered by things that have little to do with IT, antivirus software or patching vulnerabilities. It may sound basic, but employees who use generic passwords across many accounts expose the organization to the risk of attack and make it easier for malicious actors to gain access.

Modern Day Insider Threat: Network Bugs That Are Stealing Your Data

Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed. Anyone who has seen a spy movie or two will recognize the premise behind sweeping for bugs. In the old days, these bugs were listening devices in a room or attached to a telephone handset. They then evolved to hidden cameras.

Recent technology developments mean this level of espionage is no longer something for just the spy movies and intelligence agencies. A $30 Raspberry Pi device could be trivially used for this exact purpose. The idea is simple: Slip into a bank or retail store like an average customer and quickly plug a thumb-sized computer into a power or network jack. Of course, you are even less likely to get caught if you bribe or coax an insider to plant it.

Four Methods to Prevent Insider Threats

Insider threats are the worst possible security threat to any organization. Most think that outside threats are terrible and will take down an organization, but in reality, the insider threat is the most damaging. The reason that insider threats are so bad is simple. They are already inside the organization, and they have access that outsiders do not. Insiders know where the server room is and might even have access. They have access to file shares with sensitive corporate documents and/or documents that deal with matters of national security. This is scary stuff! There are ways to avoid falling victim to insider threats. Here’s a list of some of the best methods you can employ. 1. Enforce Least Privilege Access Control. There have been times in the past where I’ve been given the metaphorical keys to the kingdom as a systems administrator. I have held domain administrator credentials, and super user/root credentials for applications that are extremely crucial to the success of the organization as a whole. I haven’t always needed that much access and that’s why the rule of least privilege should be enforced by every organization. Least privilege means only granting access to users/administrators for that which they need to do their job effectively. The junior network administrator doesn’t need domain admin level access to Active Directory. They likely need access to the switches and routers and definitely shouldn’t need root level access. Likewise, the Active Directory admin doesn’t need root level access to the core switch. By enforcing least privilege, you eliminate the possibility of someone doing something they should not and/or accidentally causing an outage. Audit your user and administrator accounts frequently to ensure least privilege principles are followed.

Confronting Data Risk in the New World of Work

With Stanford research showing that nearly half of the U.S. labor force is now working from home full-time, insider threats are a much more difficult problem. As IT and security professionals, COVID-19 pushed most of us into a “just make it work” mode for much of 2020. We quickly scaled up the use of collaboration platforms like Zoom, Microsoft Teams, Google Meet and Slack, recognizing that circumstances demanded some short-term risk tolerance. It’s clear, though, that more remote, flexible work arrangements are here to stay. We’ll continue sharing more data, with more people, faster than ever. And we’ll all be better for it. The sharing of information drives quicker decisions, better outcomes and more successful organizations. But as we move from “just make it work” to embracing this new world of work, we’ve got to also confront a whole new world of risk. With Stanford research showing that nearly half of the U.S. labor force is now working from home full-time, insider threats are a much more difficult problem. The surge in digital collaboration and sharing adds to what was already a common blind spot: The traditional security stack gives limited visibility into all the files and data flowing through these cloud apps — to and from employees, devices, vendors, customers, etc.

Insider Threats Continue to Plague Enterprise Security Teams

Cybersecurity budgets have exploded exponentially over the past five years with many analysts predicting that worldwide spending will exceed $1 trillion by 2025. A quick look at the headlines shows that cybersecurity professionals are losing the war. Every month, several major brands and organizations—household names like the CIA, Twitter and Hershey—are forced to announce they have been the victim of a data breach. Millions of our organization strategy documents, customer lists, account credentials and product designs as well as personally identifiable information (PII) are exposed every year. Is this what $1 trillion gets you these days? Maybe, maybe not. The problem isn’t the amount of money being spent on cybersecurity. It’s how budgets are allocated. According to our 2019 Data Exposure Report, two-thirds of breaches are inside jobs. Yet, insider threat programs account for less than 10% of the budget. It’s clear that enterprise cybersecurity efforts are not being prioritized properly.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading