ITMG Insider Threat News October 4, 2022

5 Ways to Mitigate Your New Insider Threats in the Great Resignation

Companies are in the midst of an employee “turnover tsunami” with no signs of a slowdown. According to Fortune Magazine, 40% of the U.S. is considering quitting their jobs. This trend – coined the great resignation – creates instability in organizations. High employee turnover increases security risks, and companies are more vulnerable to attacks from human factors worldwide.

Implementing a successful security awareness program is more challenging than ever for your security team—the new blood coming in causes cultural dissonance. Every new employee brings their own security habits, behavior, and ways of work. Changing habits is slow. Yet, companies don’t have the luxury of time. They must get ahead of hackers to prevent attacks from new insider threats.

Watch Out for the Insider Threat

September 2022 is Insider Threat Awareness Month. This is an important moment for many businesses to reflect on the cybersecurity risks posed to their firms from their own employees.  Each year adopts a different theme (for those interested in 2021’s focus, Digital Journal covered the event last year).

According to Eric Bassier, Senior Director Products at Quantum, the challenges faced by firms in 2022 are greater than those that were apparent last year.

As Bassier explains to Digital Journal: “Insider threats are not always the result of malicious actors. In fact, research shows careless insiders are the most common reason and account for 63 percent of all incidents.”

Coordination, Action and Awareness Needed to Thwart Transportation’s Insider Threat

The insider threat risk is still a very real and very present concern to transportation security professionals around the globe. Earlier this month in Tupelo, Mississippi, an aviation employee stole a plane and was threatening to crash it into a Walmart store. The incident caused stress and worry to the public and authorities as the plane circled above the area but ended peacefully when the plane landed in a field. As we all know, the situation could have ended much differently. This was just the latest wake-up call for general aviation airports and quite frankly, to all airports across the country. Though there are different and more robust security protocols at larger airports, the insider threat risk is surely present. While the Transportation Security Administration’s (TSA’s) annual “see something, say something” training helps to prevent and deter some nefarious activities, it won’t avert them all. More must be done across the transportation sector.

Increased Mortality Rates Linked to Cyber-Attacks Against Healthcare Organizations

Cyber–attacks against healthcare organizations cause more than 20% to experience increased mortality rates, suggests new research by Proofpoint’s Ponemon Institute.

The report, which surveyed 641 healthcare IT and security practitioners, also found that 89% of them experienced an average of 43 attacks in the past 12 months, with more than 20% suffering one of the following types of attacks: cloud compromise, ransomware, supply chain, and phishing.

Uber Hacker May Have Compromised Secret Bug Reports

Uber appears to have been breached again, after a threat actor reportedly accessed its email and cloud systems, code repositories, internal Slack account and HackerOne tickets.

The ride-hailing giant released a terse message on Twitter yesterday saying it is “currently responding to a cybersecurity incident” and is in touch with law enforcement.

Meanwhile, the alleged hacker sent screenshots to the New York Times and security researchers showing they had access to various internal corporate IT systems.

Survey Finds Insider Threats are Most Difficult Attack to Detect, and Behavioral Analytics Technology is a Top Priority in the SOC

Gurucul, the leader in Next-Gen SIEM, XDR, UEBA and Identity Access Analytics, today announced the results of a Black Hat USA 2022 security professionals survey. Respondents indicated that Insider Threats were the most difficult type of attack for SOC analysts to detect, and that Behavioral Analytics was the most common piece of technology they felt was missing and that they planned to add to the SOC in the near future. The survey also found that a strong majority of respondents feel their SOC programs are improving, but that they needed more training, high-level talent in the SOC, better compensation, and more time off.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading