ITMG Insider Threat News – September 28, 2020

itmgnews092820

Shopify breach: Help center employees are a unique breed of insider threat

A data breach at Shopify perpetrated by two “rogue employees” who worked on the e-commerce platform’s support team illustrates how certain roles within an organization may require more stringent monitoring. Based on Shopify’s online support page, the “support team” appears to refer to help center employees who handle inquiries and troubleshooting requests submitted by both merchants and their customers. Experts told SC Media that employees working for such a department potentially have access to a wide variety of data at their fingertips, which they might view, gather or exfiltrate for illegitimate purposes. “It is critical that these individuals be monitored,” said Armaan Mahbod, director of counter-insider threat research at remote employee monitoring company Dtex Systems. Mahbod told SC Media that such employees often have the ability to use remote service tools to directly access their clients’ systems, websites and customers portal, and potentially even their transaction logs.

Managers Who Stay Connected to Remote Employees Could Reduce Insider Threats, State Official Says

The coronavirus pandemic forced much of the federal workforce into a situation that usually serves as a primary indicator of insider threat, according to the State Department’s Jacqueline Atiles. “People are isolated right now and that is the number one indicator of insider threat,” said Atiles, program director of State’s Insider Threat Program. She spoke to Nextgov to share some tips for ensuring employees don’t compromise the safety of people, property or information from within the government during the month which the Office of the Director of National Intelligence officially designated for that purpose last year.

Mercenary Group Targets Real Estate and Architecture Firm

A digital espionage attack against an international architectural and video production company fit the profile of advanced persistent threat (APT) mercenary groups, Bitdefender revealed on Thursday, August 20. At the time of analysis, this company had offices in London, New York and Australia. Its architectural projects involved real-estate developers along with high-profile architects and interior designers.

Preventing insider threats: What to watch (and watch out) for

Understanding human behaviors that precede malicious actions from an insider is the best way to avoid data loss or disruption, experts say. September is officially National Insider Threat Awareness Month (NIATM) and the theme of this year’s NIATM is resilience. Of all the digital threats facing organizations, the insider threat can be the most vexing to tackle given how uncomfortable it can feel to suspect one’s own colleagues of wrongdoing. It’s challenging to set up systems and processes that might catch well-regarded peers or superiors in a harmful act. At last week’s inaugural Insider Risk Summit, experts at corporations and cybersecurity firms gathered to talk about the top trends driving insider security threats and what security officers should know in trying to combat those threats.

5 Cyber Basics for the C Suite From the Outside In

Cybersecurity is a vast and complex subject. It’s all too easy to get lost in the technological details of security solutions or scare tactics around cyberattacks. And yet, cybersecurity concerns the entire organization, not the least of which are C-level executives charged with the security and business continuity of their organizations. While the details of implementing an effective and cost-efficient cybersecurity strategy are perhaps best left to experts on in-house security teams to investigate, it is imperative that CEOs and CXOs make sure that they are informed and up to speed on the high-level elements that should be enlisted to enact proper, well-rounded cybersecurity within their organizations.v Something for the Inside: Once inside the security perimeter of your organization’s network, the next element is to ensure that all assets and users are protected. Whether your walls are breached, or a leak comes from inside, your IT infrastructure must be secured. In fact, according to a 2019 Insider Data Breach survey, 79% of IT leaders believe employees have put company data at risk, whether accidentally or maliciously. Insider threat is a very real concern, but can be mitigated with security measures that enforce accountability, limit access privileges and ensure that systems are recoverable should an incident occur (accidentally or not).

Shopify data breach illustrates the danger of insider threats

A recent data breach at Shopify that affected almost 200 merchants has been attributed to insiders. The incident did not result from a technical vulnerability, but from two “rogue” support team employees involved in a scheme to procure customer transactional records and sensitive data. Almost 200 Shopify merchants affected. Shopify conducted an investigation into the incident and found the breach impacted under 200 Shopify merchants. FBI was also made aware of the findings. “We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement. We are currently working with the FBI and other international agencies in their investigation of these criminal acts,” the company stated in a statement. As of now, there is no evidence as to how this data may have been misused. It may be a relief for everyone to know, sensitive information such as complete payment card numbers and sensitive personal and financial information was not exposed as a result of this incident. The exposed “data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased,” the statement acknowledged.

What Keeps You Awake at Night? Third Parties, Insider Threats, or Nation State Actors? Survey Results Explored

Last week SecurityHQ released a poll on LinkedIn, within the cyber intelligence group known as ‘Advanced Persistent Threats (APT) & Cyber Security Threat Actor Group’. The group contains over 70,604 cyber security professionals, to which we posed the question, ‘What Keeps You Awake at Night’, with the option to select one of three possible answers: Third Parties, Insider Threats, Nation State Actors. After a week, the results have been gathered. Out of the three options, over 55.29% of those who took part in the poll said that Insider Threats kept them awake at night. Followed by Third Party Risks, at 23.87%. And finally, Nation State Actors at 20.85%. What is interesting here is that if presented with the same question a few years back, we would have expected a very different response, with ‘Nation State Actors’ accumulating the greatest number of votes. Today we are seeing the opposite.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading