Insider Threat Management

Insider Threat Level: 2018 Year in Review

Share with your network!

The Insider Threat Level is here to keep you updated on the latest examples of security best practices, insider threat incidents, and trends, so that you’re better prepared for what comes your way in 2019.

Only a few days into the new year, we’ve already seen our first major phishing incident, allegedly involving an Australian government employee. According to CBR, the details of nearly 30,000 Australian civil servants were stolen as a result of the breach.

This incident follows a 2018 that was unfortunately full of insider threat-related compromises. On the brighter side, there was also some good news in the form of new frameworks and hiring trends. Here’s our year in review:

The SunTrust Incident and Privileged Users

In April, SunTrust disclosed an incident to 1.5 million clients, allegedly involving the theft of information by a former employee. The data exposed included names, phone numbers, addresses, and certain account balances.

Insider threat incidents from privileged users unfortunately aren’t going away. And, financial services organisations are often hit the hardest by costs; the Ponemon Institute estimates that the average annual cost of insider threats for this industry is $12.03 million. Fortunately, there are steps you can take to prevent insider threats from privileged users.

The CIA Contractor Retaining Classified Materials

In May, Reuters reported that a former CIA contractor pled guilty to improperly searching classified data and copying the information into personal notebooks taken to his house. In November, the contractor was sentenced to 90 days in jail for unauthorised retention of classified documents, although little light was shed onto his motivations.

While the motive for this insider threat may have been a mystery, your organisation can work to understand common insider threat indicators in 2019 to prevent potential incidents before they occur.

Insider Dangers are Hiding in Collaboration Tools

Workplace collaboration technologies like Slack, Office 365, and others could be responsible for an uptick in insider threat incidents, according to a report from Dark Reading. According to a study cited in the article, 1 in 118 public communications include confidential information, and 1 in 262 include passwords.

Rather than restricting use of these technologies altogether (which could hurt employee productivity), having visibility into user activity throughout the organisation is key -- after all, data doesn’t leak itself!

Feds Arrest Apple Employee for Stealing Self-Driving Car Secrets

As if the Uber/Waymo case wasn’t enough self-driving insider threat drama, in July, the feds arrested a former Apple employee for allegedly stealing autonomous vehicle secrets. The company became suspicious of the employee when he quit to join a Chinese self-driving car startup. As it turns out, after he had given notice, he was transferring sensitive company data to his wife’s laptop.

Spotting this type of suspicious user activity early is the difference between catching an insider threat in the act and waiting until it’s too late!

Seattle Plane Theft and Physical Insider Threat Awareness

In August, a tragic crash involving a plane stolen by an employee raised awareness for the need for physical insider threat awareness, as well as increased vigilance around employee mental health. Reportedly, the employee who crashed the plane was suicidal, although he was not given a psychological screening before beginning employment.

While the DHS has extensive recommendations around physical insider threats in aviation, it’s important for organisations to also stay on the pulse of employee mental health issues that could cause individuals unneeded stress or harm.

Amazon Data Leak a Prime Example of Insider Threat

According to a September report from the Wall Street Journal, Amazon employees in China and other nations were allegedly misusing company systems and data, as well as receiving payments from third parties to divulge proprietary trade secrets. While this practice is seemingly ongoing within a specific subset of employees, Amazon may not have necessarily have the evidence they needed to take appropriate action fast enough.

The NITTF Releases New Framework for Insider Threats

In November, the FBI’s National Insider Threat Task Force published their new Insider Threat Program Maturity Framework. This initiative demonstrates the sense of urgency around insider threats in the U.S. government, and includes 19 guidelines that lead agencies through the many challenges and questions that may arise during the implementation of a new or improved insider threat program. The guide acknowledges that insider threat management is a team sport, and should be handled with a good mix of people, processes, and technology.

2019: The Year of Cybersecurity Hiring?

Last but not least, we took a look at a new survey that promised 2019 will be the year of cybersecurity hiring. Cybersecurity jobs are in high demand, but the right talent is often in short supply for organisations. Forty-seven percent of organisations surveyed by Spiceworks named cybersecurity the biggest area of attention (particularly for enterprises). Perhaps 2019 will be the year that many organisations look to hire a dedicated insider threat role in their organisations.


What Story Stuck With You from 2018?

We want to know which stories taught your team the biggest lessons, or stuck with you in terms of a relatable incident. Feel free to share them with us on Twitter @Proofpoint