Insider Threat Management

The Insider Threat Level: Unhealthy Data, Password Fatigue, and Alexa

Share with your network!


Your people are your biggest asset, but also your biggest risk. Do you have the ability to detect, investigate, and prevent a costly insider threat incident, or know how to recognise one when it occurs?

The Insider Threat Level series is here to keep you up-to-speed on the numerous examples of insider threat incidents, trends, and best practices caught in the news, so you can be more prepared for anything coming your way.

If you missed the last Insider Threat Level, we covered: GDPR, the CIA Hoarder, At-Risk Agencies, and more.

This week, we’re taking a look at: new research on employee passwords, HR and healthcare data breaches, the importance of balance in cybersecurity, and how digital assistants may be the new insider threat within your home or office.

What's Happening:

  1. New report claims 25% of employees use the same passwords for accounts
    Source: TechRepublic

    According to a TechRepublic article, 25% of the 500 US employees surveyed in a recent study by the open source VPN organisation, OpenVPN, acknowledged that they use the same password for multiple workplace accounts. This is troubling (to a certain, obvious extent) because it makes it easier for access to leak outside of an organisation, potentially leading to lost data, and increased risk of systems breach.“Building a work culture centered around good cyber hygiene takes time but will ultimately protect companies in the long run from online threats,” says OpenVPN. Their suggestion: build a culture where thinking proactively and completely about choices made online is the norm.Hot Take:
    Passwords are far too simple a tool to pass (ha!) on improving, in the big bad world of cybersecurity threats.There are external threats beyond your walls, and a whole slew of insider threats within them (your employees and contractors). You not only need visibility into user activity to understand if, how, or why an insider threat incident is occurring, but also have an effective cybersecurity policy training program in place to mitigate the risk of one.

    Overcoming bad passwords isn’t the answer, it is just one part of the answer to the greater question of how your organisation can make cybersecurity training contextually understandable, relatable, and simpler.

  2. Human Resources company suffers from client-affecting data breach
    Source: SC Magazine

    Human resources software company PageUp has reported that they suffered a data breach that may have leaked their information.The breach was detected after members of the PageUp team noticed irregular activity on its network and investigated. The extent of this breach is still under active investigation, but they have stated that “all client user and candidate passwords are hashed using bcrypt and salted.”They currently recommend that users change their account passwords.Hot Take:
    “Passwords. Why is the solution always…passwords?” – Some Cybersecurity Indiana Jones type

    While this particular data breach has yet to be classified as having been caused by an insider threat or an external one, it highlights the growing need for understanding where, how, and why data is being interacted with, and by who, and the ability to rapidly detect and respond to potential trouble.

  3. Multiple data breaches hit Dignity Health, and patients pay the price
    Source: SC Magazine

    Recent reports from within the San Francisco-based healthcare organisation have acknowledged that there has been an accidental email breach affecting over 55,000 patients, improper use of personally identifying information (PII) for 229 patients, sharing of PII documents for over 6,016 patients with a third-party contractor whose contract had ended, and a breach that may have shared PII data (including social security numbers) for an additional 142 patients.*Whew*Hot Take:

    There is quite a lot to unpack here: we have 1 email breach caused by a third-party error, at least 1 employee caught inappropriately accessing PII data, 1 instance of PII data sharing with an unauthorised third-party, and 1 example of unauthorised access to systems.

    That’s 3 potential insider threat incidents, and 1 external threat incident, all in one healthcare system.

    We’ve written recently about how the healthcare system is where insider threats outnumber external threats, and this situation is a prime example. If you don’t have the visibility into user activity in your organisation, you flat out won’t be able to detect, investigate, and prevent insider threat incidents within a reasonable timeframe.

  4. (FEATURED POST) Why “Balance” is important in cybersecurity programs
    Source: ObserveIT

    When it comes to ensuring the safety and security of your organisation’s data and systems, you’re all business. But what if your laundry list of policies, restrictions, and tools are actually making the problem worse?
  5. The Potential Insider Threat called Alexa (or Siri, or Cortana…)
    Source: New York Times

    The New York Times reports that a group of researchers at the University of California at Berkeley, and in China, have been working to utilise hidden audible commands that can activate and interact with digital assistant-based devices (Alexa, Siri, etc.) often found in the home and office.Most recently they have been testing triggers that can be played in the background of music or spoken text to perform actions including: unlocking doors, wiring money, or buying items online.Hot Take:
    While the article states that no insiders within the labs have leaked out the tools capable of these trigger feats as of this time, they quote one of the researchers to have said that “(Their) assumption is that the malicious people already employ people to do what I do.”

    That is a little alarming, thanks to the parallels to the traditional insider threat. Devices like Siri and Alexa may not actually be people, but they might as well be. Your verbal data is still data, and in many ways, it is necessary for you to know how it is (and can) be used, manipulated, and shared once you let them in and give them access.

    Unfortunately, unlike more traditional insider threats, you can’t get visibility into data activity.

How do you feel about the Insider Threat Level?

Did you find this insider threat news recap particularly interesting? Want to see additional coverage? Let us know by tweeting @Proofpoint.