Insider Threat Management

Insider Threat Level March 2019: Data Breach Reporting Edition

Share with your network!

The Insider Threat Level is here to keep you updated on the latest news stories and analysis of security best practices, incidents, and trends, so that you’re better prepared for what comes your way.

This month, our feature stories look at issue of data breach reporting, in the wake of GDPR and possible U.S. data privacy regulations coming down the pike. According to a recent freedom of information (FOI) request made of the EU Information Commissioner’s Office (ICO), organisations are painfully slow at identifying when they’re targeted by cybersecurity attacks, and reporting these breaches to authorities.

Meanwhile, in the U.S., the FTC Commissioner urged that the country enact a national data breach standard to protect user privacy, rather than varying state- and territory-focused laws. New laws will require U.S. firms to be on high alert with quicker breach response times.

Here’s what happened in these stories, as well as other relevant insider threat news this month.

Data Breach Reporting: Still Woefully Slow

Data privacy laws like GDPR and the upcoming California Consumer Privacy Act are designed to protect consumers against potential data loss or mishandling.  When organisations experience a cybersecurity breach, ideally, they’d quickly be able to identify and report it. In reality, breach response is anything but quick, resulting in data leakage and reputational damage for organisations.

Even though GDPR regulations require known breaches to be reported within 72 hours, data obtained by Redscan from the ICO shows that it took companies an average of 60 days to identify they’d become a victim of a breach, plus 21 days to report it to the ICO. On the upper end of the scale, it took one organisation 1,320 days to identify a data breach, while another took 142 days to report it to the ICO. More than 93 percent of organisations either did not specify or did not know the impact of the breach at the time it was reported.

While this data is startling, in the U.S., some government officials are starting to see the light when it comes to the need for federal privacy and breach disclosure laws. FTC Commissioner Noah Philips said to a group at the Brookings Institution that the U.S. should embrace one, national data privacy law to ease compliance, instead of various state-by-state laws.

Hot Take

Regardless of where you stand on the federal or state data privacy law debate, one thing is true: organisations need to get faster at identifying and reporting data breaches. Not only is swift action the right thing to do from a data privacy perspective, but it can help minimise the damage resulting from a breach.

When it comes to insider threats, many organisations don’t track both user and data activity, which means potential incidents may be falling through the cracks. Many organisations only track data movement, which gives a partial picture surrounding potential data exfiltration events. Since people are the ones moving the data, the crucial addition of user activity monitoring could help teams discover, investigate, and report insider breaches much faster.

With this added context into who did what, when, where, and even why, security teams can provide insight on the impact of potential breaches, so affected individuals aren’t left in the dark.

What Else is Happening

North Korean Hackers Targeting Global Critical Infrastructure
Source: CNN

North Korea has emerged as a major cybersecurity force in the last few years, and is honing in on global critical infrastructure. Research from security firm McAfee shows that North Korean hackers have targeted firms in the financial services, telecommunications, energy, and defense sectors around the world. Proofpoint predicted that the critical infrastructure sector would become increasingly threatened by data exfiltration attempts in 2019. Organisations should be aware that their insiders could be incentivised to become state-sponsored threats.

Verizon DBIR Focuses on Insider Threats
Source: Verizon

This year, Verizon has refocused its cyber investigations spotlight on the world of insider threats. According to the report, insider threat breaches are an often-taboo subject, and many organisations hesitate to report these types of incidents. However, as we saw from our top news this month, data breach reporting must happen faster around the world. Time to detection is an important stat for organisations to focus on when it comes to insider threats, according to ObserveIT’s head of security, Chris Bush. In case you missed it, here’s the rest of our take on the Verizon Insider Threat Report.

Dow Jones Leaks Global Watch List
Source: InfoSecurity Magazine

An authorised third party within Dow Jones leaked sensitive information from the Dow Jones Watchlist, a risk and compliance report that provides details about “politically exposed persons,” criminals, and people on government sanctions lists. More than 2.4 million records were found on a public Elasticsearch cluster. Trusted, third-party vendors and contractors can become unintentional insider threats if they make security mistakes or overlook policies. Incidents like these are reminders to double-check that contractors with access to sensitive data are complying with security policies.

What You Might Have Missed

Last month, we took a looked at a different spin on the Equifax breach, which focused on a potentially sweeping, state-sponsored threat. Check out our February Insider Threat Level if you haven’t had a chance.