Insider Threat Management

The Insider Threat Level: DEF CON, Cryptocurrency, and Aviation Threats

Your people are your biggest asset, but also your biggest risk. Do you have the ability to detect, investigate, and prevent a costly insider threat incident, or know how to recognize one when it occurs?

The Insider Threat Level series is here to keep you up-to-speed on the numerous examples of insider threat incidents, trends, and best practices caught in the news, so you can be better prepared for anything coming your way.

If you missed the last Insider Threat Level, we covered: LabCorp data breach, the biggest threat to business, a Series B Round closure, and more.

This week, we’re taking a look at: the Seattle plane theft, DEFCON security access misuse, an alleged cryptocurrency robbery, and more. What are you waiting for? It’s time to find out…

What’s Happening:

(FEATURED) The Seattle Plane Theft Shows a Need for Insider Threat Awareness

Source: Proofpoint

Beyond the technological and cybersecurity aspects of the insider threat conversation, there’s a human story. Such is the case in the story of the Seattle plane theft. In this post, we cover the main elements of the incident, and how employee wellness checks and training can help prevent insider threat incidents like it in the future.

DEFCON Hotel Security Misuses “Access” to Guest Rooms

Source: Motherboard

DEFCON, the hacker-focused conference following hot on the tail of Black Hat in Las Vegas, is notorious for instances of cybersecurity tomfoolery and vulnerability checks on everything from taxis to elevators. But according to various eyewitness reports from attendees, exhibitors, speakers, and the DEFCON team itself, physical security problems were also on display this year.

In response to the Las Vegas strip shooting by Stephen Paddock in October of 2017, a series of hotels and casinos instituted new policies regarding repeat declines of room cleaning service. If any guest declines cleaning for more than a day, security will sweep a room by performing what Caesars Entertainment representatives call “a visual review of the bedroom, bathroom, and additional sitting area (if any) to ensure there are no issues which require further attention. Drawers, suitcases and other personal items are not inspected by our security officers who are clearly identifiable to guests.”

However, the security team at Caesars was caught on camera by a guest, who stated that the team was visibly recording, and taking photos of their room on personal, not corporate devices.

Hot Take:

Sounds like a privileged access misuse to us. If we were to translate this to a cybersecurity failing, it would be as if a system administrator logged into a guest’s personal computer remotely (while on their own personal systems) and illegitimately took screenshots with the intent to leak them outside of a controlled environment.

This type of digital insider threat incident can be averted with the right insider threat management tools (*cough,* Proofpoint, *cough*). In the physical world of security however? The closest thing we have right now are body cams.

Cryptocurrency Investor Robbed, Sues for $224 Million

Source: CNBC

California resident Michael Terpin is suing the telecom giant AT&T for having allegedly “willingfully cooperated with a hacker” and participating in “gross negligence, violation of its statutory duties, and failing to adhere to its commitments in its Privacy Policy” following the theft of over $24 million worth of cryptocurrency.

He also claims that AT&T had an “insider cooperating with the hacker” who was responsible for stealing the cryptocurrency, alleging that an AT&T store employee would have had to share access to his phone number and account to be targeted.

Hot Take:

If Terpin’s claims that an “insider cooperating with the hacker” are proven true, this will bring to light the practices of call centers and support teams at many organizations. Access management will likely need to be improved, and teams will need additional visibility into user activity, and be notified if suspicious activity is occurring in an effort to prevent data leaks and general data misuse.

Cybercrime Expected to Rise Over Next Five Years

Source: Information Security Buzz

According to new research by Juniper Research, as reported by Information Security Buzz, more than 33 billion records will be stolen by cyber criminals in 2023 through insider threat-based data exfiltration methods and external data breaches.

Hot Take:

This news should come as no surprise, but the number outlined by the report (an incident increase of 175%) should startle those who were on the fence about implementing new processes, technologies, and building out cybersecurity teams.

In other words, taking on a holistic approach to insider threats and cybersecurity!

142 Healthcare Data Breaches in Q2 2018

Source: HealthIT Security

New data released by the Protenus Breach Barometer suggests that over 3.15 million patient records were compromised in the second quarter of 2018 alone. 30% percent of the 142 reported data breaches involved came from repeat offenders.

The report, as covered by HealthIT Security, also claims that “if an individual healthcare employee breaches patient privacy once, there is a greater than 30 percent chance that he or she will do it again in three months’ time, and a greater than 66 percent chance he or she will do so again within one year.”

Hot Take:

Protecting critical data isn’t easy, but this is a unusually high level of failure given the fact that there are insider threat management options out there to help detect and eliminate potential incidents like the ones that took place, and in a more timely manner. (The report also stated that it took a healthcare organization an average of 204 days to detect a breach.) This is unacceptable on many different fronts, but especially from a HIPAA compliance standpoint.

How do you feel about the Insider Threat Level?

Did you find this insider threat news recap particularly interesting? Want to see additional coverage? Let us know by tweeting @Proofpoint.

Subscribe to the Proofpoint Blog