Insider Threat Management

Insider Threat Level October 2019: Cybersecurity Awareness Month Edition

Share with your network!

TL;DR Version: This month’s Insider Threat Level explores how the principles of Cybersecurity Awareness Month can be applied within a business environment, where insiders bring both value and risk to the entire organization. In it, we explore three high-profile insider breaches, as well as ways in which incentives can be used to reduce risk. Let’s take a look. 

Welcome to Cybersecurity Awareness Month, where the theme is Own IT. Protect IT. Secure IT. This is NASCM’s 16th year reminding us that it is everyone’s responsibility to protect data and assets -- from individual consumers to the largest global brands. 

Insider Threat Mitigation: Sanctions and Incentives

(Source: GovInfoSecurity)

According to Michael Theis, chief counterintelligence expert at Carnegie Mellon’s CERT Insider Threat Center, the battle against Insider Threats requires a balance of sanctions and incentives. In fact, the group believes in this balance so much that it updated its Common Sense Guide to Mitigating Insider Threats to include incentives -- making this the sixth overall edition of the technical report. In a video interview at the Information Security Media Group’s Cybersecurity Summit, Theis discusses incentives and why they’re crucial in mitigating Insider Threats

The three types of positive incentives include how engaged employees are:

  • With the work they’re doing
  • With their coworkers (for example, do they feel a part of the team and do they feel they contribute to the team?)
  • With the organization (for example, do they feel the organization supports them and their efforts and has their back?)

The incentive found to have the most impact was the third -- how engaged an employee is with their organization. It’s important to ensure the employee feels like a part of the process, with managers actively seeking their input, then vocalizing that their work is seen and appreciated. Employing incentives often improves loyalty, so that when employees are hit by outside stressors they remain aligned with company values. 

'Trusted inside access': Sydney IT contractor arrested over Landmark White data breach

(Source: Sydney Morning Herald)

After 12 years of service, a trusted IT contractor of leading property valuation firm Landmark White (LMW) was arrested over high-profile security allegations. Sydney IT contractor Stephen Grant is accused of making the property valuations, personal details, and driver’s licenses of a combined 275,000 individuals “readily available on the dark web.”

While it is not believed Grant profited from the alleged cybersecurity attacks, the Insider Threat involving at least two data breaches of 170,000 datasets is estimated to have cost LMW at least $8 million. Not only was the series of breaches a devastating financial blow to the company, but also taints trust in other current and future contractors. 

LMW has since put out statements that the firm went through a significant IT transformation and are dedicated to staying ahead of the pack when it comes to cybersecurity. While this is a tremendous step in mitigating the aftermath, we certainly advocate for protecting databases and other sensitive IP before a breach. Ensure that both user and data activity monitoring is in place to provide the detailed visibility needed to detect, investigate, and prevent Insider Threat incidents in a timely fashion.

American Express Insider Breaches Cardholder Information

(Source: Dark Reading)

While most credit card company data breaches we see often come from outside threats, American Express’ latest incident reminds us that Insider Threats are just as likely. The company sent a notice to cardholders that an employee was able to access personal information, such as social security numbers, names, birthdates and more, with the intent to commit fraud. The incident is actively under investigation, and affected cardholders have been offered free credit monitoring as a resolution.

Former Yahoo engineer admits using his access to steal users’ personal data

(Source: Ars Technica)

Former Yahoo software engineer, Reyes Daniel Ruiz, recently pleaded guilty to using the access that position granted him to compromise around 6,000 user accounts, as he searched for a variety of private data. Through his Yahoo access, Ruiz was able to compromise victims’ accounts on services including iCloud, Facebook, Gmail, and Dropbox. These actions led to an indictment on one count of computer intrusion and one count of interception of a wire communication. According to that document, Ruiz accessed at least 18 email accounts which “thereby obtained personal information, including private photographs and videos, which defendant downloaded and kept for his own personal purposes.” This type of incident reminds us that organizations should be vigilant of privileged users, watching for indicators that they may become Insider Threats. 

Do you think that CERT’s newest best practice would have had any impact on the aforementioned cases? Let us know what you think on Twitter @ObserveIT