Skip Navigation

ITMG Insider Threat News – August 10, 2020

Twitter VIP Account Hack Highlights the Danger of Insider Threats

Most companies are putting a lot of effort into making sure their network perimeters are secure against remote attacks, but they don’t pay the same level of attention to threats that might originate inside their own organizations. The attack earlier this week that resulted in the hijacking of Twitter accounts belonging to high-profile individuals and brands is the perfect example of the impact a malicious or duped insider and poor privileged access monitoring could have on businesses. What happened in the Twitter hack? On Wednesday, the Twitter accounts of business leaders, artists, politicians and popular brands posted messages that instructed users to send bitcoins to an address as part of a cryptocurrency scam. Impacted accounts included those of Elon Musk, Bill Gates, Jeff Bezos, Barack Obama, Joe Biden, Kanye West, Kim Kardashian, Mike Bloomberg, Uber, Apple and even Twitter’s own official support account.

Media and Entertainment Journal: 5 Must-Haves For Microsoft Teams Adoption and Data Security

Microsoft Teams adoption recently hit a new high with 44 million daily active users, spiking a whopping 37 percent in just one week due to the surge of employees working from home. Now more than ever, Microsoft Teams is facilitating group communication and productivity as employees across the globe transition to work from home in the face of a global crisis. However, even in the best of times Teams can present governance and security challenges for organizations — especially for those who are fast-tracking deployment to support remote work.

COVID Crisis Amid Election Season: 3 Threats to Consider Before Making a Very Important Decision

The 2020 primary season was unprecedented to say the least. Amid COVID-19 wreaking havoc on the country, states varied in their decisions as to whether or not to send their constituents to vote at the polls. Drastic action was taken at the last minute in some areas, while other areas saw the consequences of their indecision later. Now, as we look toward the general election, it’s essential that states make a decision early considering three types of threats. The best course of action in this pandemic is a combination of mail-in voting with some in-person voting. . . . The second is insider threats. These threats come from people who are part of the voting process. This could include a poll worker who makes an honest mistake by accidently discarding or incorrectly counting the number of ballots, a voter who disrupts the process by using a cell phone, and mail-in ballots being accidently discarded. The riskiest insider threats include forged signatures and attacks at mailboxes to steal or compromise ballots. Insider threats have been generally ignored or downplayed by the academic and policy communities, but they are one of the biggest concerns, because people cannot be controlled.

Combating Security Risks: Various Defenses Needed to Ensure Risks, Mitigations are Under Control

Cloud security is an increasing concern as more organizations transition to use public cloud providers in either a hybrid or cloud-native model. The initial step in any information technology security process where new technology is being implemented is to understand the risks that an organization is incurring. Consider this information as you explore some of the types of risks associated with the inclusion of a cloud provider service (CPS) as part of a company’s infrastructure. The following areas are considered among the highest associated with cloud computing (Cloud Security Alliance, 2020): Data breaches; Misconfiguration; Lack of cloud security architecture; Insufficient identity and access management; and Insider threat.

Preventing Insider Data Theft

Insider data theft occurs when a team member or associate of an organization has access to critical IT systems and data and uses their access to steal that information. Studies have shown that up to 35 percent of all data breaches are caused intentionally by an insider. You can defend your business against insider threats by following the suggestions listed below. Establish a clear Data Protection Policy. It is extremely important that your entire workforce has read and understands your data protection policies. If you have not established any yet, this should be your first course of action. Data protection policies should both explain the importance of the policy and clearly outline company expectations for employees. It is essential that every employee both reviews the policies and also sign a document that acknowledges they reviewed and understood the data protection policies.

Quick Hits: Preventing Insider Threats in Your Business

According to the 2020 Cost of Insider Threats Global Report, the cost of an insider threat in 2020 totals around $11.45 million on average. What can your enterprise do to begin preventing insider threats? First, your enterprise needs to embrace strong security awareness training. Employees create workarounds and make cybersecurity mistakes in part because of ignorance and in part due to feeling rushed; the culture emphasizes speed rather than security. Engaging in security awareness training (making it a regular occurrence, rewarding actions that value security, etc.) shifts the culture to cybersecurity.  Ultimately, education can protect your bottom line.

How Financial Triggers Can Help Spot Insider Threats

Many high-profile and very public incidents have demonstrated that public-sector agencies are vulnerable to espionage, sabotage, intellectual property theft, workplace violence and fraud. The unfortunate reality is that these activities often come from the inside. Because some federal employees and contractors pose a persistent yet unseen security risk, predicting insider threats before an incident occurs is key to limiting the damage. While a clear majority of insider threats stem from unintentional negligence, malicious insider threats are the costliest. Data shows that malicious internal threats cost 40% more than employee negligence.

6 Best Practices for Insider Threat Protection and Prevention During COVID-19

Insider threats are one of the top ten threats faced by organizations today. Before we dwell further into this, let’s understand what “Insider” threat is. An insider threat is caused by a current employee, former employee, business associate or any other person within an organization who has or had authorized access to an organisation’s network, system, or data and therefore could harm the business. General perception is that insider threat comes from rogue employees with malicious intent, however most organizations fail to realize that not all insider threats are intentional. Some of the employees could be posing an insider threat due to their ignorance or negligence.

DCSA Aims to Raise Awareness of Insider Threat

The Defense Counterintelligence and Security Agency (DCSA) – the organization which oversees nearly all of the Federal government’s security clearances – is scheduled to host a virtual security conference to kick off the second annual National Insider Threat Awareness Month in early September. The Insider Threat Virtual Conference, scheduled to take place on September 3, will feature speakers from across government and industry detailing the efforts to address insider threats. “Insider threat programs help the workforce identify, understand, and report concerning behaviors early, enabling proactive intervention and assistance before those behaviors become a risk,” said DCSA Director William Lietzau, in a letter. “Insider threat awareness is not about curtailing protected free speech or suppressing legitimate whistleblowing; it is about preventing the exploitation of authorized access to cause harm to an organization, its resources or its people.”

Loving the Algorithm: User Risk Management and Good Security Hygiene

User risk management watches where people can’t. If you polled a random sampling of employees at various organizations, most would probably consider themselves security-minded. They would argue that they are not actively sending sensitive data to malicious recipients, clicking strange links or downloading attachments from unknown senders. This mindset is a good attribute, and should not be downplayed. However, those same employees may be putting companies at risk by accessing company data on a personal device running an outdated version of an operating system while connected to the public Wi-Fi. They may also have installed risky applications, repeatedly attempted to visit blocked sites on the corporate browser or attempted to log in from multiple unexpected locations.

Russia Sends Former Marine to Prison Established ‘As Part of The Gulag Under Stalin’

Russian authorities have sent imprisoned Michigan native Paul Whelan to “a strict regimen camp” established “as part of the gulag under Stalin,” according to the former Marine’s twin brother. “He’s really into the unknown,” David Whelan told the Washington Examiner. Whelan has been sentenced to 16 years of imprisonment on charges of espionage based on allegations that his family says were trumped up by Russian security services with the assistance of a supposed friend who owed him money. His family believes that Russian President Vladimir Putin’s government wants to swap Paul Whelan in a prospective deal involving high-profile Russian criminals in American prisons, but U.S. officials have dismissed the idea of a trade. “We seem to be at sort of an impasse where if there are discussions going on, it’s not clear they’re going on,” David Whelan said. “And in fact, Paul being sent out to the labor camp suggests that there aren’t any activities going on between the two countries.”

This entry was posted on Monday, August 10th, 2020 at 11:16 am. Both comments and pings are currently closed.