Skip Navigation

ITMG Insider Threat News – December 14, 2020

FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State

The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world. For years, the cybersecurity firm FireEye has been the first call for government agencies and companies around the world who have been hacked by the most sophisticated attackers, or fear they might be. Now it looks like the hackers — in this case, evidence points to Russia’s intelligence agencies — may be exacting their revenge. FireEye revealed on Tuesday that its own systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.

Cloud Migration Security Woes

As I hear of organizations dealing with security when migrating to the cloud, I occasionally observe cases of “extreme lift and shift.” I use this label to describe a case when an organization wants to keep every single security technology that they use on-premise after they move to the public cloud. The list can be very long and tedious; it may include such staples as firewalls, anti-malware, SIEM, EDR, NIDS, and even network forensics and NDR. Let’s ponder this situation without judgement. Two things come to mind first: Focusing on controls vs control intent. Adapting to threat model changes. First, why are existing controls being replicated verbatim if there are cloud-style controls available from your cloud provider or from a cloud-focused third party vendor? Won’t you be better off if you “deduce” (or: find the documentation for) the intent of the existing controls and then deploy cloud controls that serve the same intent? “Better” here may mean both more effective, less expensive (!) and likely more secure. For example, you may have used a security configuration scanner on-premise, but now you can use the tools your cloud provider has for the same purpose?

3 reasons why CISOs should collaborate more with CFOs

C-suite may not always understand ROI of security efforts, which is why Nabil Hannan suggests that CISOs work more closely with CFOs to learn how to best communicate security’s value. At the end of the day, cybersecurity is a financial issue. Breaches can result in significant financial loss and reputational damage. Consider these statistics: The global average cost of a data breach is $3.86 million, according to the “Cost of a Data Breach Report 2020,” with the U.S. having the highest average at $8.64 million. Another report found that insider threats are the most expensive category of attack to resolve, costing an average of $243,101. And this number is increasing. Lastly, in just the first six months of 2020, 3.2 million records were exposed in the 10 biggest breaches — eight of the breaches occurred at medical or healthcare organizations. Healthcare was deemed the costliest industry by the “Cost of a Data Breach Report” with the average cost of a breach reaching $7.13 million.

Employees are 85% more likely today to leak files than they were pre-COVID

Code42 released its latest Data Exposure Report on Insider Risk. The study, conducted by Ponemon Institute, found that both business and security leaders are allowing massive Insider Risk problems to fester in the aftermath of the significant shift to remote work in the past year. During that same time, three-quarters (76%) of IT security leaders said that their organizations have experienced one or more data breaches involving the loss of sensitive files and 59% said insider threat will increase in the next two years primarily due to users having access to files they shouldn’t, employees’ preference to work the way they want regardless of security protocols and the continuation of remote work. Despite these forces, more than half (54%) still don’t have a plan to respond to Insider Risks. “Insider Risk affects every organization. It is a byproduct of employees getting their work done everyday – how they create, access and share files in today’s collaboration culture. However, security teams are at a disadvantage: there is a lack of understanding of Insider Risk, which is leading to complacency, failing technologies and inadequate processes. The severity of the Insider Risk problem is being consistently overlooked, evidenced by the sharp rise in risky behavior this year,” said Joe Payne, Code42’s president and CEO. “Our findings show that organizations are not even measuring the efficacy of their Insider Risk mitigation programs. Inattention to Insider Risk Management, as demonstrated in this report, will threaten the future of the digital enterprise.”

Cyber risks related to insider threats bigger than external threat actors

Findings from the 2020 Netwrix Cyber Threats Report reveal cybersecurity risks related to insiders are now more common than external threat actors.  Since organizations went remote, four of the top six types of cybersecurity incidents they experienced were caused by internal users: Accidental mistakes by admins (suffered by 27% of respondents), Accidental improper sharing of data by employees (26%), Misconfiguration of cloud services (16%),  Data theft by employees (14%). In addition, 79% of security leaders worry that users are now more likely to ignore IT policies and thus pose a greater threat to security. Moreover, incidents related to inside actors were among the hardest for organizations to detect. For example, a significant portion of respondents needed weeks or months to detect data theft by employees (26%), improper employee data sharing (18%) and admin mistakes (12%).

Top global security threats organizations will face in 2021

The Information Security Forum (ISF), trusted source for strategic and practical guidance on information security and risk management, has announced the organization’s outlook for the top global security threats that businesses will face in 2021. Key threats for the coming year include: Cybercrime: Malware, ID Theft, Ransomware and Network Attacks, Insider Threats are Real, The Digital Generation Becomes the Scammer’s Dream, Edge Computing Pushes Security to the Brink, Rushed Digital Transformations Destroy Trust.

Why Companies Need to Understand and Create a Protocol for Insider Threats

Over the last two years, the number of insider incidents has increased by 47%. Employees are perhaps the biggest security risks of any company. Deliberately or inadvertently, they can cause a serious breach to company data. Insider threats are worse to combat because here, the company is dealing with a purportedly authorized access to its data which somehow turns out to be compromising. Any organization that loses the endpoints battle has lost the cybersecurity war. Hence, protecting endpoints by eliminating insider threats must be a priority for every company. Insider attacks, when they are clearly not intentional, are often due to poor cybersecurity practices or a lack of general cybersecurity hygiene.

How can companies secure a hybrid workforce in 2021?

This has been a uniquely transformative year. Prompted by a global pandemic, we’ve been forced to change many things about how we live, work, and relate. For most businesses, this means a rapid and comprehensive shift toward remote work. While more than half of all employees participated in a rapid transition to remote work, it’s clear that this is more than just a temporary change. According to a June survey by PwC, 83% of employees want to work from home at least once a week and 55% want to continue working remotely even after the pandemic subsides. As companies look to cut costs, reduce turnover, and maximize growth potential, telework will play a central role in both the present and future of work. While remote work comes with many benefits, it also presents several unique cybersecurity challenges. By now, the costs and consequences of a data breach or cybersecurity event are well-documented, and they threaten to undermine the benefits of this new work arrangement.

This entry was posted on Monday, December 14th, 2020 at 3:37 pm. Both comments and pings are currently closed.