A threat hunter works to defend estates and networks by understanding how they might be attacked. By thinking and behaving like an attacker, hunters actively engage in defense by understanding potential offensive attack paths. Once potential avenues of attack are discovered, defenders can mitigate them.
There is no better method of detection than a threat hunting team. When you hear about cyber-criminals lingering in a network for months and years, that’s probably because they didn’t have a team of hunters. A good threat-hunting team can detect breaches in hours or even minutes.
Intellectual property protection is a critical pillar for establishing and maintaining competitive advantages. At the same time, it is important to strategically allocate resources to building a patent portfolio. This can be especially true for emerging companies, where spending on IP involves real tradeoffs with other business goals, and basic rules of thumb that larger companies can rely on to rest assured that they are making good decisions on IP spend, such as 1 patent per $1 million in R&D spending, are not useful. From a cost-benefit perspective, protecting a single invention worldwide can easily reach into the six figures, and so each patent needs to provide real, commensurate value by (1) deterring competitors from practicing the invention and (2) being enforceable through litigation in a cost-effective manner.
In the United States, the scale of trade secret theft is estimated to be between $180 billion and $450 billion annually. Among the targets of this theft are pharmaceutical companies, which are some of the most research-intensive institutions in the world. Pharmaceutical research generally requires extensive work and often generates proprietary data that is pivotal to shaping pharmaceutical development. Because that data may be very attractive to threat actors, pharmaceutical companies employ various measures to protect their proprietary information, these measures may sometimes fall short. A November 2021 trade secret misappropriation suit brought by Venn Therapeutics (“Venn”) against Corbus Pharmaceuticals (“Corbus”) in the District Court for the Middle District of Florida highlights the issues that can arise despite a company’s best efforts to protect its trade secrets.
Federal agencies continue to evolve their IT infrastructure to include more cloud capabilities, mobile devices and remote connections. But in the push toward improving the hybrid IT environment, organizations may be falling behind in their ability to mitigate security risks from inside their networks, especially to understand how employees and contractors access data.
What agencies need is a way to see their security blind spots and see specific indicators of compromise that would help them distinguish malicious and non-malicious insider threats.
First, it’s important to define what we mean by an insider. An insider is someone that works within an organization as an employee, contractor or vendor. This person is typically trusted to carry out their daily duties and may have access to sensitive information or systems due to the privileges that they have been assigned. Keep in mind an insider could be anyone that works in the organization. This ranges from your office’s janitor or cleaning staff up to the CEO. Defining the threat an insider may pose relates to how they may use their access or information to create a type of attack. It is also important to understand that not all insider threats are malicious. Some insider attacks are unintentional, meaning mistakes or carelessness can be a threat. For example, if a sysadmin sends out a security update to the entire organization that causes everyone’s PCs to crash.
Ransomware remains one of the biggest threats facing organizations worldwide. You’ve only got to read the constant news headlines to figure this out. Despite being a fixture on the threat landscape for decades, tenacious cyber-criminals continue to find new ways to put it to devastating use.
Changing tactics is a crucial factor behind ransomware’s resurgence, with today’s attacks far more sophisticated than traditional iterations. Rather than the blanket approach often used in the past, modern cyber-criminals spend more time researching targets and tailoring their approach for greater chances of success.