Woven through a Department of Justice indictment against former defense contractor and spy-for-China Ron Rockwell Hansen was the nugget that his dossier for Chinese officials included print-outs of colleagues’ LinkedIn pages. Hansen used his U.S. government and intelligence community background to build his roster of LinkedIn connections. The indictment doesn’t make clear how he used those connections in his relationship with Chinese intelligence, but it is clear LinkedIn played a part of his strategy of capitalizing on his personal network – and builds upon the robust use of LinkedIn already in action by Chinese intelligence. It calls out a strategy that becomes even more dangerous with knowing actors like Hansen. You receive a connection request from a ‘recruiter’ in the national security space. Maybe they work for a major fortune 500 defense contractor, or list prior military experience in their profile. Most users look at the ‘shared connections’ before they accept. We already know that’s not a solid strategy in a world where many people boast to accepting every LinkedIn request they receive. But even in the more cautious defense and intelligence community, the Hansen case displays how even a contact you know may be leveraging LinkedIn for nefarious purposes.
Cybersecurity threats just kept growing in 2019, according to a new report by The Crypsis Group, an incident management and digital forensics company. The report also found that so-called “insider threats” were on the rise, with its investigations of such threats rising about 70% from 2018. On Thursday, the company released its 2020 Incident Response and Data Breach Report, which found that cyber criminals have “significantly escalated tactical approaches” and become more targeted in their actions. Ransomware attacks and business email compromise (BEC) were the two most impactful cyber threats in 2019, in terms of both business disruption and monetary loss. Ransomware demands spiked 200% last year, and BEC fraud losses averaged $264,117 per incident.
Since the very beginnings of the novel coronavirus (COVID-19) pandemic, businesses of all sizes have struggled to adjust to the new occupational normal. IT teams have not been immune to the disruption. Neither have information security teams for that matter. While employment in the IT sector remains much more resilient than other segments of the economy, employment in the IT sector still declined by about 1% last month, even as businesses compete for technical talent and continue digital transformations. According to an analysis by industry trade group CompTIA, the technology sector’s job losses for April totaled 111,900 positions. “And though the month’s job losses were the highest in the tech industry’s history, the total was well below the numbers of layoffs recorded in other industries, including restaurants, retail, healthcare, government, construction, hotels, education, and automotive,” the group wrote in their statement.
Remote work is opening up new insider threats – whether it’s negligence or malicious employees – and companies are scrambling to stay on top of these unprecedented risks. Employees working from home face a new world of workplace challenges. With childcare facilities mostly closed, many are juggling crying babies or barking dogs, all while tending to job responsibilities. Under those conditions mistakes happen, like sending an email – with critical internal company data – to the wrong address. This is just one of many insider threat risks that security experts worry will become a regular occurrence. That’s because remote employees have been thrust into new working environments, with no face-to-face supervision and little to no training for handling new security risks. And, they are also facing more distractions from their home settings, as well as new emotional stresses tied to COVID-19.
The Homeland Security Department will begin tracking all personnel—federal employees and contractors, with or without a security clearance—in the hunt for insider threats. Almost since the department’s inception, Homeland Security has been focused on identifying and preventing agency employees with security clearances from becoming insider threats by leaking information, intentionally or otherwise. Now, the department’s Insider Threat Program is expanding to include anyone—past or present—who has had any kind of access to agency information. “Subsequent to standing up the DHS ITP, the threats the department faces extend beyond threats of unauthorized disclosure of classified information by DHS-cleared employees,” according to an updated privacy impact assessment released publicly Friday. “Threats faced include those posed by insiders with and without security clearances engaging in activities that have no nexus to unauthorized disclosure of classified information.”
Nearly 70% of companies say they worry about malicious employees, a WSJ survey found. Those looking to steal organizations’ data may be proxies of a hostile foreign government, career cybercriminals or enraged activists. But they’re just as likely to be members of an organization’s own staff. Companies are aware of the risk from insiders, but unlike in other areas of cybercrime, they’re struggling for solutions. Despite technological advances, it remains hard to spot an employee who is likely to steal or leak data.
Here are the minimum requirements for all companies to be safe in the new normal. The coronavirus shutdowns made all companies realize how dependent they are upon the internet and information technology systems. For many, technology saved them, enabling them to operate during stay-at-home mandates across the country. As companies begin to reopen and ramp back up, however, they are going to realize that fewer workers are going to be willing to make urban commutes into offices. Employees are going to try to hang on to the work/life balance that they were able to establish while working from home, and their superiors are going to realize that productivity didn’t suffer; in fact, in many cases it increased. This will cause many companies to question whether they need all of the office square footage they have been paying for. The new normal for business operations is going to involve a lot more work from home and remote working sites that reduce urban commutes.
Data destruction is a topic that has been poorly covered until recently. Regardless of which cloud service provider you use, this review of the top three CSPs’ data destruction documentation should improve your due diligence. Market research from Cybersecurity Insiders indicates that 93% of organizations have concerns about the security of the public cloud. This healthy distrust likely stems from a lack of information. Cloud service providers know their customers; they understand these concerns and have developed a plethora of documentation and sales collateral to earn our trust. One very welcome documentation improvement by the leading cloud providers is the amount of transparency pertaining to data destruction. Here is a review of this documentation so you can form a more complete picture of what exactly happens when we tell our cloud service provider to delete our data.
While government agencies and private sector companies continue to toughen their computer networks against the risk of a cyber attack, the biggest threat may be an employee who walks through the front door. Edward Joseph Snowden, the American “whistleblower” who copied and leaked highly classified information from the NSA in 2013 when he was a CIA employee and subcontractor, remains a prime example that the weakest link is often an employee.
Six former employees were recently named in federal charges that were an indication of the lengths some companies will go to hit back at detractors. Last summer, members of eBay’s private security team sent live roaches and a bloody pig mask to the home of a suburban Boston couple who published a niche e-commerce newsletter. The harassment campaign, which also included physical surveillance, sending pornographic videos to the couple’s neighbors, posting ads inviting sexual partners to the couple’s home and an attempt to attach a tracking device to their car, was detailed earlier this month in a federal indictment against six former eBay employees. The lurid, 51-page indictment, describing how the employees of a multibillion-dollar company were loosed in what authorities described as an unhinged and illegal effort to intimidate critics, drew national attention to the stunning lengths some tech companies will go when responding to their critics.
When fraud is discovered, it’s usually by surprise. That’s because most of us aren’t used to looking for criminal behaviour inside our own organisation. We trust our employees and co-workers, and we keep our focus on succeeding as a team and accomplishing our goals for the business. Nobody wants to think that someone might be subverting the rules for their own personal gain. Unfortunately, though, fraud does happen. The statistics tell us that on average, organisations lose about 5 percent of their total revenues to fraud. If that’s not bad enough, the average fraud lasts 18 months before being discovered – if it is discovered at all.