Much of the reporting on nation-state threat activity is focused on the latest cyber intrusion, such as the SolarWinds intrusion or the intrusion of numerous coronavirus vaccine developers. These intrusions are often breathlessly portrayed as brazen and sophisticated attacks on well-defended companies—or government agencies, as the case may be. The stories, unfortunately, underrepresent the full scope of what is transpiring. Inter-state competition is bleeding into every aspect of the economy, and the gravity of the threat U.S. businesses face from nation-states and their proxies cannot be overstated. As we have written, today’s most important geopolitical battlespace is the private sector. While there are countless economic sectors within which competition is taking place, it is most savage in those on which modern developed economies most depend—such as advanced technology, cyberspace, health care, insurance and finance, to name just a few. Attackers target groundbreaking technology, but also essential personnel, innovative business practices, unique data sets, and plans and strategies. Mastery of these building blocks allows nation-state competitors to grow successful companies in a wide variety of areas.
In fairness, there are probably no really good answers to the question: How did your company leave your IT infrastructure so unprotected that it was used to deliver malware to several branches of the federal government as well as a series of high-profile private sector targets? But maybe blaming an intern was not the best approach. On Friday, former SolarWinds CEO Kevin Thompson testified about the massive espionage campaign that originated at his former company at a congressional hearing held jointly by the House Oversight and Homeland Security Committees. Members of Congress honed in on the fact that the company had used the password “solarwinds123” to log in to a file transfer server, though it was not clear at the hearing whether that password was used in the intrusion that subsequently infected many government departments and private companies with malware via a malicious SolarWinds update.*
While the number of insider threats are on the rise, a dedicated team of properly-equipped security professionals can tackle the task, provided they have the support of management and staff throughout the company. That is the message from a pair of professionals in the space. I recently spoke with Marc Crudgington, the chief information security officer (CISO) and SVP of Information Security at Woodforest Bank, and Steve Moore, the chief security strategist at Exabeam, a company which adds intelligence to security tools. There are many challenges to providing a proactive security program in today’s environment, they explained. Leadership is one, Mr. Crudgington noted. Security leadership needs to begin at the top, at the executive and board level where security issues are regularly discussed and a proactive plan is struck and adhered to. CISOs need to be good communicators so they can build a proper business case for the type of security plan they have developed; they cannot count for it to stand on its own.
Over this week I have been blogging about fraud issues in 2021 and beyond with Joanne Taylor, a Managing Director at K2 Integrity and Ray Dookhie, a Managing Director in K2 Integrity’s Investigations and Risk Advisory practice. We considered some of the top fraud trends you might expect to see in 2021, what the regulatory landscape may well look like in 2021 and how best to detect and prevent fraud. Today, I want consider how to remediate if fraud is discovered. We are seeing a renewed focus by the regulators on compliance program effectiveness. One of the key elements of program effectiveness is how well an organization identifies, investigates and remediates potential compliance issues.
In the world of cybersecurity, much has been said about the zero-trust paradigm over the years, and with good reason. The basic tenets of the early days of information security have been overshadowed by events and technical evolution. On Feb. 26, the U.S. National Security Agency (NSA), supported by CISA and the US-CERT, issued guidance in the document, “Embracing a Zero Trust Security Model” (pdf 7-pages). Many consider the guidance to be late to the infosec party; early adopters have been building applications and constructing their infrastructure to align with the paradigm for years. Others will see this guidance as both new and complex.
The Cost of Insider Threats Report by IBM indicates that the overall damage by negligent or malicious employees totals $11,45-million. Whereas intentional insider criminals cause only 14% of the accidents, their damage adds up to $4,08-million – almost a third of the whole sum. An insider threat is a vulnerability coming from within the organization, as opposed to attacks performed outside the security perimeter. It is usually associated with careless or malevolent employees, yet the culpable actor can be a former worker, business partner, contractor, or board member. The main condition is legitimate access to corporate networks and sensitive data that is put to bad use. Given the nature of this attack vector, the breach is hard to identify and contain, as the responsibility is distributed between HR, Legal, IT, and other departments–after all, not the criminals, but the members of the community are concerned.
It’s already early March and the year is in full swing. Covid is still raging and we have been seeing some crazy weather patterns, especially in the south of the United States. While snowed in here in Texas, I took some time to reflect on what’s driving cyber security spend and customer focus this year. Overall, we can summarize the 2021 trends under the term of the “Unbound Enterprise“. You will see why when you look at the list of business drivers below. If you run a security business, you might want to see how your company caters to these trends and if you are in a role of protecting a company, ask yourself whether you are prepared for these scenarios.
A China-linked cyber-espionage group has been remotely plundering email inboxes using freshly discovered flaws in Microsoft mail server software, the company and outside researchers said on Tuesday — an example of how commonly used programs can be exploited to cast a wide net online. In a blog post, Microsoft said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software and was the work of a group it dubs HAFNIUM, which it described as a state-sponsored entity operating out of China.