The risks from insiders can be classified in three ways. Basic insider risk, of course, covers 100% of users, any of whom could fall for a phishing attack, accidentally expose data or otherwise be compromised. Insider threats are the 1% of users with bad intent, who would actively steal data or cause harm. The Super Malicious threat comprises a subset of malicious insiders with superior technical skills and in-depth knowledge of common insider threat detection techniques.
From understanding Trusted Workforce 2.0 to cybersecurity threats to changing government initiatives, security officers cover a lot areas on any given day. And as insider threat continues to grow, it’s important for organizations to continually find tangible responses to combat the threat. A few themes bubbled to the surface this past week from security experts in the industry.
The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) published “Insider Threats in Healthcare.” The threat brief did not describe a specific security risk, cyberattack or health care system.
Rather, HC3 offered guidance on insider threats, people or contractors with access to assets or information about security practices, data and computer systems.
Derek Brink, VP and research analyst at Aberdeen Strategy & Research, says that “Insider” refers to a known user with authorized access to enterprise systems, applications, and data. The user becomes an “Insider Threat” when they compromise valuable company data, whether with malicious intent or not. This logic implies that individuals, whether they are employees or not, fit into the category of insiders if they enjoy authorized access to business systems or data. For businesses, it is crucial to assess who has access to what resource, for what purpose, and for how long. A failure to ensure visibility into how, when and why systems and data are accessed exposes organizations to serious cybersecurity risks.
Intellectual Property: Understand It to Protect What You Own, Drive Value to Your Business and Positively Impact Your Bottom Line
Intellectual Property (or “IP”) is commonly defined as a group of legal rights that provide protection over things people and businesses create or invent. It might sound straightforward, but there is a lot of confusion over what can actually be protected and what cannot.
Fourth Circuit Rules on Data Privacy and Trade Secret Claims Brought in Context of Former Employee/Employer Dispute
While “data privacy litigation” may immediately conjure up ideas of data breaches or biometrics, data privacy also extends to sensitive or corporate information—and a recent ruling out of the Fourth Circuit handed down a significant precedent with respect to trade secrets. Earlier this month, the Fourth Circuit ruled on an employer’s (second) appeal of the district court’s judgment in favor of an employee in a dispute arising under the Maryland Uniform Trade Secrets Act, Airfacts, Inc. v. Amezaga, No. 20-2344, 2022 U.S. App. LEXIS 9304 (4th Cir. Apr. 6, 2022). The court affirmed in part, reversed in part, vacated in part, and remanded once again to the district court.