Skip Navigation

ITMG Insider Threat News – November 3, 2021

How Disinformation Creates Insider Threats

As we enter quarter four of 2021, the idea of disinformation as a cyber threat probably hasn’t percolated to the forefront of concerns of many CISOs. Indeed, a Venn diagram would show no overlap of “disinformation” with the words “CISO” or “cyber threat,” especially in the United States. Yet there is a significant overlap here, and CISOs will be well served to get ahead of the curve.

A few companies have identified disinformation as a threat. Recorded Future CSO Gavin Reid notes how some activist CEOs are taking steps to address the politicization of disinformation, as companies look to third parties to better understand how to counter the arrival of disinformation pointed at their entity or influencing employee actions.

Misconfigured Database Leaks 880 Million Medical Records

Researchers have found an unsecured database leaking over 886 million patient records online, although it’s now confirmed that this was dummy data.

The exposed data included the date, document type, physician note, encounter IDs, patient ID, note, UUID, patient type, note ID, date of service, note type and detailed note text.

The notes and physician information were stored in plain text. Patient IDs were encrypted, but it’s unclear how strongly.

Almost All US Organizations Experienced a Cyber Event in the Past Year

Almost all (98%) US-based organizations experienced at least one cyber event in the past year, according to Deloitte’s 2021 Future of Cyber Survey. This compares to 86% of non-US organizations.

The study, which surveyed 577 C-suite executives worldwide on their organization’s cybersecurity programs, also found that a huge proportion (86%) of US companies faced increased cyber-threats due to COVID-19. Interestingly, a significantly lower proportion (63%) of non-US executives reported experiencing an increased rate of attacks during the pandemic.

Ransomware Soars 148% to Record-Breaking Levels in 2021

The volume of ransomware attacks over the first three quarters of 2021 reached 470 million, a 148% increase on the same period last year, making 2021 already the worst year on record, according to SonicWall.

The security vendor scrutinized attempts to compromise its global customers over the period and found that each company recorded 1,748 ransomware attacks in the year-to-date (YTD). That’s reportedly nearly 10 per business day.

Study Coordinator Falsified Clinical Trial Data

Duniel Tejeda, formerly of Miami, Florida, acted outside the law while employed as both a project manager and a study coordinator for clinical drug trials at Tellus Clinical Research, a medical clinic based in Miami.

As part of his plea agreement, Tejeda admitted that he entered into an arrangement with co-conspirators to deliberately distort data in medical records. The records that were manipulated by Tejeda were connected with clinical trials intended to evaluate a range of different medical conditions, including opioid dependency, irritable bowel syndrome and diabetic nephropathy.

Overcoming the Pitfalls of Poor Corporate Intelligence: What Security Teams Need to Get Ahead

Today, the array of threats posed to disrupt businesses only intensifies, while the systems and methods organizations use to assess the potential for trouble often fail to keep pace. The result is incomplete intelligence gathering, lack of visibility into the exact nature of threats, and increased risk exposure.

The current list of threats ranges from continuously evolving cyberattacks and business espionage to geopolitical instability and terrorism. Natural disasters, extreme weather, and the ongoing novel coronavirus pandemic compound the matter. Threat actors, for example, have launched ransomware attacks against hospitals, knowing their vulnerability amid expanding patient caseloads due to COVID-19. Against this backdrop, corporate security personnel must safeguard senior executives, employees, intellectual property (IP), supply chains, and brand status to name a few corporate assets.

This entry was posted on Wednesday, November 3rd, 2021 at 6:11 pm. Both comments and pings are currently closed.