The United States Defense Innovation Board (DIB) has recommended that the Pentagon hire civilians to work from home who can handle classified information as a way of attracting people with technology expertise. DIB in its September 15 report proposes a “highly limited, temporary and specific use of waivers for a small percentage of the workforce to ensure two things: First, key innovation and technology initiatives are fully staffed, and second, that the most service members with the greatest potential are retained.” The individuals sought “will have technical degrees and/or highly specialized skills in digital technologies and innovation needed across the U.S. Department of Defense,” which is undergoing digital transformation.
American companies are in a bind. They are on the front lines of a fierce new geopolitical competition that threatens their businesses like nothing they have seen before. This competition is driven by the primary lesson of the Cold War, a lesson that China and other nations have learned well: Economic power is the key to national power. Those countries with a strong economic base across a wide swath of key industries will be well positioned to advance their national agendas. They not only will have significant financial resources to direct toward their goals but also will have a multitude of economic levers with which to influence other nations. Many authoritarian governments are doing everything they can, including using their spy services, to build successful businesses and grow their economies. Indeed, even some nonauthoritarian governments are taking this approach. The reason for this is simple: A large number of nation-states view privately owned companies within their jurisdictions as extensions of their governments. They support and protect the companies as if those entities were integrated parts of government. These nation-states are consciously building national champions to dominate industries to extend their national power—not just domestically but also worldwide.
The FBI and the National Counterintelligence and Security Center collectively released a dramatic short movie to raise awareness of how foreign entities like China target U.S. individuals with security clearances for espionage. According to an FBI press statement, the film, titled “The Nevernight Connection,” is a fictionalized narrative inspired by the case of former CIA officer Kevin Mallory. The movie focuses on the fictional character, Daniel Landry, a man with knowledge of classified Navy information, who was recruited by the Chinese government to give up that information. The full 26-minute film, titled “The Nevernight Connection,” was published on the FBI’s website and is available to watch below: “The FBI and the National Counterintelligence and Security Center seek to raise awareness of this issue and help individuals in the private sector, academic and research communities, and other U.S. government agencies guard against this threat,” the FBI said in a statement accompanying the movie’s release.
Respondents in the commercial sector say their current cybersecurity tool stack yields too many false positives and more data than can be reviewed in a timely fashion. Organizations in the UK and the US are struggling to improve their privileged access governance practices and reduce the likelihood of a security incident caused by insiders, according to a new report. Database administrators, network engineers, IT security practitioners and cloud custodians have more privileged access to sensitive data than they need for their jobs. The data point comes from a survey by The Ponemon Institute, commissioned by Forcepoint, of 900 IT pros in organizations across the US and UK (mostly government institutions).
Insider threat is not a new topic, as many technical and non-technical people talk about it every day. Sometimes people will link it up directly with solutions of user security awareness training and Data Loss Prevention (DLP) implementation. That is not an incorrect way to work, but is that all of the story? In early August, in an insider threat at the Tesla Gigafactory, a Russian man allegedly offered to pay $1 million to one of Tesla’s employees to deploy malware into the company network to ransom Tesla’s data for millions of dollars. This incident has a happy ending, in that the Tesla employee notified Tesla instead of accepting the bribe or doing nothing.
September is designated as National Insider Threat Awareness Month, a month-long holiday intended to educate on the importance of detecting, deterring and reporting insider threats. Unfortunately, to close out the month, Shopify publicly disclosed that it was the latest victim of a data breach. Unlike the recent Twitter breach, where hackers gained admin-level privileged access through a spear phishing attack, this particular instance was the result of the direct actions of two malicious internal employees. It’s believed that none of the stolen data was actually leveraged, and yet having to witness a reputable brand such as Shopify and its associated merchants suffer the fallout remains difficult. Events like this are just another reminder of why zero trust must become the new enterprise security standard and why CISO’s must move quickly to implement the practice.
Kyung Kim, Head of Cybersecurity for FTI Consulting’s APAC region, looks at the five steps companies should take when they discover an insider is responsible for a cyber breach. Every physical crime results in a physical crime scene. And within every physical crime scene, a trail of evidence exists that detectives must follow and preserve while it’s still fresh to begin identifying possible suspects and motives. The same level of urgency and speed — and even procedures — is required in the private sector when a cybersecurity incident caused by an insider occurs. Forensic investigators must quickly preserve evidence, conduct background checks, identify and interview potential suspects, and assess the damage while the trail is still hot. Sometimes evidence points to an insider whose motive may be financially or politically driven — or both. Other times, the incident may have been caused by an unwitting insider who happened to open a malicious email, launching a ransomware attack that disabled company servers. In either case, here are five steps organizations should take after they’ve discovered that an insider has turned their network and servers into a crime scene.
COVID-19 has created unprecedented and sometimes extremely challenging problems for government agencies and defense industrial base companies, especially when it comes to financial distress that their cleared populations may encounter. For this reason, factors that may correlate with insider threats from within federal, state and local government agencies appear to be on the rise. Insider threat situations can stem from personal and financial stressors, of course, but also employee negligence, mental health issues or substance abuse, and other concerning behaviors. Financial triggers are one way to determine potential financial stressors and can be leveraged to augment existing insider threat programs.