Skip Navigation

ITMG Insider Threat News – September 7, 2020


September is National Insider Threat Awareness Month

The National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task Force (NITTF) have declared September 2020 as Insider Threat Month. Given the plethora of cases involving insiders of late, the timing is impeccable. For those responsible for handling insider threat programs within their entity, they may wish to point their constituents to the events being hosted this month by the NCSC, NITTF, DoD Undersecretary for Intelligence and Security, Defense Counterintelligence and Security Agency (DCSA), the FBI, and Department of Homeland Security (DHS).

What is Data Exfiltration and How Do You Protect Your Organization from It?

Insider risk management is concerned with the protection of organization data and IP through the use of specialized techniques, best practices, software, hardware, and other methods. One of the most persistent threats facing programs today is the threat of data exfiltration. In fact, according to recent studies, as many as 61 percent of cybersecurity professionals have experienced a data breach within their current organizations. And as laws surrounding data security continue to develop, so too do the potential consequences of these data breach events. So what exactly is data exfiltration and how can you protect your company from it?

Insider Threats Cost Businesses up to $2M Per Incident

While nation-state and domestic hackers grab the headlines for threats to enterprise cybersecurity, a “considerable amount of data leakage” comes from insiders, security provider Bitglass said in a new report. Inside jobs, whether from bad actors within an enterprise who heist proprietary information for profit or careless employees who unintentionally compromise sensitive data, the cost to businesses can add up quickly with multiple incidents, the Campbell, California-based cloud security specialist said in its 2020 Insider Threat Report. Nearly one-third of IT and security professionals in its survey said the average cost of a single insider attack ranges from $100,000 to as much as $2 million. Among those surveyed, more than 60 percent reported at least one insider attack at their enterprise in the last 12 months while 22 percent reported at least six incidents.

The Threat from Within: Protecting banks during the challenge of COVID-19 and a reduced staff

Just as banks use every tool at their disposal to maximize revenue opportunities and manage their ledger, they must take the same approach when it comes to security. New challenges with COVID- 19, banks operating with a reduced staff and employees working from home require an updated and more diligent security plan. Insider threat programs are a key component to an overall security plan. While financial institutions implement some level of security, they can improve their security and insider threat programs leveraging the latest security technologies. Cross-department collaboration, a practice that challenges organizations, is an extremely helpful part of the solution but is often the hardest to execute. Combining the right mix of technology and security staff will better protect financial institutions from insider threats and help meet COVID-19 guidelines.

Race for Coronavirus Vaccine Pits Spy Against Spy

The intelligence wars over vaccine research have intensified as China and Russia expand their efforts to steal American work at both research institutes and companies. Chinese intelligence hackers were intent on stealing coronavirus vaccine data, so they looked for what they believed would be an easy target. Instead of simply going after pharmaceutical companies, they conducted digital reconnaissance on the University of North Carolina and other schools doing cutting-edge research. They were not the only spies at work. Russia’s premier intelligence service, the S.V.R., targeted vaccine research networks in the United States, Canada and Britain, espionage efforts that were first detected by a British spy agency monitoring international fiber optic cables.

FBI + CISA Issue Joint Alert on Vishing Attacks

When the Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) get together to issue an alert to warn us about a security threat, you can bet that the threat is real, and that they have seen it used successfully at an alarming rate. The joint advisory issued on August 20, 2020, “Cyber Criminals Take Advantage of Increased Telework Through Vishing Campaign,” warns companies of the increased use of vishing attacks by cyber criminals. The advisory defines “vishing” as “a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward.”

How Insider Threats Pose Risks and Challenges to any Organization

As organizations try to defend themselves against external threats, they need to remember that insider threats can also cause harm. Whether intentionally or unintentionally, employees and other individuals invariably take certain actions that can lead to data loss, business slowdowns, legal liabilities, and reputation damage. This is especially true now as people work from home and use their own devices to access company resources. A report released Wednesday by security provider Bitglass shines a light on the ramifications of insider threats and offers advice on how to use the right security features to combat them. The report was based on a survey of 457 IT and security professionals from around the world but mainly in the US.

Spy Law Reforms Will Redefine ‘Enemy’ and Refresh ‘Outdated’ Official Secrets Act

In the past 20 years new technology has changed the nature of espionage and the UK must keep up, says law review body. Spy laws are to be updated to make it easier to prosecute leaks of official information to foreign companies, under plans by the Law Commission. The Commission – the statutory independent body created by the Law Commissions Act 1965 to keep the law of England and Wales under review and to recommend reform where it is needed – is proposing to rewrite the Official Secrets Act which would replace the word ‘enemy’ with the phrase ‘foreign power’ extending the range of the laws to include terrorist groups and ‘entities’ such as businesses controlled by a foreign Government. Amid controversies over companies such as China’s telecoms giant Huawei and foreign states’ use of computer hacking specialists, the Commission said the current definition of ‘enemy’ was out of date and unclear to courts.

How to Ensure the Watchers are Being Watched

While security operations center (SOC) analysts are inherently trusted to protect the organization, their activity still needs to be monitored given their superuser privileges to access resources and data. According to the findings in the 2020 Insider Threat Survey Report, 68% of organizations feel vulnerable to insider threats, and privileged IT users (63%), regular employees (51%), privileged business users (50%) and contractors (50%) are viewed as posing the greatest risks.

Average BEC Attempts are Now $80k, but One Group is Aiming for $1.27m Per Attack

A Russian cyber-crime group named Cosmic Lynx has been focused on tricking companies into sending over huge wire transfers. BEC scammer groups are growing more brazen. The average sum that a BEC group will try to steal from a targeted company is now around $80,000 per attack, according to an industry report published on Monday. The number is up from $54,000, the average sum that BEC groups tried to obtain from victims in Q1 2020, as reported by the Anti-Phishing Working Group (APWG), an industry coalition made up of more than 2,200 organizations from the cyber-security industry, government, law enforcement, and NGOs sector.

This entry was posted on Tuesday, September 8th, 2020 at 11:51 am. Both comments and pings are currently closed.