The Insider Threat Level is here to keep you up-to-speed on the latest examples of insider threat incidents, trends, and best-practices, so that you’re better prepared for anything coming your way.
This week, our feature story addresses cybersecurity and regulatory compliance fear. It is a response to the InfoSecurity post: GDPR Fear is Stifling Employees, Here’s How to Fix It.
The FBI’s National Insider Threat Task Force (NITTF) published their new Insider Threat Program Maturity Framework (.PDF) this past week. The framework was released primarily as an effort to address the risks caused by the costly and growing insider threat problem in government agencies and was developed in a series of working group sessions from within the U.S. Government’s insider threat community.
The framework itself is intended to empower federal agencies to start taking action sooner, and in more depth, than minimum guidelines issued six years ago. It contains 19 elements that guide agencies through the many challenges and questions that may arise during the implementation of a new or improved program.
The NITTF has stated that agencies are not expected to have fully implemented the previously set minimum requirements prior to enacting any program standards from the new framework.
The existence of this new framework is further validation that the insider threat problem is real and needs to be addressed by all players – governments included.
But what is particularly interesting about this new framework is that it emphasizes urgency.
Rather than establishing further guidelines which might take years to implement, the NITTF has focused on tangible, quick guide wins for both the short and long-term security of government agencies. The framework also acknowledges the fact that addressing the risks posed by insider threats is a team effort.
There is no true hands-off, quick fix. Tackling the insider threat problem requires a mixture of good people, established (and enforced) process, and technology to help it all work.
What Else is Happening
Source: Infosecurity Magazine
According to an Infosecurity Magazine news report, authorities in the U.S. have formally indicted ten individuals thought to have been involved in an insider threat-based international data exfiltration incident. The five-year long conspiracy allegedly started on January 2010, and featured two Chinese intelligence officers, two insiders, and six hackers seeking to obtain key technology secrets found in commercial airliner jet engines.
Source: The Nation Online, Nigeria
Insider Threats were recently named the top perpetrator of costly cybercrime (with a cost of upwards of $194 million) in the nation of Nigeria, during a presentation at the 9th Annual Payment Systems Conference. The conference primarily featured stakeholders from the financial and security industries.
A new report from Ping Identity has found that 78% of consumers would stop engaging with a brand following a data breach or security incident. The survey gathered data from over 3,000 adults in the U.S., U.K., France, and Germany. In addition, the study found that 49% of consumers would not sign up for or use a service connected to a recent data breach.
What You Might Have Missed
It’s easy to get caught up in the daily grind – we get it!
Here is what happened in the last Insider Threat Level: we covered cybersecurity and regulatory compliance fear, Amazon’s data exfiltration culprit firing, the market for stolen data, untrained staff, and Facebook’s potential GDPR fine.