Posted in News

The Insider Threat Level: Combating Insider Threats, the Enterprise, and High-Schoolers


Your people are your biggest asset, but also your biggest risk. Do you have the ability to detect, investigate, and prevent a costly insider threat incident, or know how to recognize one when it occurs?

The Insider Threat Level series is here to keep you up-to-speed on the numerous examples of insider threat incidents, trends, and best practices caught in the news, so you can be better prepared for anything coming your way.

If you missed the last Insider Threat Level, we covered: the Seattle plane theft, DEFCON security access misuse, an alleged cryptocurrency robbery.

This week, we’re taking a look at: a CISSPs take on insider threats, web application vulnerabilities, another medical data breach, and more.

What are you waiting for? It’s time to find out…

What’s Happening:

(FEATURED) A CISSP’s Take on Combating Insider Threats

Source: ObserveIT

Insider threat-based data breaches and data exfiltration events are becoming more and more common. (As you know from reading The Insider Threat Level!) This is one CISSP’s take on how teams can combat insider threats…

Enterprises Vulnerable to Web Apps

Source: SecurityNow

According to new research performed by Kaspersky Lab (as reported by SecurityNow), web applications have been determined to be the top cause (a whopping 73%) of data breaches on corporate networks in 2017, based on penetration tests and analyses. Further data suggests that companies rate their protection against insider threats as “low” or “extremely low,” at 93%.

Hot Take:

This is an interesting statistic, particularly when you apply independent study data released by the Ponemon Institute earlier in the year, which indicates that the average cost of insider threats is $8.76 million per incident. If 93% of organizations view their protection as minimal, there are bound to be a large number of teams that find themselves dealing with a costly insider threat incident.

Unless, of course, they implement a new program and utilize the right insider threat management tools to manage the situation…

High Schoolers Dealing with Medical Data Breach

Source: ZDNet

The healthcare records of over 300 high school students in Melbourne, Australia were leaked online. These records were reported to have included PII data, such as personal health conditions, medications, and any behavioral or learning difficulties.

The incident was described as having been due to “human error,” published through the school’s intranet.

Hot Take:

“Human error,” in this particular case, sounds like an insider threat incident to us. The incident took place inside of the school’s network, leaking data outside of said network, by a privileged user. (Someone with access – either an employee or a third-party vendor.)

It is deeply upsetting that this took place, but hopefully other schools, agencies, etc. can learn from this mistake and put new safeguards, programs, and tools in place to help prevent an insider threat incident from occurring again in the future.

(FEATURED) Privileged User Best Practices

Source: ObserveIT

Knowing where and how to coach your insiders on insider threat management best practices can be tough. In this post, we talk about privileged users and how cybersecurity team members can “manage up” when it comes to enforcing and maintaining policy with those in technical leadership positions.

How do you feel about the Insider Threat Level?

Did you find this insider threat news recap particularly interesting? Want to see additional coverage? Let us know by tweeting @ObserveIT.