Your people are your biggest asset, but also your biggest risk. Do you have the ability to detect, investigate, and prevent a costly insider threat incident, or know how to recognize one when it occurs?
The Insider Threat Level series is here to keep you up-to-speed on the numerous examples of insider threat incidents, trends, and best practices caught in the news, so you can be better prepared for anything coming your way.
If you missed the last Insider Threat Level, we covered: a CISSPs take on insider threats, web application vulnerabilities, another medical data breach.
This week, we’re taking a look at: mental health and insider threats, Tesla employee data leaks, building an insider threat dream team, and the pains associated with human error.
What are you waiting for? It’s time to find out…
With workplace depression and anxiety on the rise, coinciding with a rise in insider threat incidents, cybersecurity and HR teams are scrambling to increase internal emphasis on employee wellbeing and health. This article investigates whether mental health coaching may be a long-hidden secret to minimizing the risk of insider threat incidents, alongside a comprehensive insider threat management program.
Source: Dark Reading
According to new research presented by job hunting website, Indeed, 43% of surveyed IT professionals believe that they could successfully commit an insider threat attack. Their main vector of entry, and goal? Company owned laptops and endpoints, and data theft.
If your information technology team (which may also consist of cybersecurity folks) is saying that they could easily attack your organization from the inside, that’s a big problem. What’s an even bigger problem is if nothing is being done to strengthen security, including having a process for weakness reporting, and having visibility into user activity and activity trends.
In other words: it’s well beyond the time to start needing a comprehensive insider threat management program and tools to make it run smoothly.
By now, most people in the cybersecurity world (along with the general public) are familiar with the Tesla insider threat incident which Elon Musk himself called “quite extensive and damaging.” But on August 24th, Tesla encountered another incident where a former employee (previously under NDA) shared insider information on an online forum and spread across social media.
To summarize, the former insider disclosed proprietary information which included: that both Tesla models use OpenVPN to talk to their backend, quality control is an afterthought, firmware load and validation processes, details on firmware encryption (or lack thereof), how updates to vehicles occur, and safety issues with vehicle touch screens.
While a former employee no longer (officially unconfirmed) under NDA leaking information doesn’t necessarily classify as an insider threat incident, it does expose how an incident might spread – and to what extent. The methods and details used by this former employee could have been performed by any current employee or third-party vendor.
Visibility into potential insider threats is important, but knowing how to quickly and consistently react to an incident is crucial. Each and every extra second, minute, hour, day, etc. spent investigating an insider threat (or not detecting one in the first place) increases the cost risk to an organization. This article covers how an organization can make the right moves to build an insider threat response Dream Team – and defeat the malicious and accidental threat Monstars.
Source: InfoSecurity Magazine
Coming as no real surprise to programmers and tech enthusiasts everywhere, “human error” has been labeled as the most dominant cause of data breaches by a UK risk management firm, Kroll. (Because, well, computers generally still require input by a human to act.)
By the numbers: 88% of incidents reported to the Information Commissioner’s Office (ICO) since 2017 (2,124 vs. 292) are accidental in nature. 20% of these incidents were due to data emailed to the wrong recipient, and 20% through loss or theft.
Statistics are fun! But the truth is that it is important to note that not all cybersecurity threats, particularly insider threats, are malicious in nature.
As the saying goes: “we’re only human.” And until we move beyond that state, having the ability to detect, investigate, and prevent incidents will continue to be important as ever.
How do you feel about the Insider Threat Level?
Did you find this insider threat news recap particularly interesting? Want to see additional coverage? Let us know by tweeting @ObserveIT.