Blog Layout
Insider Threat – Can You Be Trusted?
Insider Threat – Can You Be Trusted?
The Insider threat in cybersecurity is a tricky subject. We often don't want to approach it because, as the name says, this is someone we have given our trust to that frankly can't be trusted. However, this week we talk about cybersecurity from this angle. The internet village we all share requires us to share and trust in ways we never expected. Often companies and individuals are required to enter sensitive details from your bank information to addresses and national level identifications. We assume that those we share this information with have robust controls in place to safeguard it. The organizations then receive and handle this information assuming that those connected to them are trustworthy and will protect that trust. However, what happens when a person who is given that trust betrays it?
This is not a new concept but one that every organization must tackle. It is essential to understand that "people are people" someone may not intend to break that trust or may be a natural-born scammer. Whichever is the case, all organizations need to look at how do I protect such an environment. I provide a few key points to consider and begin to protect yourself against insider threats:
1.
Governance of data – It is not an easy task, and most organizations, whether small or large, have more data than they can manage. However, it is critical to categorize your information into clear lanes, so you can identify who should have access to it and what functions they can perform with this information. For example, an accountant may have a billing specialist. This person should get only bills and have a clear protocol on what they can do with the accounts received. A few governance protocol examples would be there should be an approver of their activities and clearly defined spending/invoicing limits. If something does not go as planned, a clear auditable way to verify and catch any anomalies to the set governance policy. For example, the billing specialist has tried five times to get through a payment clearly above their spending limit. This should trigger an automatic response to closely monitor this person's activities.
2.
Access and Role Definition - It is often not popular as organizations continue to downsize and adjust to the new post-Covid reality. However, one critical way Insiders Threats are executed includes having access to more information and software controls than necessary with minimal oversight. Similar to data governance, it is key to minimize the level of functions a singular person has within your organization. In cybersecurity, we have a concept called "Least Privilege" this means people should only get access to information and software they need to do their function in the organization. It is easy to roll out a laptop or provide direct cloud access from the manufacturer with a few added security lockdowns. While this is easy often, "bad actors" take advantage of the "easy" to gain access to information and run commands that don't align with their primary responsibilities. A good insider threat program aims to identify and monitor ASAP when someone is escalating their access to do something other than what they are assigned to do. A few recent real-world examples happening in July 2022 are as follows:
-
A Phoenixville (Pa.) Hospital employee was fired after accessing patient medical records without authorization
[1]
.
-
A data breach on accounts receivable management company Professional Finance Co. affected over 600 healthcare organizations.
In an upcoming edition of our newsletter, we will discuss more insider threats from the supply chain.
Thank you for reading, and hopefully, I provided a few quick ideas of some of the many ways to lower the risks of an insider threat. If you need additional resources and training, see below. Until our next edition, stay safe. "We are One"
Resources:
Free 30-Day Trial for the Armarius Data Loss Prevention Software -
https://www.covenantsec.com/amarius
Free Cyber Risk Assessment -
https://risks.covenantsec.io/
Cybersecurity Training –
https://www.covenantsec.com/store
[1]
Diaz N. From insider threats to system breaches: 7 health systems affected by data breaches in July. Beckershospitalreview.com. https://www.beckershospitalreview.com/cybersecurity/from-insider-threats-to-system-breaches-7-health-systems-affected-by-data-breaches-in-july.html. Published 2022. Accessed July 24, 2022.
Section four of the "Executive Order on Improving the Nation’s Cybersecurity" introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers.
The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed.
The plaintiffs had
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets.
"These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu,
This is a question anyone can ask and should be asking on behalf of themselves and within your organizations. However, we often view cybersecurity through the lens of feeling vulnerable. In this post we explore a few ways to start to empower yourself and organization to tackle cybersecurity.
Leadership: A female perspective Danyetta Fleming Magana and Javeria Ayaz Malik reflect upon the role of women in crisis leadership
I had planned to share a wonderfully done newsletter article but opted to share from the heart. I've been truly blessed and honored to be in the security community for over 20 years and have many colleagues and friends who help secure our physical and virtual world.
While I admit I love the work from home and the ability to order groceries online, I wouldn't say I like watching children bullied, the elderly targeted and pensions stolen, charities losing donations, and companies going out of business due to the insecurity of our global internet village.
It was out of this place that I realized that we needed to reignite a fundamental truth that "We Are One" always connected.
Humanitarian Cyber Career chat and social media do’s and dont’s for high school and college students - please circulate this flier with your teachers and students so they register! As a part of registration they can enter up to 3 questions they’d like answered at the event. Speakers include Patricia Zebertavage (FBI), Keith Moulsdale (cyber attorney), Veda Woods (leveraging cyber to combat child trafficking), Sean Anthony Guillory, Ph.D. (Cyber automation SME), and more!
How long will I be down from a ransomware attack?
What are the cybersecurity risk for resturants?
