Join our panel during Black Hat 2024 – Blurred Lines: Investigating the Convergence of Internal and External Threats



Insider Risk Insights - DTEX Blog
  • Home
  • Blog
  • DTEX Systems
  • 1/2/19: Dtex, Insider Threat, Privacy News: Old Threats Extend Into New Year, More Database Exposures Expected

1/2/19: Dtex, Insider Threat, Privacy News: Old Threats Extend Into New Year, More Database Exposures Expected

Happy New Year! We wish we could say that cybercrime, data breaches and the insider threat took a break over the holidays. This wasn’t the case. As the year wound to a close, we witnessed a number of incidents reminding us that 2019 is going to be a challenge-filled year. Here are a couple of the headlines that filled our stockings and added to the New Year’s fireworks.

Via Staff at Dark Reading: US Petroleum Employee Charged with Stealing Trade Secrets for Chinese Firm. According to this report:

A Chinese national was arrested in the US last week for allegedly stealing intellectual property from a US petroleum company where he was employed. Hongjin Tan, 35, is charged with pilfering some $1 billion in trade secrets on behalf of a Chinese petroleum firm where he was offered a new job.

According to the official criminal compliant filed in the Northern District of Oklahoma District Court, Tan used an unauthorized USB flash drive in the crime.

Many reading this blog might think that the “unauthorized” USB drive problem should have been solved by now; clearly this isn’t the case. Dtex insider threat specialists frequently detect negligent and malicious insiders using flash drives to transfer data. In the Dtex 2018 Insider Threat Intelligence Report, our platform and experts identified it in 90 percent of the assessments we conducted. USB-based data transfers can end up costing organizations millions, but they can be relatively easy to prevent.

Organizations can mitigate some of this risk by providing encrypted USBs to employees that need them for work use. Companies that want to take this control a step further can think about blocking USB activity, but they need to remember that blocking alone is never a catch-all solution. Companies must be sure that their security infrastructure is prepared to find things that commonly slip through cracks.

We often recommend to our clients a “Trust but Verify” approach. Many organizations want to provide their employees with the ability to do their jobs as freely as possible. By offering USB-use privileges and by making sure they have the visibility to confirm the way these devices are used, security teams can see their risks and adjust policies accordingly.

Via Doug Olenick at SC Magazine: Cybersecurity trends in 2018. According to this feature, there are several trends we will continue to see this year. One falls squarely in the negligent insider category:

Cloud Storage. The words AWS S3 Bucket and MongoDB were in the news quite a bit in 2018, a fact the owners of those products would rather forget. In one of the largest breaches of the year, 445 million records were exposed when the Swiss-based data company Veeam used a misconfigured MongoDB hosted on Amazon Web Services that did not require any password to access. The culprit in this situation, and dozens of other cases this year, is human error in the form of poor identity access management (IAM) practices. AWS and other cloud storage providers usually turn over a bucket to a customer in a locked down condition, but changes made by the end user often result in the data going from safe to exposed with a single keystroke.

Until recently, this high-risk situation didn’t receive much attention. But as we observed in our 2018 report, it is by far one of the most dangerous and widespread insider threat issues. In 78 percent of the organizations we assessed, we found instances where data was found publicly accessible in the cloud.

Companies need to educate users on what cloud sharing websites do and don’t do to protect the data stored in them. Make it clear that these websites do not always encrypt information, and teach employees never to use the public share link unless they’re dealing with information that is suitable for public consumption. Some organizations have had success blocking certain cloud sites, minimizing the attack surface and funneling all employee use to one tool that they can monitor appropriately and provide education. But, once again, this is another example of the importance of the ability to detect the “unknown unknowns.” Organizations must be able to answer the important questions — like, “Are my employees properly using cloud sharing sites?”