November is the Department of Homeland Security’s National Critical Infrastructure Security and Resilience Month. In observance of it, Dtex Insider Threat Specialist Katie Burnell contributed a byline to Help Net Security outlining security challenges the sector faces. Burnell points out that over emphasis on unknown malware and exploits may have defocused the cybersecurity community off of the insider threat, which seems to be where the sector’s top problem lies. According to Burnell:
Stuxnet’s ability to halt operations forced critical infrastructure operators to think about how they could fall victim to cyber weapons. Subsequent attacks believed to be responsible for taking out power grids have certainly raised panic levels. When it comes to critical infrastructure though, unknown digital payloads and unidentified gaps in code may not be the easiest way for attackers to penetrate systems or to inflict damage. There may be an even more dangerous type of “zero day” in play — humans.
Even in cases where malware and other means were used in attacks on critical infrastructure, human unpredictability is a key factor. In March, the US-CERT announced that Russian operatives were engaged in massive, coordinated attacks on critical infrastructure sectors. The DHS and FBI found that the campaign targeted networks with spear phishing and watering hole attacks, among other means.
To read the piece in its entirety and learn about ways that unpredictable human behaviors can be addressed, visit: Are we chasing the wrong zero days?
More Insider Threat, Privacy News
There is never a shortage of news and information released daily about the insider threat and privacy. Since our last blog we’ve seen some biggies published.
11/21 – The Snowden Legacy, part one: What’s changed, really? This first installment of a two-part series by Sean Gallagher at ArsTechnica “looks at what Snowden’s disclosures have wrought politically and institutionally.” Although there is no focus on the “insider threat,” it is a great reminder of how easily lone, malicious actors can steal data when organizations don’t have sufficient user behavior intelligence available. It also credits the wanted fugitive with kicking off the present-day privacy debate and being a catalyst for the General Data Protection Regulation (GDPR). You can read more about how Snowden impacted the insider threat problem at: How Edward Snowden made us think about and forget the Insider Threat
11/26 – Internal negligence to blame for most data breaches involving personal health information. Published at Help Net Security, this piece focuses on how research from Michigan State University found that most personal health information, or PHI, data breaches are due to internal issues with medical providers – not because of hackers or external parties.
11/26 – Half of all Phishing Sites Now Have the Padlock. In this Krebs on Security blog post, Brian Krebs highlights research data from PhishLabs, revealing that “49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar.” This is especially worrying when it comes to the negligent insider threat problem, as most users are taught that the presence of a “padlock” in the URL bar is a sign of a legitimate, safe website.
11/19 – Customer Complains About Tesla Forums, Tesla Accidentally Gives Him Control Over Them. This Motherboard article by Joseph Cox is a classic case of the insider threat caused by negligence. According to Cox, “Tesla accidentally granted a random customer control over its official forums when the customer complained about their delayed Tesla vehicle delivery. That access allowed the customer the ability to edit or delete anyone else’s posts, as well as see the contact information for the forum’s 1.5 million users.”
11/20 – Why visibility matters. Written by John Hays for FCW, this piece points out that “Agencies must get a better handle on their user behaviors, as careless and/or untrained insiders rank first among all cyber threat sources cited by 54 percent of federal government IT decision-makers and influencers, according to research from SolarWinds.” In the Dtex 2018 Insider Threat Intelligence Report, we also found that the negligent insider threat was a top reason for data breaches and other security incidents.