The cybersecurity news media’s attention remains focused on the insider threat, especially on the data breaches, leaks and exposures caused by insider threats of the negligent variety. Here’s a look at some recent headlines along with analysis of why they are significant:
Wired: HERE’S WHAT IT’S LIKE TO ACCIDENTALLY EXPOSE THE DATA OF 230M PEOPLE. By Andy Greenberg, this article is a second look at the Exactis data exposure incident, which for all intents and purposes has driven the marketing company out of business. In this follow-up piece, Greenberg interviews Exactis CEO Steve Hardigree. Although Hardigree affirms to Greenberg that there was no “breach” or “leak,” there is no question that a misconfigured Amazon ElasticSearch server was at the epicenter of the incident. Although the term “insider threat” is never used by Greenberg in the story, it can be concluded that human negligence, the most common insider threat form there is, was the cause of the catastrophe.
TechCrunch: A huge trove of medical records and prescriptions found exposed. By Zach Whittaker, this story reports on the findings of Dubai-based cybersecurity firm SpiderSilk, which told TechCrunch about the exposure. According to the news, California-based Meditab “was leaking thousands of doctor’s notes, medical records, and prescriptions daily after a security lapse left a server without a password.” Although the term insider threat is missing from this story, this is another example of how human negligence can lead to major problems for organizations that deal in sensitive and confidential data.
Security Discovery: NJ Based Home Health Radiology Services Leaked Nearly 40k Case Files. By Jeremiah Fowler, this research organization blog post points to yet another instance of human error, aka the insider threat. This time, the “discovery contained the records of an estimated 37,000 people who’s data has been potentially compromised in an alleged data breach involving New Jersey based Home Health Radiology Services LLC. These records contained names, date of birth, phone numbers, addresses, diagnoses, notes, and we even saw Social Security Numbers (SSN).”
We aren’t totally shocked that the term insider threat is missing from these articles. Although it has been a chief cause of security incidents since, well, forever, it fell somewhat out of vogue after Edward Snowden was written and broadcast about in every possible medium and from every imaginable angle. Unfortunately, the Snowden incident also married the term primarily to insiders of the malicious type, which account for a low albeit highly damaging percentage of situations.
We are beginning to think that several market forces will raise education levels around the insider threat, which will lead to a greater understanding of the role it plays in the range of incidents that are gaining attention, misconfigurations included. These forces include things like the Verizon Insider Threat Report, the insider threat land grab underway by malware detection providers, and increased awareness being driven by several top analyst firms.
To learn more about the insider threat, exactly what it is, how to defend against it, and what some of the leading related trends are, have a read over this recent byline from Dtex Insider Threat Specialist Katie Burnell. Posted at TechRadarPro, “How to detect and defend against insider threats” is a step-by-step guide providing an education on how to do exactly what the title says. Other helpful Dtex Systems resources include:
The Dtex 2019 Insider Threat Intelligence Report
10 Reasons Why Organizations Deploy Dtex
Introduction to the Insider Threat: What It Is and Why It Matters
News of Note
Although not specific to the insider threat, several news items have sprung up as of late that are worth mentioning, as they speak to the current threat landscape and how the private and public sectors are addressing it.
Associated Press: Emerging online threats changing Homeland Security’s role. Reporter Colleen Long writes:
WASHINGTON — Homeland Security Secretary Kirstjen Nielsen said Monday that her department may have been founded to combat terrorism, but its mission is shifting to also confront emerging online threats.
China, Iran and other countries are mimicking the approach that Russia used to interfere in the U.S. presidential election in 2016 and continues to use in an attempt to influence campaigns on social media, she said. Under threat are Americans’ devices and networks.
“It’s not just U.S. troops and government agents on the front lines anymore,” Nielsen said. “It’s U.S. companies. It’s our schools and gathering places. It’s ordinary Americans.”
Devices and networks are “mercilessly” targeted, she said. Those responsible are “compromising, co-opting, and controlling them.”
NextGov: White House Requests More Than $17.4 Billion for Federal Cyber Efforts. Reporter Jack Corrigan writes:
The Trump administration intends to allocate more than $17.4 billion to cybersecurity efforts across federal agencies in fiscal 2020, with the Pentagon and Homeland Security Department receiving the lion’s share of the funds.
Under the president’s request, the Defense Department would receive some $9.6 billion—roughly 55 percent of the government’s total cyber spend—to bolster its digital defenses and expand offensive operations in cyberspace. The figure marked a $1 billion increase from administration’s 2019 request and came as one of the proposal’s most significant provisions. The administration didn’t include specifics on the Pentagon’s cyber budget in its release.
The proposal would also allocate more than $1.9 billion to the Homeland Security Department, with more than half getting funneled to the Cybersecurity and Infrastructure Security Agency. The funds would allow the agency to increase the number of network risk assessments it conducts and support programs to protect the government’s IT infrastructure.
The New York Times: Homeland Security Chief Cites Top Threat to U.S. (It’s Not the Border). Writer Zolan Kanno-Youngs reports:
WASHINGTON — Kirstjen Nielsen, the homeland security secretary, said on Monday that cyberthreats against the United States were a national security crisis that she described as her top priority — not the situation for which President Trump last month declared a national emergency.
“On top of my list of threats, that many of you can guess, the word ‘cyber’ is circled, highlighted and underlined,” Ms. Nielsen said in a speech outlining her department’s focus in the coming year. “The cyberdomain is a target, a weapon and a threat vector all at the same time.”
CSO Online: 12 tips for effectively presenting cybersecurity to the board. Mary K. Pratt writes:
Cybersecurity is a top concern for boards of directors.
In fact, 42% of the nearly 500 leaders surveyed by the National Association of Corporate Directors listed cybersecurity risks as one of the five most pressing concerns they’re facing — just behind changes in the regulatory climate and an economic slowdown.
As a result, security executives are increasingly going before boards to brief them on the risks they face and strategies to mitigate them.
There are steps that CISOs can take to avoid such negative reviews. Here, several experienced leaders share their advice for presenting to the board: 1. Do more prep work; 2. Offer an assessment; 3. Be transparent; 4. Anticipate the (tricky) questions; 5. Be honest about limits; 6. But don’t scare the board either; 7. Get a champion; 8. Get to the point; 9. Skip the tech talk; 10. Present the business value; 11. Determine measures of success; 12. Capitalize on the opportunity