10/1/18: Dtex, Insider Threat, Privacy News: Welcome to Cybersecurity Awareness Month! CEO Christy Wyatt Reveals Trusted Insider Strategy, Provides How To for Insider Negligence; Five Years Post Snowden, NSA Insiders Still Removing Classified Data
Welcome to Cybersecurity Awareness Month. Every year the United States Department of Homeland Security (DHS) uses October to highlight awareness for the importance of cybersecurity. The collaborative effort between the public and private sector is designed to give every American the resources they need to remain safe and secure online and to help ensure that the nation can remain resilient in the face of mounting cyberthreats. Now in its 15th year, you can read more about the event at the DHS website.
As part of our efforts to make sure that enterprises and government agencies have what they need to remain secure and resilient, Dtex is ramping up awareness for how to better defend against the insider threat. The insider threat can sometimes get lost in the dizzying array of headlines about the latest malware, election hacks and Facebook breaches. It is worth noting that it continues to be among the leading causes of data breaches, compliance violations, and other security incidents.
The Insider Threat: A New Approach
Just ahead of Cybersecurity Awareness Month, during the Forrester Security & Privacy Forum in Washington DC, Dtex CEO Christy Wyatt unveiled the "Trusted Insider" strategy. This new approach to dealing with insider threat risk contrasts with traditional security methods. Rather than treat employees and other trusted insiders as suspects to be feared, it views them as trusted members of their organizations who should be empowered to perform their jobs. During her presentation, Wyatt demonstrated how a new class of technology innovations and policies is being used to apply organization-wide trust and detect insider threats created by negligent and malicious users. The keys to the new strategy were summed up in one of Wyatt's slides:
You can read more about the new approach in our whitepaper: EVERYONE AS A TRUSTED INSIDER: AN INTELLIGENT REPLACEMENT FOR EMPLOYEE MONITORING
Insider Threat in the News
With the world hyper-focused on election security and misinformation campaigns, Wyatt took time to remind the security community that user negligence continues to be a key cause of data breaches. In a recent piece she penned for Enterprise Times UK, Wyatt provided an education on what a "negligent insider" is and four mitigation steps organizations should take.
Just what is a negligent insider? According to Wyatt:
Insiders are employees, partners, contractors and other third parties who have legitimate access to networks. Malicious insiders are those who take advantage of their access to steal data and cause harm. Negligent insiders are those who have no bad intentions but make errors that subject their organizations to security events. Each class of user is regarded as an insider threat.
What are the mitigation steps? Wyatt continues:
Expand visibility, respect privacy
Teach, teach teach
You can read the full piece and further context around the steps at: How to Address the Negligent Insider Challenge
NSA Insider Sentenced to 5+ Years in Prison for Classified Information Removal
Nghia Hoang Pho, 68, of Ellicott City, Maryland, and a naturalized U.S. citizen originally of Vietnam, was sentenced on Sept. 25 to 66 months in prison for willful retention of classified national defense information. According to court documents, Pho removed massive troves of highly classified national defense information without authorization and kept it at his home.
According to the plea agreement, beginning in 2010 and continuing through March 2015, Pho removed and retained U.S. government property, including documents and writings that contained national defense information classified as Top Secret and SCI. This material was in both hard copy and digital form, and was kept in a number of locations in Pho’s residence in Maryland.
What's most interesting about this story? More than five years after Edward Snowden illegally removed classified information from NSA networks, it is still possible, apparently, to do. According to the FBI:
This case is a clarion call to all security clearance holders to follow the law and policy regarding classified information storage. The FBI will leave no stone unturned to investigate those who compromise or mishandle classified information.
Maybe also a clarion call for organizations that store and process sensitive data to gain better visibility over how it is being accessed and transferred?
You can read full details in the DOJ press release: Former NSA Employee Sentenced to Prison for Willful Retention of Classified National Defense Information
Facebook Tops Breach Charts
If there were a "Billboard" type of rating for greatest breach hits over time, Facebook would definitely be breaking records. After being vilified for privacy violations and misuses of data, the social network was hit with a data breach caused by an application vulnerability that exposed more than 50 million user accounts. With too many news stories about the incident to count, there are a few notable high-level and security drill downs that provide comprehensive and simplified overviews:
- SecurityWeek: Industry Reactions to Facebook Hack
- InfoSecurity Magazine: Facebook Scrambles to Provide Breach Info to Regulators
- The New York Times: Facebook Security Breach Exposes Accounts of 50 Million Users