Virtualization Technology News and Information
Honoring the 3rd Annual National Insider Threat Awareness Month During September


The month of September officially kicks off the 3rd annual Insider Threat Awareness Month (NITAM). NITAM is an annual, month-long campaign during September that helps to educate the government and industry about the risks posed by insider threats and the role of insider threat programs.  All organizations are vulnerable to insider threats.  An insider threat is anyone with authorized access who uses that access to wittingly or unwittingly harm an organization or its resources. 

This campaign is especially important amid a year when ransomware grabbed so many headlines - it's critical that we don't lose sight of the importance of safeguarding our nation by detecting, deterring, and mitigating insider threats.

Hear from a number of seasoned experts as they offer their own thoughts and opinions to help celebrate and honor this much needed campaign.


Joe Payne, CEO and President of Code42

"When data as portable as source code is valued at $5M, the last thing you want is for that code to end up undetected on a personal GitHub repository of an employee who is leaving your organization. Insider Risk is increasingly becoming a more significant and urgent business problem. With work now conducted more regularly in the cloud and outside of an organization's environment, it's no surprise that about two-thirds of data breaches involve an insider.

Every day, customer lists, product plans and personnel information are put at risk by unwitting, negligent or malicious employees. Regardless of the employee's intent, when an insider walks out with your customer list or your critical source code, it can literally put you out of business. Insider risk events and their impact on business are accelerating. Far too many companies are protecting their data using old technology and approaches that do not work in today's cloud-based and remote-working environments.

The modern-day solution to solving the problem of employees and contractors taking data is Insider Risk Management (IRM). IRM technology allows employees to openly collaborate while the IRM systems monitor, filter and prioritize risk events and detects when files are moving to non-corporate locations, including personal devices and networks. With data exposure peaking and precious source code exposure rising threefold amid massive employment turnover in the US, Insider Risk needs to be prioritized by organizations.

Most employees openly admit they take important company data with them when they quit. And with millions of workers actively changing jobs, we expect this problem to only become more acute. Now is not the time for complacency. The WSJ has decreed 2021 as the year of the Great Resignation - a time when up to 40% of knowledge workers are expected to change jobs. Companies need Insider Risk training and technology to ensure that the Great Resignation does not become the Great Data Exfiltration as critical data and essential IP walks out the door."


Bindu Sundaresan, Director at AT&T Cybersecurity

"To prevent insider threats, which many organizations continue to struggle with, implementing a Zero Trust model will be key to an organization's cybersecurity strategy. The Zero Trust approach assumes the inevitability of a data breach. Instead of focusing exclusively on preventing breaches, Zero Trust security aims to keep damage limited if a breach were to occur and build a system that is resilient and can quickly recover. With the Zero Trust model, organizations gain better visibility across users, devices, containers, networks, and applications because verification of their security status is required with every access request. An organization can reduce its attack surface by segmenting resources and only granting the absolute minimum access needed. Zero Trust security was conceptualized to address vulnerabilities no matter where they may come from. It takes an 'always verify, never trust' approach to network security. This means that every user and device is always verified, regardless of whether they've previously been granted access."

"Another aspect of cybersecurity many business leaders do not consider is the role of increasing diversity among security teams. Bringing unique thoughts and perspectives to your cybersecurity team is a great practice, and can increase the likelihood of the team noticing irregularities within your systems. However, be sure not to assume that a new hire from a unique background knows exactly what to look for in terms of identifying irregularities in systems or language- this may lead to a missed threat that could cause downtime at your organization. Always set up the proper training that will best guide team members through the process of what a specific abnormality within your organization may look like. This way, you can feel confident that your entire workforce is aligned and prepared for potential cyberattacks and do not pose as another unintentional insider threat to the organization."


Dr. Torsten Staab, Chief Technology Officer for Cyber Protection Solutions & Raytheon Blackbird Technologies, Inc. at Raytheon Intelligence and Space

"The principle of practicing Zero Trust is simple; trust no one, even if they work for your company. Employees have the ability to maliciously or ignorantly leave organization data vulnerable and accessible for a breach. It will likely take organizations several years to truly achieve comprehensive, multi-level Zero Trust Security, but it's better to start now than wait until it's too late to remediate.

To get started, organizations should consider an incremental, step-by-step process, starting with updating all existing systems and ensuring cybersecurity solutions in their arsenal are Zero Trust compatible. It's also critical to pinpoint and evaluate primary areas of concern - for example, what are your business's priorities with respect to the user, device, network, application, and data security? Are you already able to stop a ransomware attack in its tracks? Have you had a data leak and how was it handled? Depending on responses to these questions, are insiders capable of stealing corporate data or intellectual property, and how many people have access to sensitive information? Is your business already using context-aware, multi-factor authentication enterprise-wide? The conjecture you get from these questions will help to provide a clear understanding of where to focus first and foremost - especially as it relates to combating a malicious insider through Zero Trust initiatives.

With digital transformation efforts accelerating and the attack surfaces expanding exponentially even within an organization, there's never been a better time to implement Zero Trust policies as a way to combat insider threats."


Kevin Breen, Director of Cyber Threat Research, Immersive Labs

"What counts as an insider threat depends on your organization's appetite for risk. To the most risk averse, every person within a company could be considered a threat. As dramatic and paranoid as this sounds, it isn't necessarily that far from the truth.
The most important thing to remember is that it's not always about intention - an employee can be an insider threat without intending to do harm to the organization. These are the people who accidentally open a link in a phishing email, unplug a server to vacuum under the desks, or let a stranger into the office unquestioned. In these situations, education is the key to prevention."
"Looking at those who do want to do harm, organizations must be aware of the impact of disgruntled employees or those looking to make a quick buck from a competitor. If someone feels disenfranchised, neglected, or wronged by the company, it could be easy to persuade them to walk into the office with an infected USB or feed secrets back to competitors. An open and honest culture and recognizing when employees are overworked or unhappy could put a stop to an insider threat before it has a chance to do harm.
As always, prevention is better than cure. Make sure your employees are properly educated on basic cybersecurity measures to prevent those ‘accidental' inside threats. Encourage open communication, so when someone feels wronged or unhappy at work, they feel they can talk about it. So much risk from insider threats can be mitigated simply by ensuring your employees feel safe to speak up. And on that note, make sure you put in place a proper whistleblowing policy: it must protect both the whistleblower and their rights, as well as the company."


Joe Slowik, Senior Director, Gigamon

"Defenders typically look at insider threat concerns as one of the more intractable and difficult problems, as a trusted insider by definition has already overcome multiple security controls. However, emphasis on monitoring and visibility into actions taking place both on host (insider direct interactions with systems) and over the network (to examine attempts to circumvent controls and visibility) can flag suspicious behaviors. With proper insight into network and host activity, defenders can begin addressing this otherwise very difficult problem."


Ryan Weeks, CISO, Datto

"External threat actors, more often than not, leverage the credentials of your employees and systems to conduct their activities post exploit. You will see this described as 'living off the land', which is a simple way to say that threat actors will use the accounts, access and tools that are already resident in the network to facilitate a breach once they gain a foothold.

To me, all this really means is that if you're not already building a threat monitoring program that is capable of detering, detecting and responding to suspicious activity under your employee accounts then you have neither an effective insider or external threat monitoring program. They are two sides of the same coin."


Mark Nunnikhoven, Distinguished Cloud Strategist, Lacework

"There has been a sharp increase in demand for direct access to business environments in the underground markets. To meet this demand, we expect to see more high dollar offers to susceptible employees and more outreach from rogue employees."


Lamont Orange, CISO, Netskope

"Not all insider threats are malicious in nature. Employees are often viewed as the weakest link of any company's security posture - and sometimes, even unknowingly, open the company up to risks. This may include clicking on a phishing email, connecting to unsecured Wi-Fi or taking company data outside the organization. Netskope's latest Cloud and Threat report found that departing employees upload 3X more data to personal apps in the last 30 days of employment. All of these actions make the company vulnerable to growing threats.

As the world continues to navigate through the pandemic and work-from-home environment, in addition to the great tech resignation, it's more challenging - but critical -  to protect against insider threats. Educating employees about security efforts is a top priority and goes a long way to change the perceived weakest link to a force multiplier for security posture advancement.  Understanding where company data is located is equally important and knowing where company data is means that you can protect, control and ensure it's in the right hands."


David Bradbury, Chief Security Officer, Okta

"The digital nature of our modern economy means that security threats are only going to intensify, and a large - and persistent - portion of these threats come from within an organization. Anyone who has access to important and protected electronic items, including current employees, former staff members, contractors, or vendors, can pose potential threats. Combatting these threats, whether they are of malicious intent or just due to human error, is a crucial component of any company's security hygiene.

If the past year has taught us anything, it's that leaders must recognize that people are the new perimeter. They must move toward a Zero Trust security model and adopt strong authentication across all services, everywhere - from on-premises, to cloud, to mobile, and for employees as well as customers, partners, contractors, and suppliers. This means ensuring that the right users have access to only the resources they need, and at the right time. A critical best practice in any industry is to leverage identity as a foundational technology across the security stack.

Organizations must simultaneously ensure they are fostering a security-first culture among their employees. Bolstering internal security education with thorough trainings for all employees can decrease the chances of falling victim to careless oversights. A company is only as strong as its weakest link - which can oftentimes be its own employees. Educating them on security best practices is essential."


Stephen Cavey, Co-Founder and Chief Evangelist, Ground Labs

"In today's modern world, the insider threat remains just as credible as the external threat. Originally hacking via the use  of an insider could be proven as a clear intention to carry out a malicious act. However, in a modern context, the insider threat is not always intentional and the individual carrying out the attack is not necessarily aware that their actions are in any way malicious.
For example, phishing attacks often target internal individuals with access to critical data or the ability to authorize financial transactions and fool them into performing tasks to achieve the desired outcome. It is possible that an insider threat existed in the form of a trusted individual, or group of individuals with purpose to commit wrongdoings. It is also possible that an insider threat was invoked unintentionally via coercion, manipulation or attacks resulting in unintended consequences.

But ultimately, a detailed forensic investigation is often required to make an appropriate determination of what has occurred and the motivations behind such actions.

This National Insider Threat Awareness Month, it's pivotal for organizations -- and specifically, security leaders -- to gain a better understanding of where all of their sensitive data resides to better mitigate the risk of insider threats in the era of hybrid and remote work."

Peter Chestna, CISO for North America, Checkmarx

"Closely related to the insider threat conversation is the growing trend of external threat actors deliberately inserting malicious code into open source packages, in hopes of establishing a vector for further compromise of data or systems. This attack scenario is executed successfully when a developer unknowingly incorporates a compromised package into software they are building for their organization.

To avoid falling victim to this type of attack, organizations must be cautious about their open source usage. A new level of scrutiny is needed. They should understand the developers that contribute to a given code package, what other packages they contribute to, and their overall online presence and reputation. This can provide indicators on the potential intent of their contributions. While this might not be definitive, it can provide useful context as organizations keep a closer eye on the components and packages being adopted in their software and supply chains"


Published Tuesday, September 07, 2021 7:31 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2021>