Insider Threats: An Underestimated Risk

Intellectual property can be stolen by an employee which can be sold to a competitor or foreign government, transmitted to a competitor in return for new employment, or even used to start their own company. (Security Magazine)

Alert Fatigue Can Hurt Insider Threat Program

Alert fatigue can weaken an organization’s insider threat program, by making it tougher to identify and eliminate real threats. When security teams get an overabundance of alerts, it can be tough for analysts to piece together data from multiple, related alerts manually. Often teams are lacking context into each alert, and analysts spend too much time investigating false positives (or worse, they miss or ignore important alerts altogether. (ObserveIT)

Why Automation, Why Now?

We must ensure that we are using automation, as well as machine learning and artificial intelligence, to simplify and accelerate our ability to respond to attacks. Our security operations centers (SOCs) are under constant siege, and they can no longer rely on manual operations to deal with attackers who are using automation to scale at an unprecedented pace. (Security Roundtable)

IP Theft Techniques That Enable Attackers

Consider the following real-world scenario: Scheduled routine maintenance on the company’s IT equipment takes place, but while on site, the technician performs some additional configuration one of the routers – which opens a backdoor for the attacker to stroll right in. (Threatpost)

The Dark Side of Machine Learning

Machine learning ranks images with a percent confidence to create a classifier group. For example, a clean, crisp image of a cat may have a 98 percent likelihood of being a cat to a machine-learning program, and be so classified. Add one imperceptible dot to the cat image and the neural network might drop the percentage likelihood it is a cat to 97.5 percent. With enough imperceptible changes (dots), the confidence of the neural network in identifying the cat is eroded. At a certain threshold, the neural network stops seeing the image as a cat and jumps to the next most likely image. (Threatpost)

What You Need to Know About Arbitrary Code Execution Vulnerabilities

The techniques used to upload the malicious code onto the remote computer, often called injection, can be extremely sophisticated. The hacker might overwrite parts of the original program’s file that’s stored in memory. It might take advantage of flaws in operating systems or even microprocessors to sneak the malware into buffers or caches, and then the bad software is run automatically. (Dark Reading)

Death of the VPN: Enterprise Security Needs New Foundations

Access decisions are transferred from the collective network layer to the more granular application layer, where they are made based on user-specific information. Permissions are then arbitrated on a case-by-case basis, based on an informed understanding of the person’s identity and the minimum level of access he or she requires. (Threatpost)

68% of Overwhelmed IT Managers Can’t Keep Up with Cyberattacks

IT managers surveyed also mentioned a shortage of key skills on staff, which makes it that much harder to keep up with the volume of incidents and the scope of risks. Most respondents (86 percent) said that they needed more skills to combat threats, but 80 percent also said that they struggled to recruit the right people. (Threatpost

VPNs’ Future: Less Reliant on Users, More Transparent, And Smarter

How VPN technology gets deployed will change. Whereas VPNs used to rely on remote users remembering to turn on their VPN client software (or off), VPN authorization and access functions are getting subsumed into the network itself and are transparent to users. However, that’s still several quarters down the time line. (Dark Reading)

Insider Threats in Information Technology (Part 6 of 9: Insider Threats Across Industry Sectors)

Unlike fraudsters, insiders committing sabotage are usually in more technical roles and can harm systems by changing lines of software code. Few insiders sabotaged backups, created unauthorized accoun, or used a keystroke logger. Almost a third of insiders abused their priviliged access or modified critical data. A quarter of the insiders committing sabotage received or transferred fraudulent funds. (Carnagie Mellon University, Software Engineering Institute)

Are employees the weakest (cybersecurity) link? Sometimes

As a rule, it is human nature for effective employees throughout an organization to look for the easiest solution, the best workaround. They prize convenience – and this can fly in the face of embracing the best security practices. They often, too, are well-positioned to carry out nefarious activities.

Almost all respondents (cybersecurity professionals) said they feel that their organization is vulnerable to insider attacks. Another data breach study found that 47 percent of all enterprise breaches are caused by employees, either operating for their own gain or to damage the organization, or unknowingly being compromised.

Nearly one-third of these respondents [31%] also said they have installed software on their business devices or networks without authorization from their IT department. This so-called practice of “shadow IT” has risen sharply since SailPoint’s 2014 study (SC Magazine)

Machine learning masters the fingerprint to fool biometric systems

Using a neural network trained to synthesize human fingerprints, the research team evolved a fake fingerprint that could potentially fool a touch-based authentication system for up to one in five people.

Much the way that a master key can unlock every door in a building, these “DeepMasterPrints” use artificial intelligence to match many prints stored in fingerprint databases and could thus theoretically unlock a large number of devices. (Homeland Security News Wire)

Coachable Moments: Preventing Supply Chain Insider Threats

A study by CERT’s National Insider Threat Center showed that 15% of all insider threat incidents were perpetrated by someone in the victim organization’s supply chain. A supply chain can include any third party that supports an organization’s business goals, such as technology providers, public infrastructure, physical good suppliers, or other contracted services.

Many outside attackers or malicious insiders may look to exploit weaknesses within the supply chain. For example, Verizon Enterprise’s vendor Nice Systems misconfigured a cloud storage account, which exposed millions of customer records. And, Target’s costly breach involved a third-party vendor with access to a customer database.

According to Carnegie Mellon University, there are many compliance frameworks you can use to evaluate the security of third-party vendors and suppliers. A few examples include ISO 28000 for general vendor evaluations, ISO/IEC 20243 for technology vendors, and several industry-specific frameworks.

One way to properly train your supply chain is to provide a video training series for any new vendor or contractor. Policy and protocol review often becomes much easier and more digestible in video format, and can ease pressure on already overextended security teams. (ObserveIT)

Open source software security challenges persist

According to the latest Veracode report, only 28 percent of organizations do any kind of regular analysis to find out what components are built into their applications. As the use of open source code grows, this risk surface expands.

According to a recent Snyk survey of open source maintainers, 44 percent have never had a security audit, and only 17 percent says that they had a high level of security know-how

If the problem is fixed, there’s often no way to find and notify all of the users of the old code. ”The open source community has no idea of who is using their components,” says Black Duck’s Pittenger.

Finally, if a vulnerability is found and patched, and the patch is broadly publicized, enterprises that use that code might not be aware that they have it or may have problems finding all instances of it. This year’s giant Equifax breach, for example, involved a vulnerability in the Apache Struts open source software.

Another problem is that some companies are running older versions of the code, and are unable to move to the latest version because of compatibility issues, compliance, or other reasons. According to Snyk, only 16 percent of vulnerability fixes are backported to other versions. (CSO Online)