Insider Threat

Insider Threat

CIOs say security must adapt to permanent work-from-home

Articles, Blog, Coronavirus, Cyber Security, cybersecurity, DHS, Insider Threat
featured image

Both private- and public-sector CIOs see many more employees permanently working remotely, and say security needs to adapt to new threats and how they communicate.

The entire US economy and government were forced to shut down in-person facilities and operations almost overnight in March as COVID quarantines began. The new conditions forced organizations to quickly find ways to secure tens of millions of new, vulnerable endpoints created by at-home workers. Now, six months later, technology leaders are taking stock of what happened and considering how a post-COVID landscape might look.

COVID has resulted in a lot of forward-looking changes, Jim Weaver, CIO of Washington State, said at the second day of the annual Cybersecurity Summit hosted by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). “COVID has been our chief innovation officer. Now as a state we’re pivoting to change our service methodologies while in the middle of a pandemic and economic downturn.” Washington was the first state with a positive COVID case on January 14.

“Governor Inslee has been a big proponent for remote work for a lot of reasons and so we did have a culture and mindset in place already enabled to support it,” Weaver said. Washington had to jump from an average of 3,000 to 4,000 remote concurrent connections to 65,000 to 70,000 almost overnight. “That went pretty flawlessly, I’m pleased to say.”

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Photo by Charles Deluvio on Unsplash


Preventing insider threats: What to watch (and watch out) for

Articles, Blog, Insider Threat
featured image

Understanding human behaviors that precede malicious actions from an insider is the best way to avoid data loss or disruption, experts say.

September is officially National Insider Threat Awareness Month (NIATM) and the theme of this year’s NIATM is resilience. Of all the digital threats facing organizations, the insider threat can be the most vexing to tackle given how uncomfortable it can feel to suspect one’s own colleagues of wrongdoing. It’s challenging to set up systems and processes that might catch well-regarded peers or superiors in a harmful act.

At last week’s inaugural Insider Risk Summit, experts at corporations and cybersecurity firms gathered to talk about the top trends driving insider security threats and what security officers should know in trying to combat those threats. “There’s not one type of threat but there is a common aspect, which is that [insiders] are looking to get at critical assets of the organization — people, information, technology and facilities,” Michael Theis, chief engineer, Strategic Engagements at the US Community Emergency Response Team’s (CERT’s) National Insider Threat Center, said during his keynote talk.

Theis based most of his talk on the fraud model that CERT’s threat center has built on a data set of 2,500 verified insider incidents that resulted in sabotage or corporate threat. It’s important to define what exactly an insider threat is, Theis said. “[It’s] the potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally to act in a way that could negatively affect the organization.” The people who could be considered insiders encompass a wide range of individuals from current or former full-time employees, part-time employees, temporary employees, contractors, and trusted business partners.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Photo by Austin Distel on Unsplash