Insider Threats and Cyber: Weekly Cybersecurity Brief

insider threats
Share on facebook
Share on linkedin
Share on twitter
Share on email
Share on whatsapp

What is the importance of employee trust in the workplace? Well, in the cyber world, employee trust is paramount.  Insider threats or cyberattacks from employees or contractors could lead to major malware attacks, security breaches and more. Articles by Wang Wei from The Hacker News, Catalin Cimpanu from ZDNet, and Paul M. Nakasone along with Michael Sulmeyer from Foreign Affairs demonstrate why employee loyalty and training is critical in any cybersecurity insider threat program  and dictate prevention methods if something does not go as planned.

Back in 2016 Uber’s chief security officer, Joe Sullivan, paid hackers $100,000 to keep a major security breach a secret. The breach involved stolen data of 57 million riders’ names, emails, and phone numbers along with 600,000 driver’s license numbers. Sullivan left Uber back in 2017 when the incident went public but is being put on trial this month for the felony. If Sullivan is found guilty, he could face up to eight years in prison and $500,000 in fines. Although Sullivan was not responsible for the attack himself, he proved to be disloyal to his company by not taking enough preventative measures towards an incident that put millions of consumers at risk.

Uber is not the only company who experienced an insider threat. Last week Instacart discovered that two contractors reportedly accessed the private profiles of 2,130 shoppers. This is not the first security issue Instacart has experienced. Earlier this year hackers put 278,531 Instacart accounts on the dark web. The main reason why this attack occurred is because Instacart did not verify that its employees were not potential threats. This lack of verification led to access to tons of confidential customer data.

Threats attacking from the inside of an organization can be avoided. The Cyber Command, a U.S. organization dedicated to protecting U.S. military networks, gives one key strategy for preventing hacks. This strategy is to treat every host as a potential threat. In other words, assume the enemy knows the system. This method will prevent disloyal employees from getting their hands on anything that they should not. All in all, taking a preventative measure could do wonders.

 Insider threats have been on the rise and have increased 47% since 2018.   As a result, organizations must make insider threat programs a part of their overall cybersecurity program. 

Key Takeaways

Former Uber Security Chief Charged Over Covering Up 2016 Data Breach – Wang Wei, The Hacker News

  • In 2016 Uber experienced a data breach where 57 million riders’ names, emails and phone numbers were exposed along with 600,000 driver license numbers
  • Uber’s former chief security officer, Joe Sullivan, paid hackers $100,000 to keep the breach a secret
  • If Sullivan is found guilty, he could face up to eight years in prison and $500,000 in fines

Instacart discloses security incident caused by two contractors – Catalin Cimpanu, ZDNet

  • Two contractors working for Instacart reportedly accessed the profiles of 2,130 shoppers
  • Instacart discovered the breach while performing a routine security audit.
  • This is not the first security issue Instacart has experienced. Earlier this year hackers put 278,531 accounts on the dark web

How to Compete in Cyber Space – Paul M. Nakasone and Michael Sulmeyer, Foreign Affairs

  • Over the last 10 years Cyber Command has pivoted from a defensive strategy to a proactive strategy when it comes to cybersecurity
  • Cyber Command’s role is to protect U.S. military networks, defend the U.S. from cyberattacks and direct cyber effects operations abroad.
  • Another Cyber Command strategy is to treat every host as a potential threat, assume the enemy knows the system
  • The following strategy is to train military commanders to treat every computer network as essential, not an afterthought

Sources:

https://www.foreignaffairs.com/articles/united-states/2020-08-25/cybersecurity

https://thehackernews.com/2020/08/uber-data-breach-cover-ups.html

https://www.zdnet.com/article/instacart-discloses-security-incident-caused-by-two-contractors/

Discover More: