Merlin Labs Memo -- Week of February 12-16
Behind Enemy Lines: Navigating Insider Threats
In the ever-evolving cybersecurity landscape, one aspect that continues to garner attention is the threat insiders pose. Like stealthy spies infiltrating enemy lines, insiders with access to sensitive systems and information can wreak havoc on an organization's security posture. According to recent studies, insider threats are responsible for significant data breaches worldwide, highlighting the need for robust measures to mitigate this risk.
Insider threats can manifest in various forms, ranging from negligent employees who inadvertently compromise security protocols to malicious insiders seeking to steal or sabotage data for personal gain or vendetta. Furthermore, the proliferation of remote work arrangements has exacerbated the challenge of monitoring and controlling insider activities as traditional perimeter-based security measures become less effective in the face of dispersed networks and endpoints.
Organizations must adopt a multi-faceted approach to combat insider threats, incorporating technical controls, such as access controls and encryption, and non-technical measures, such as employee training and awareness programs. Additionally, implementing behavioral analytics and monitoring solutions like CyberArk User Behavior Analytics (UBA) can help identify abnormal activities indicative of insider threats, allowing for timely intervention and remediation. Embracing Zero Trust principles can also assist organizations in mitigating insider threats by ensuring that access is continuously verified and restricted based on least privilege.
Our Take: While it's undeniable that insider threats pose a significant risk to cybersecurity, it's equally important not to overlook insiders' contributions to an organization's security posture. Employees are often the first defense against cyber threats and cultivating a culture of security awareness, and vigilance can empower them to detect and report suspicious activities effectively.
Rather than viewing insiders solely as potential liabilities, organizations should strive to foster a culture of trust and transparency where employees feel valued and invested in safeguarding sensitive information. By promoting open communication channels and providing ongoing education and support, companies can enlist employees as active participants in the fight against cyber threats, turning them into valuable assets rather than liabilities.
Just as spies turned double agents can be assets in the field, adequately engaged and empowered insiders can become invaluable allies in the battle against cyber threats. While insider threats remain a legitimate concern in cybersecurity, organizations can mitigate this risk by adopting a holistic approach that combines technological defenses with proactive employee engagement and empowerment. By leveraging the collective efforts of insiders, companies can bolster their resilience against cyber threats and foster a culture of security that permeates the entire organization. – Daniel McGregor
Additional Reading:
Update to FAR Requires "full access" to Breached Federal IT Systems
In a draft update to the Federal Acquisition Regulation (FAR), which itself stems from Biden’s 2021 executive order, tighter requirements for detected breaches are on order. The update would require breach reporting within 8 hours of the detected incident, maintaining Software Bill of Materials (SBOM) for systems in the federal space, and granting CISA and federal law enforcement full access to IT systems and personnel when they are impacted by a breach.
While vendors claim that such requirements are burdensome and even unrealistic in the case of cloud vendors that have hundreds of changes per day, the federal government response is that major incidents like the Colonial Pipeline breach illustrate the need for underscoring the compliance with requirements to report incidents and share information to be eligible for payment in a government contract.
Our Take: Is this as the vendors see it, as a reach too far that would have chilling effects on non-federal customers that do not want their data and information exposed in the wake of a breach that impacted someone else? Or is the federal government more convincing with its argument that we must have tighter requirements in order to protect against and survive cyberattacks? But, even then, there are many differing federal requirements, so it’s understandable that vendors would raise an issue with tightening things up.
What could help would be standardization of reporting and information-sharing across departments. That’s a wish-list item, but something well worth asking for. All parties benefit from streamlined regulations that are either standalone or in harmony with other regulations. The Information Technology Industry Council (ITIC) asked for as much in its comments on the draft, asking that one agency – CISA – act as a focal point for all reporting and investigation.
At the same time, I’m not moved by vendors that say investigations could jeopardize their non-federal customers. The idea behind this is to strengthen security. It may be well for us if there are additional safeguards that isolate governmental systems from non-governmental ones. We can compartmentalize both network architectures as well as business operations. This could lead to contractors picking and choosing to service one market or the other, but that itself would be just one more form of compartmentalization.
Recommended by LinkedIn
All in all, we know that breaches will happen. We need to have things set up so that when they do happen, we reduce the time to respond and contain them so that their negative impact is minimized. I think that the draft update is a step in the right direction, but it’s a path we must continue to walk, hopefully towards more uniform regulatory regimes. – Dean Webb
Additional Reading:
Game-Changing Cybersecurity: Unpacking CrowdStrike's Super Bowl Moves
Staying ahead of the curve is essential. That's why CrowdStrike, a leading cybersecurity company, made headlines yet again with their Super Bowl commercial, "The Future." This year marked their second consecutive appearance on the biggest advertising stage, demonstrating their unwavering commitment to raising awareness about cybersecurity threats and solutions.
"The Future" commercial takes viewers on a journey through the Wild West, cleverly illustrating the modern-day challenges of cybersecurity within the context of a classic frontier setting. As bandits attempt to breach a town's defenses, CrowdStrike swoops in as the digital sheriff, thwarting the attackers with their advanced cybersecurity solutions.
This creative approach captivates audiences and highlights the real-world problem space that CrowdStrike addresses in the cybersecurity marketplace. Like the Wild West, the digital landscape is fraught with danger, where businesses and individuals are constantly threatened by cybercriminals seeking to exploit vulnerabilities for their gain.
CrowdStrike's Super Bowl commercial underscores the importance of proactive cybersecurity measures in safeguarding against these threats. Investing in cutting-edge technology and expertise empowers organizations to defend themselves effectively in the ever-evolving cyber battleground.
Our Take: We applaud CrowdStrike's efforts to raise awareness about the critical importance of cybersecurity on such a prominent platform. Their Super Bowl commercial showcases their passion for the field and serves as a reminder of the ongoing battle we face against cyber threats.
CrowdStrike's Wild West-themed commercial effectively captures the imagination while driving home the seriousness of the cybersecurity landscape. By embracing innovation and leveraging their platform to educate and inspire, CrowdStrike sets a commendable example for the industry.
"The Future" commercial represents more than just a marketing move—it's a statement of purpose from a company dedicated to revolutionizing cybersecurity. As professionals committed to protecting digital assets, we stand behind CrowdStrike in their mission to secure the digital frontier. – Daniel McGregor
Additional Reading:
Readers of our Newsletter: What’s working, what’s not, and what’s on your mind? Leave a comment below or email labs@merlincyber.com. Thank you!