Even Tesla isn't beyond an Insider Threat Program

Everyone may have been taken aback by the fact that Tesla, a leader in electric vehicle manufacture, was hacked from the inside.  Reported by CNBC, "Musk said this person had conducted 'quite extensive and damaging sabotage' to the company's operations, including by changing code to an internal product and exporting data to outsiders." 

It appears the electric vehicle giant was overly trusting of its current executives and employees to allow such a thing to happen.  Perhaps a real insider threat prevention program (ITPP) would have prevented this mishap.  Real ITPPs are based in practice and culture.  Understanding critical assets, defining policies and enforcement, monitoring employee actions, defining separation of specific duties, and understanding system change controls are just some of the areas where organizations with significant intellectual property can start to protect their investments.

Trust Soteritech to help with these objectives.


Could an Executive be an Insider Threat?

Not usually, but consider this.  An Executive of your organization, who typically has broad access to files and information about employees and inventions, is bored one Friday afternoon and starts poking around on the company intranet.  He finds he has access to lots of information about the company's R&D... because of his stature.  Some of the new inventions seem pretty cool and he sees some plans for the "next big thing".  Well it's 4:30pm and he doesn't have time to read the whole thing so he downloads it onto his computer to read over the weekend.  The weekend comes and goes.  The file still exists.  The Exec's computer is stolen the next week from his car in a parking garage.  The rest... as they say... is history.  The Chinese build the new invention at a fraction of the cost and begin to sell it, thus putting the Exec's company out of business.  

CIOInsight tells of similar situations.  This is serious.  Executives need to be trained on how to protect their organization's intellectual property.  Soteritech can help.


Insider Threat Tip Line - A free service

Sometimes the hardest thing about voicing a potential insider threat is losing your anonymity. You may see something suspicious but let it go simply because you don't want to be seen as a snitch or potentially be wrong about the suspicion.  Soteritech is proud to intermediate this free service.  As a trusted advisor and advocate for reducing the damage caused by insider threats, anyone can submit an insider threat tip using our secure form, and remain anonymous to your organization... That's our guarantee.  Organizations are encouraged to make our service a standard part of their insider threat detection initiatives.

Dear Healthcare Provider... How's your Insider Threat Program?

Ever wonder whether or not your personal information... your "really personal" information is safe with your healthcare provider?  How many times have you stepped up to the window and been asked about your social security number... or what's your reason for the visit?  Then you put it all down on a piece of paper and hand it to the receptionist.  Well... what happens to that piece of paper?  Ever wonder how long it sits on someone's desk?  Ever wonder how long it takes to get safely tucked away in a folder... a folder stuck in a file cabinet... that anyone can access during the day?  

Not talking about a systems breach here, but a data breach none the less.  Imagine an employee making copies of the personal information of all patients in a clinic, or a hospital.  Then they sell it on the dark web to the highest bidder.  All of the sudden patient trust is destroyed, and along with it your organization's reputation.  You could be a great physician, but if something like this happens your practice could be toast.  

Solution:  Monitor your trusted employees with InsiderAssess.  It's a simple online tool that asks your employees a few simple questions every three months or so to help you analyze their situation... their loyalty; their mental state; their general commitment to their oath to serve patients.  Soteritech's InsiderAssess tool makes this type of simple proactive monitoring a reality.

Find out more... 

And Now for Something Completely Different...

Well not that far off.  As you know, Soteritech provides support for organizations looking to develop effective Insider Threat prevention and detection programs.  What you may not know is that if insider threats become violent, we also train organizations on how to effectively respond to those situations as well.  Our sister organization (Sote.pro) provides select individuals in your organization with active shooter awareness and handgun safety training.  This includes classroom instruction as well as range time.  If your organization has significant intellectual property, our training could provide an added layer of protection you need.

A New Partner

Soteritech, LLC is excited to announce a new partnership with Kuma (www.Kuma.pro).  Kuma provides privacy risk, information security, and identity management consulting as well as tools to help companies utilize the proper levels of access to classified, sensitive and open data.  Kuma brings significant expertise and qualifications in the areas of identity, privacy, security and risk management, as well as compliance and certification.  Kuma helps organizations achieve FICAM, HIPAA, ISO 27K, PKI and FedRamp certifications.  Kuma is a great complement to Soteritech’s cyber insider threat detection and prevention services.  We’re looking forward to a long and strategic relationship.


VA man charged with espionage... Let's make it STOP.

Ok... This is becoming all too common these days, and it's got to STOP.  It's been in the news recently about a Virginia man, ex-military, transmitting top secret documents to the Chinese.  The problem we have with detecting insider threats is that we don't "discover" them until after the damage is done.  Why aren't we (why isn't our Government) taking this seriously to the point of starting early detection programs for all cleared employees and contractors?

Soteritech has an early detection tool called InsiderAssess.  We've partnered with an international organization with an amazing AI tool that can help discover insider threats well before they become a real problem.  Don't let your organization's intellectual property... your hard work... become the fodder of a low-budget Chinese organization.  We can help detect these insiders proactively.  Please reach out to us and let us show you how... Soteritech.com.

Does moving to the Cloud increase your chance of Insider Threat?

Do you believe moving to the Cloud to obtain your computing power could increase your chances of being compromised by an insider threat?  Well, according to MeriTalk, it very well could... and I believe it.

"Increased migration to and applications in the cloud make it more difficult to identify insider threats, according to 59 percent of government employees that responded to the MeriTalk Inside Job survey, underwritten by Symantec and released on May 15."

These findings are significant as everyone has believed going with an Amazon, a Google, a Microsoft, or some other known cloud commodity solution would ensure protection from all harm.  We all need to face it, insiders with privileged access to information necessary to do their jobs are the very ones who can be compromised.  

Employee Loyalty

Great article on employee loyalty from InfoSecurity Magazine.  “People over-estimate how loyal employees are, and how loyal they can be, but they are more loyal to themselves than the company that they work for,” states Jenny Radcliffe, social engineering professional.  

I agree with the statement, especially when individuals (employees) get backed into a corner by their own situations.  It doesn't take much for an employee to get desperate... financial hardship, divorce, addiction, depression.  Any of these can turn a perfectly normal individual into something they are typically not.  The critical element is noticing the signs/behaviors, and getting help for the individual before they cross the tipping point.  One way to help is to use the Soteritech Tip Line... a free service to notify the right people in your organization about fellow employees showing the warning signs.

NISPOM Change 2 Deadline Approaching

On May 18, 2016, the Department of Defense published Change 2 to DoD 5220.22-M, “National Industrial Security Operating Manual (NISPOM). ”NISPOM Change 2 requires contractors to establish and maintain an insider threat program to detect, deter and mitigate insider threats.  Specifically, the program must gather, integrate, and report relevant and credible information covered by any of the 13 personnel security adjudicative guidelines that is indicative of a potential or actual insider threat to deter cleared employees from becoming insider threats; detect insiders who pose a risk to classified information; and mitigate the risk of an insider threat.  Contractors must have a written program plan in place to begin implementing insider threat requirements of Change 2 no later than November 30, 2016.

Are you ready?  Soteritech can help.

Impact of 500 Million Pages

So what's the impact of stealing 500 million pages of classified NSA information?  PSBE Cyber News Group reports on the Harold Martin III government property thefts including NSA documents and top secret hacking tools.  Stolen data includes information on federal employees.  "If all data stolen by Martin found indeed classified, it would be the largest NSA heist, far bigger than Edward Snowden leaks."

Another Contractor Arrested

So another Booz Allen contractor was arrested for a NSA breach.  Washington Technology reported that "The search uncovered hard-copy documents and digital information that was stored on various devices and removable storage devices.  The documents were marked as Top Secret and Sensitive Compartmented Information. The search also found $1,000 worth of stolen government property."

As these types of stories continue to reach the news, I am more curious about the indicators that must have been present prior to, or even during these events occurring.  Were they based on greed... revenge... family need... allegiance to a foreign nation?  We may never know the true reason... but it happened... and it will have an impact on our nation.

Training your company or agency on 1) how to recognize insider threats; 2) where to report insider threat indicators within your organization; and 3) how to feel comfortable reporting questionable colleagues; is of utmost importance to the security of our nation.

A New Partnership

Soteritech has officially entered into a reseller agreement with our friends at IntelligentID.  Their software is second to none for low-impact, high-value employee and contractor activity monitoring on your networks.  The price-point is amazing for the value they bring to the table for an early-warning, network and storage monitoring system.  Centralized dashboards provide proactive notification of un-authorized activity.  Notifications can be fully customized to meet the client's needs and culture.  I am excited to add the IntelligentID service as part of Soteritech helping organizations implement a Culture of Security.  See how you can get Culture of Security Certified.

Don't Click That! Part 2

As a follow up to the wildly successful Soteritech blog post Don't Click That!, we present Don't Click That! Part 2.  A recent study by Duo Security found that 31% of challenged users (those presented with mock phishing attacks) actually clicked on the links.  Astonishingly, 17% actually provided their user ids and passwords.  The study was conducted over an approximate one month period across 400 organizations.  The results were far from stellar, and are indicative of the damage that could be done to your organization by the unwitting employee.  Let's get them trained shall we?... And make security a part of our corporate culture.

Insider threat damage

Good article from CBR regarding the impact of insider threat damage.  While the article focuses mainly on public companies.  The impact on privately held organizations can be just as crippling.

"Insider attacks cut to the core of an organisation – not only does it put into question security policies, authentication methods, segmentation, encryption, monitoring and other proven countermeasures, it also puts into question employees and the level of trust given to certain individuals in the organisation."