How the Dark Web Presents New Insider Threats
Carnegie Mellon's Michael Theis Offers Update on Latest TrendsOrganizations in all sectors need to be aware of newly emerging insider threats, including those tied to the dark web, says Michael Theis of Carnegie Mellon's CERT Insider Threat Center.
See Also: Best Practices to Protect Communication and Email Fraud with Technology
"Recently, there's been some research that's shown that [criminals on] the dark web have been reaching out to insiders to buy their login credentials or get them to sell intellectual property," Theis says. "On the other side, we've seen insiders looking for extra money going to the dark web looking to sell their login credentials."
Another emerging threat, Theis says, is ransomware designed to steal intellectual property, rather than earn a ransom payment. The criminals use the malware to encrypt data and then extort insiders to release certain IP in exchange for decryption.
To battle these and other emerging insider threats, organizations must educate staff about the latest cyberattack trends and, as always, limit the amount of data users can access with their credentials, Theis stresses.
In a video interview at Information Security Media Group's recent Healthcare Security Summit in New York, Theis also:
- Discusses why the healthcare sector is a prime target for cyberattacks;
- Stresses the need to "bake in security" when developing internet-of-things devices.
Theis is chief counterintelligence expert at Carnegie Mellon's CERT Insider Threat Center. He has more than 25 years of experience as a counterintelligence supervisory special agent supporting the U.S. intelligence community, and more than 30 years of concurrent computer systems engineering experience. At Carnegie Mellon's CERT Insider Threat Center, Theis focuses on research and development of socio-technical controls in computational endoparacology. Previously, he was the first cyber counterintelligence program manager for the National Reconnaissance Office, where he served as chief of cyber-CI investigations and operations for more than six years.