September is National Insider Threat Awareness Month. And if you pay a visit to the The Office of the Director of National Intelligence website, you’ll see this message:
The Acting Director of the National Counterintelligence and Security Center has issued his letter of endorsement for the fourth annual National Insider Threat Awareness Month in September 2022. Please join us during September to emphasize the importance of safeguarding our nation by detecting, deterring, and mitigating insider threats. If you would like to increase awareness in your workforce, visit the National Insider Threat Awareness Month website to learn more about the serious risks posed by insider threats and how to recognize and report anomalous/threatening activities to enable early intervention. The web page of the National Insider Threat Task Force also has resources available.
Keep in mind that an insider threat is someone who will use her/his authorized access, wittingly or unwittingly, to do harm to the security of the United States (as well as any other country or company). This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of departmental resources or capabilities.
I have commentary from three industry sources on National Insider Threat Awareness Month.
Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com):
“Over the past couple of years, work from home (WFH) has morphed into work from anywhere (WFA). While few would argue the horrors of the pandemic, WFA could be viewed as one small positive. Organizations and their employees have learned that we can work from virtually anywhere given the right circumstances. And by circumstances, I mean, support from leadership and the right technology.
Unfortunately, the WFA paradigm has also led to an exponential increase in cybersecurity attacks – not just from external cyber criminals but from malicious internal bad actors as well. And what makes the internal threat even more dangerous is that many of these bad actors are armed with knowledge of confidential internal security procedures, which adds to their ability to cause serious harm to your organization.
We saw quite a bit of this at the start of the pandemic when people were first sent home virtually overnight to work. Many organizations were forced to depend upon their virtual private networks (VPNs) for network access and security and then learned the hard way that VPNs were not up to the task. It became clear that VPNs simply were not designed or intended for the way we work today. Both external and internal bad actors could, were and are still exploiting inherent vulnerabilities in VPNs. Instead, forward looking IT organizations have discovered the answer to the VPN dilemma. It is an innovative and highly reliable approach to networking connectivity – the Software Defined Perimeter (SDP). This approach enables organizations to build a secure software-defined perimeter and use Zero Trust Network Access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT: without having to reconfigure networks or set up complicated and problematic VPNs. With SDP, organizations can ensure safe, fast and easy network and data access; while slamming the door on potential cybercriminals.”
Surya Varanasi, CTO, StorCentric (www.storcentric.com):
“This September 2022 marks the fourth annual National Insider Threat Awareness month. It aims to shine a spotlight on the critical importance of defending against, detecting and mitigating damages from insider threats. Indeed ransomware and other types of malicious malware attacks are not only perpetrated by external cybercriminals, but internal bad actors as well. And, the expense is not only measured in ransomware payments, but also the almost incalculable cost of operations downtime, lost revenue, legal fees, regulations compliance penalties, a rise in insurance premiums, and/or a loss of customer trust.
The need to backup data has become ubiquitous. But now, as ransomware and other malware attacks continue to increase in severity and sophistication, we understand the need to protect backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.
What is required is an Unbreakable Backup solution that is able to create an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection. Additionally, the Unbreakable Backup solution should include policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention. Ideally, it should also deliver high availability with dual controllers and RAID-based protection that can provide data access in the event of component failure. In deployment of such a solution, recovery of data will also be faster because RAID-protected disk arrays are able to read faster than they can write. With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact the organization’s bottom-line objectives.”
Brian Dunagan, Vice President of Engineering, Retrospect, a StorCentric Company (www.retrospect.com):
“During National Insider Threat Awareness month we are reminded of the multitude of reasons a sound data backup strategy and proven solutions are critical. Given today’s economic and geopolitical climate it is a given that at some point virtually all organizations will suffer a successful cyber-attack be it from internal or external forces. Given this inevitability, it makes sense that the end customers I speak with, whether they are from private, public, or government organizations, are putting an increasing focus on their ability to detect and recover as quickly, cost-effectively and painlessly as possible.
A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes.
Certainly, the next step after detecting the anomaly is providing the ability to recover in the event of a successful ransomware attack. This is best accomplished with an immutable backup copy of data (a.k.a., object locking) which makes certain that the data backup cannot be altered or changed in any way.”
Bob Erdman, Director of Development, Threat Intelligence For HelpSystems
Insider threats are not only malicious, but many times they are accidental.
A purposeful user may be upset and want to cause damage to the organization, or they may be motivated by monetary gains (bribes) and disclose information to third parties. They may even be placed there by outside actors looking to gain knowledge of practices, procedures and intellectual property. More and more there are instances of nation states engaging in this industrial espionage.
On the other hand, accidental compromise is also very common. Users fall victim to malicious phishing or BEC scams and expose their credentials or other damaging information about the organization that is then used by malicious actors to gather intelligence and potentially cause damage to the user’s company. This is not only a problem for the employees of the organization but also can be caused by any third party partner, contractor or member of the supply chain that can be used as an initial entry point into the final target’s enterprise.
John Grancarich, EVP, Strategy For HelpSystems
One click – that’s all it takes for an unsuspecting user to be lured down the path of credential theft. And once the first set of credentials has been compromised, the front door of your organization is wide open, and it won’t stop there. So, take the time to invest in awareness and in training. It turns out that our parents’ advice to us as we were growing up is relevant to security as well: an ounce of prevention is worth a pound of cure.
Tom Huntington, EVP of Technical Solutions For HelpSystems
When is the greatest threat to an organization’s intellectual property? It is when that insider decides to move on to their next career advancement and they decide to take along a little intelligence that they deem not harmful but certainly puts the incumbent company’s property at risk to be shared to a competitor or outside threat. End point security should be able to monitor this activity and provide comprehensive reporting of all the ins and outs of the data. Did they print, use a USB or email something to their external provider? What really happened during their exit from the company? Proper data loss prevention technology should provide the tracking of your data and the prevention of this activity.
Donnie MacColl, Senior Director of Technical Support For HelpSystems
“It is far better to prevent than to detect and remediate. There are now many factors that may persuade insiders to act as a threat. Financial motives are always attractive, and now with a poor global financial situation and the rising cost of living, simple acts like handing over a password for monetary gain are becoming more attractive to many people who would have never usually considered it. Anybody who has or had privileged access needs to be thought of as a part of the data lifecycle from their first day to their last. Companies are great at giving new employees access (usually too much access) to items they need to perform their role. However, if they move roles, they tend to cumulatively inherit more rights and access rather than close off previous access and start again. Imagine giving a tradesperson a key to your house, but never asking for it back when the job is done! That is what happens when an employee leaves and their access is not fully and immediately removed. This calls for a need for technology such as automated onboarding and offboarding, so no one slips through the cracks.”
A Follow Up To My Experience With TCL’s Service Team
Posted in Commentary with tags TCL on September 2, 2022 by itnerdI recently had some of the backlights of my TCL 43″ TV fail. That gave me the opportunity to upgrade to a new TCL 50″ TV. But that still left me with what to do with the 43″ TV. Ideally I would like to get it repaired so that I could resell it and make sure that it didn’t end up in a landfill site. But I have had issues with TCL’s support in the past. In my review of the 50″ TV, I said this:
Now, before I wrap things up, I’d like to point out one thing about TCL. Their support in my experience has tended to not be that good based on my previous interactions with them. Though that was about 18 months ago and maybe they have improved things since then. I guess I am about to find out as I have a request into them to get my old TV repaired. But the reason why I am pointing this out is that a company who makes a product adds value to it by having good support so that if you need it, they can help you. Conversely, if a company doesn’t provide good support, it detracts from the value of the product. And because of that, I feel I feel it is important to let you know how a company is going to treat you before you put down your hard earned money.
Let me describe how my service experience went. First I filled out a form on their contact us page asking TCL where I could take the TV for repair. That was on Friday night. On Sunday afternoon I got a reply saying that TCL has no repair centres, and then the customer service rep. tried to walk me through resetting the TV as they felt that this was a software issue. I told them that I had done the troubleshooting that they were suggesting and reiterated that any suggestions that I could for a place to take it to repair would be welcome. But they didn’t offer anything on that front.
Undeterred, I called them the next day. The first time I called them I was told by an automated system that there would be a 13 minute wait. But I did have the option of requesting a call back. So I chose that option and hung up.
Three hours later, no call back. #Fail.
This is where I will point out to TCL that if you have a service that allows your customers to schedule a call back, you need to actually call them back or you look like you don’t care about your customers.
So I called back and got through in three minutes. I asked the customer service rep where I could take the TV for repair. The rep put me on hold as he didn’t know the answer. Then came back and told me that they didn’t have authorized repair centres. So I should take it to anyone who is “qualified” to repair TVs. I thanked him and hung up.
Some free advice for TCL. Not having authorized repair centres really makes your products look second hand when compared to compared to competitors who do. Not only that, TV sets should not be considered to be “disposable items” in an age where diverting e-waste from landfills is a thing. Thus you need to give those who purchase your products options in terms of repair so that the life of your products is extended. By doing that, it enhances the value of your products and how you as a company is perceived.
Since TCL said I was on my own, I did some research and came across an article which listed the alleged best TV repair operations here in Toronto. I contacted all of them via their contact forms, but the only one who responded via email was Action TV Repairs. A person named Harjinder responded in under an hour and gave me an address to bring the TV to. Which turned out to be his home in Mississauga ON. I handed the TV to his wife and within two hours I got an email from them telling me that I needed to replace all the backlights as they would all eventually fail and just replacing two would result in the picture having uneven brightness levels. Total cost: $250 all in. I told him to go ahead. Two hours after that he emailed me to say it was ready which blew me away in terms of how fast he was able to repair the TV. I picked the TV up the next day, but not before he demonstrated that everything was working. I paid him cash and I was on my way.
I was impressed by Harjinder and the level of service that he provided. If you need a TV repaired, I would recommend Action TV Repairs without hesitation. I’ve since factory reset the TV and I will putting ads on Craigslist and similar services so that I can find a new home for this TV.
So, it’s clear that TCL has some improvements to do on the customer service front. And if they wanted a model to copy, Harjinder form Action TV Repairs would be my choice for them to copy. He went above and beyond to get my TV repaired and I can’t thank him enough and I would recommend him without hesitation. So in this case, I guess that assuming that I can sell the TV, all’s well that ends well I guess.
Leave a comment »