Welcome to September, folks! Besides being the traditional back-to-school time of year (though I know many folks are already back in the classroom), September is also national insider threat awareness month (NITAM).
If you aren't familiar, NITAM was first observed in 2019 in the U.S., but now includes international participants, too. According to the U.S. government, this "annual, month-long campaign brings together thousands of U.S. security professionals and policy makers from government and industry, located in 25 countries around the globe, to educate government and industry about the risks posed by insider threats and the role of insider threat programs."
The Under Secretary of Defense for Intelligence & Security (USD(I&S)), the National Insider Threat Task Force, and the Defense Counterintelligence and Security Agency (DCSA) partner together with other stakeholder organizations to expand the impact and audience of the NITAM campaign each year. Organizations that participate in the campaign increase awareness and promote reporting of insider threats (InTs) across their workforces.
Insider threats can come from a number of directions, including when employees leave an organization and aren't properly offboarded, said Larry O’Connor, CEO and founder, Other World Computing (OWC).
“One of the most significant insider threats facing organizations today is the challenge of properly managing employee exits and access revocation. Even weeks or months after departure, it is all too common for exiting employees to still have lingering access to company systems and data. From there, malicious insiders can then steal sensitive data or sabotage critical systems rather easily by exploiting these oversights. And, as organizations have become more reliant on cloud services and remote work, unfortunately this risk has only grown," O'Connor said.
"Luckily, today we have robust identity and access management controls to mitigate these insider risks. This includes automating the process of disabling accounts across all apps and services when an employee leaves the company. Leveraging technologies like two-factor authentication and certificate-based authentication can also help prevent unauthorized access -- even if login credentials are compromised. Additionally, maintaining comprehensive, air-gapped backups of critical data is essential - this provides a secure fallback in case malicious insiders do manage to delete or encrypt production data," he said.
These insider attacks can be costly, said Carl D’Halluin, CTO, Datadobi. “National Insider Threat Awareness Month is a crucial reminder not to underestimate the significance of risks from within -- regardless of whether they are malicious or a result of negligence," D'Halluin said. "For a clearer picture of just how significant, the 2023 Cost of Insider Risks Global Report by the Ponemon Institute revealed that in 2023, the average annual cost of an insider risk rose to $16.2 million per organization, while the average time to contain an incident extended to 86 days, compared to $15.4 million and 85 days in 2022."
And they can come from unlikely sources you might not otherwise consider, including the humble PDF document format, said DeeDee Kato, vice president of corporate marketing, Foxit.
“This year during National Insider Threats Awareness Month I think it’s time to shine a light on the importance of robust document security measures – especially, when it comes to the often-overlooked PDF," Kato said. "Whether you are a government agency, a business, a healthcare provider, a financial institution – it is a safe bet that highly sensitive information is contained within your PDF docs. ... During this National Insider Threats Awareness Month and all the months to come… remain relentless in your pursuit to prevent insider threats – leave no stone unturned, and scrutinize every potential risk, even those that may appear benign, like the seemingly harmless PDF.”
As always, drop me a line at [email protected] if you have news to share or want to say hi!
Grab your coffee. Here's what else you need to know today.
Today’s Tech, Channel and MSP News
1. Mosyle acquires Assetbots: Apple device management and security services provider Mosyle announced the acquisition of Assetbots, an emerging asset management software company. Terms of the deal were not disclosed. Assetbots was founded with the goal of providing SMBs and schools high-quality, simple to use and affordable tools to keep track of their valuable items and devices, the companies said in a statement. Assetbots leverages specialized templates and strong automation to track the lifecycle of every single item of value, from IT, to furniture, musical instruments, tools, vehicles and any other asset critical for the operation of schools and SMBs, Assetbots said. Assetbots will continue to be led by its founder, Chad Burggraf, as an independent company but will receive strong support from Mosyle. SiliconAngle reported that while Assetbots is not known to have raised any equity venture capital funding coming into the acquisition, Mosyle is a venture capital-backed startup, having raised $410 million in funding, including a $196 million round in May 2022. Investors include Insight Partners LP, StepStone Group LP, Elephant Partners LP and Album Venture Partners.
2. Canva hikes subscription prices, cites 'AI features': Online design platform Canva has announced a price hike that will see some of Canva’s subscriptions jump by as much as 300% — with Teams now costing $135 a user per year, with a minimum of three users required on the account, according to SmartCompany. This could be problematic for SMBs. Canva attributed the increase to its investment into AI-powered design tools, which have been a major focus for the business over the last year. The news of the increase also follows a major platform redesign which has pivoted to focus more on business and enterprise customers.
3. GreatAmerica makes a flurry of new hires: GreatAmerica Financial Services Corporation has made a number of new hires aimed at expanding the company's reach into new markets. GreatAmerica announced last week it hired Jonathan Fales as the company's vice president and general manager of its Connected Technology division, the company said in a statement. Fales is a senior executive with more than 47 years’ experience in the U.S., Europe and Asia most recently serving as a divisional president. He is a former partner with The Alta Group and former executive with IBM Global Financing. Jonathan is a graduate of Vanderbilt University. GreatAmerica also announced the hiring of Taylor Coakley, VP sales, Kirk Sipes, director of business development, Cameron Sikes, director of business development, Dustin Roberts, strategic technology analyst, David Rieck, director of credit, Jon Anderson, account manager and Robert Finch, account manager. The company's hires are aimed at expanding its reach into the VAR and national service provider space, GreatAmerica said. Congratulations!
4. Fleet adds software services to hardware-leasing offerings: Bootstrapped startup Fleet is launching several software services on top of its hardware-as-a-service proposition, from device management to cybersecurity and insurance, TechCrunch reported. Originally, Fleet offered a way to rent hardware, so instead of spending a small fortune to acquire a bunch of laptops for their employees, small companies could use Fleet to lease devices and pay a monthly fee. Fleet's clients include traditional, small and medium enterprises that aren’t backed by VCs and are spread across 120 countries. Fleet told TechCrunch it now works with 1,500 companies and has around 100,000 users. It has offices in Paris, Barcelona and Berlin, and is about to open a new one in London. The goal is to become something like an IT department for these businesses, Fleet said.
5. Reyna Thompson takes over as TD SYNNEX president: TD SYNNEX today announced that Reyna Thompson will be appointed president of North America on December 1, following the departure of Peter Larocque, president of North America, who plans to transition to an advisory role on November 30. Thompson joined TD SYNNEX in 1993. Most recently, she led the North America Advanced Solutions business unit focused on cloud, security, data/AI and data center solutions. Congratulations!
In-Person MSP and Channel Partner Events
- AppDirect Thrive! September 17-19, Chicago, Illinois
- MSSP Alert Live, October 14-16, Austin, Texas
- Canalys North America Forum, October 22-24, Miami, Florida
- Kaseya Dattocon, October 28-30, 2024, Fontainebleau, Miami Beach, Florida
- Ingram Micro One, November 6-8, Gaylord Resort, Washington DC
- IT Nation Connect, November 6-8, Orlando, Florida
- OpenText World, November 19-21, The Venetian Resort, Las Vegas, Nevada