MITRE and DTEX Systems are raising risk awareness and improving cyber defence through recent partnership
2 February 2022
Now more than ever before, the workplace incorporates fast-paced and advanced technology. Employees are expected to do more and do so faster than ever before. This workforce requirement, coupled with the rise in the threat of nation-state adversaries aggressively targeting trusted insiders, is driving a call to action within Five Eyes' critical infrastructure organisations to manage insider risk more effectively while also protecting increasingly distributed and hybrid workforces, according to MITRE and DTEX Systems.
Julie Bowen, MITRE’s Senior Vice President of Operations and Outreach and Chief Legal Officer, states that the risk to critical infrastructure entities of the Five Eyes from insider threats is “very real”, and that compromises to these entities’ security will lead to a “damaging and lasting impact to these nations economies and the safety of their citizens.”
MITRE and DTEX Systems have partnered together under a non-exlcusive licensing agreement. The two companies will collaborate on behavioural-based research and will launch the MITRE Inside-R Protect - a program that will offer data-driven and community-oriented services. The goal of this partnership is to increase insider risk awareness and human-informed cyber defence strategies within industry and government.
MITRE Inside-R Protect will offer Five Eyes critical infrastructure organisations:
Expert review of existing or planned insider risk programs
An independent, data-driven, insider risk assessment and support for self-assessments
Continuous knowledge transfer and closed-door briefings on MITRE insider threat research and actual insider threat cases
Deanna Caputo, MITRE’s capability lead for insider threat, says “MITRE recognises three fundamental challenges in insider threat. First, there is a lack of data-driven, behaviour-based, and rigorous scientific evidence to understand these escalating risks.”
"Second, there is an over-reliance on frameworks and security controls focused on addressing external cyber threats.
"And third, insights are being made from a small pool of case studies that lack sufficient detail. We feel that these challenges must be addressed immediately as a component of our mission to solve problems for a safer world. We needed to raise the bar.”
MITRE and DTEX Systems, both members of the Australian Cyber Collaboration Centre, decided to elevate the conversation regarding insider risk in early 2020.
Sponsored by the Australian Cyber Collaboration Centre, MITRE and DTEX conducted a data-driven study of the modern insider threat landscape that was completed in May 2021.
Researchers explored how remote workers searched, collected, and exfiltrated real data on a live corporate network, and how their behaviour was affected by their intention (malicious vs. benign) and technical expertise (expertise agnostic vs. advanced technical expertise).
The study, Remote Worker Cyber Indicators of Malicious Insider Threat, identified and differentiated behavioural characteristics of malicious users from those of benign users. The results revealed multiple cyber indicators of real-life, malicious, remote workers.
Mohan Koo, DTEX Systems CTO and co-founder, says “insider threats - whether the result of a malicious insider, a compromised user, or a negligent employee - represent one of the greatest risks to an organisation's brand, intellectual property, workforce, and supply chain.”
"Our research with MITRE found new human behavioural indicators and sequences that represent markers that appear in nearly every insider threat event.
"These indicators, in the hands of MITRE's experts and scientists, and layered into our DTEX InTERCEPT platform, offer Five Eyes critical infrastructure entities an opportunity to identify and mitigate insider-born risks before data exfiltration, sabotage, and fraudulent behaviours result in permanent operational damage.”