IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
MITRE and DTEX Systems partner to raise risk awareness and improve cyber defence
Wed, 2nd Feb 2022
FYI, this story is more than a year old

MITRE and DTEX Systems have partnered with the shared intention of elevating insider risk awareness and human-informed cyber defence strategies. The pair will do this through behavioural-based research and the launch of the MITRE Inside-R Protect program.

Today's employees work within a high-paced, technology-enabled world where they are asked to do more and do so faster than ever before.

This workforce requirement, coupled with the rise in the threat of nation-state adversaries aggressively targeting trusted insiders, is driving a call to action within Five Eyes' critical infrastructure organisations to manage insider risk more effectively while also protecting increasingly distributed and hybrid workforces, the companies state.

MITRE's senior vice president of operations and outreach and chief legal officer, Julie Bowen, says, “The risk to the critical infrastructure entities of the Five Eyes from insider threats is very real, and any compromise to the security of these entities will have a damaging and lasting impact to these nations economies and the safety of their citizens.

Under a non-exclusive licensing agreement, MITRE and DTEX will conduct collaborative research and deliver MITRE Inside-R Protect as a set of data-driven, community-oriented service offerings designed to help industry and government elevate their insider risk programs using behavioural sciences.

MITRE Inside-R Protect will offer Five Eyes critical infrastructure organisations the following service offerings: expert review of existing or planned insider risk programs; an independent, data-driven, insider risk assessment and support for self-assessments; and continuous knowledge transfer and closed-door briefings on MITRE insider threat research and actual insider threat cases.

MITRE's capability lead for insider threat Deanna Caputo says, “MITRE recognises three fundamental challenges in insider threat. First, there is a lack of data-driven, behaviour-based, and rigorous scientific evidence to understand these escalating risks.

"Second, there is an over-reliance on frameworks and security controls focused on addressing external cyber threats.

"And third, insights are being made from a small pool of case studies that lack sufficient detail. We feel that these challenges must be addressed immediately as a component of our mission to solve problems for a safer world. We needed to raise the bar.

MITRE and DTEX Systems, both members of the Australian Cyber Collaboration Centre (A3C), decided to elevate the conversation regarding insider risk in early 2020.

Sponsored by the A3C, MITRE and DTEX conducted a data-driven study of the modern insider threat landscape that was completed in May of 2021.

Researchers explored how remote workers searched, collected, and exfiltrated real data on a live corporate network, and how their behaviour was affected by their intention (malicious vs. benign) and technical expertise (expertise agnostic vs. advanced technical expertise).

The study, Remote Worker Cyber Indicators of Malicious Insider Threat, identified and differentiated behavioural characteristics of malicious users from those of benign users. The results revealed multiple cyber indicators of real-life, malicious, remote workers.

DTEX Systems CTO and co-founder Mohan Koo says, “Insider threats, whether the result of a malicious insider, a compromised user, or a negligent employee, represent one of the greatest risks to an organisation's brand, intellectual property, workforce, and supply chain.

"Our research with MITRE found new human behavioural indicators and sequences that represent markers that appear in nearly every insider threat event.

"These indicators, in the hands of MITRE's experts and scientists, and layered into our DTEX InTERCEPT platform, offer Five Eyes critical infrastructure entities an opportunity to identify and mitigate insider-born risks before data exfiltration, sabotage, and fraudulent behaviours result in permanent operational damage.