Insight Partners, VC Giant, Falls to Social Engineering

Insight Partners, the venture capital fund that has investments in multiple cybersecurity firms, has confirmed a data breach.

According to a notice on its website, cyberattackers infiltrated Insight's systems on Jan. 16 in a "sophisticated" attack that involved social engineering. Incident response teams mitigated the breach within "hours," the company said, and it saw no operational disruption, but the incident once again highlights the weakness of the human element in cyber-defense.

"We notified stakeholders connected to Insight in January to alert them and encourage vigilance and tightened security protocols irrespective of having shared data compromised," the company noted. "We also notified law enforcement in relevant jurisdictions."

Insight has invested in scores of top cybersecurity companies, including Armis, Checkmarx, Recorded Future, SentinelOne, and Wiz. Additional details on the attack, such as whether such portfolio companies were affected by the breach and what information the attackers accessed, are, for now, unavailable. But the incident has the potential to be far-ranging, Dirk Schrader, vice president of security research at Netwrix, speculated.

"Insight Partners manages more than 500 current investments with a team of about 140 professionals," he said via email. "The nature of their business at this scale means a lot of interactions with barely known or totally unknown contacts and a massive number of sensitive messages sent and received."

Related:What Is the Board's Role in Cyber-Risk Management in OT Environments?

He added, "This creates a vast potential for attackers to inject themselves into such an exchange, posing as a known contact and asking for some urgent action to avoid harmful consequences for an organization. Attacks like this one once again highlight that the verification of the information received from external sources should not be underestimated."

Hardening Cyber Defenses Against Social Engineering

A majority of successful cyberattacks against businesses still start with social engineering, and user awareness training on spotting phishing and inauthentic communications remains the top line of defense against it. However, there are other best practices that should go along with that, Schrader said.

"Organizations should establish secure communication channels with partners that can be used to verify such messages received," he advised, adding, "technical methods to prevent the impact of social engineering attacks on an organization's sensitive data include implementing privileged access management (PAM) and multifactor authentication (MFA) tools. By combining PAM and MFA, organizations can ensure that even if an attacker gains access to valid credentials, they will still face additional authentication barriers and strict access controls, significantly reducing the risk of unauthorized access."

Related:This Security Firm's 'Bias' Is Also Its Superpower