o Welcome to episode 1 of The Insider Threat podcast.
o This is the week of May 15th, 2017.
o I'm your host, Steve Higdon.
·
Quick Announcements Segment
o First episode
o This all started a long time ago when I began writing blog posts
and articles centered on selling information security to business minded
people. That got me going down the rabbit hole of how to influence the people
that impact security.
o Then I started seeing headlines all over the place claiming that
insider threats or the human factor was the weakest link in organizations.
o Heck, a quick google search right now shows headlines claiming
that "insiders are today's biggest security threat", "insider
threats responsible for 43% of data breaches", "58% of Information
Security Incidents Attributed to Insider Threat", and the list goes on.
o I've heard the hosts of Paul's Security Weekly podcast (and by the
way, if you don't listen to them and you are in this industry, you really need
to. In fact, you have my permission. Pause this episode and subscribe to their
shows right now. I'll wait.), so anyway, they said that when they go out on
pentests they often suggest to their clients that they start with the
assumption that they have already infiltrated the network because if they do a
simple phishing campaign, one in ten employees is going to click on the link or
open the attachment. Making this assumption would save everyone time and money.
o The topic of insider threat has almost become a marketing
buzzphrase now. There are several new products on the market in the areas of
user behavior analytics, data loss prevention, machine learning, and artificial
intelligence. Now if any of you are working on your bingo cards, they should be
just about filled up.
o On a serious note though, this certainly is a problem and there
are multiple types of solutions on the market to address it. That is what this
podcast is gonna be about.
o I really want your listener feedback on this. What are you doing
in your organization to deal with the human factor? What do you wish you were
able to do? Please leave comments at the link in the show notes or contact me
directly on twitter or email. I'll give you that information at the end of the
episode. Not only will your feedback give me more to talk about on the show,
but it will also help others in the industry who are trying to tackle the same
problem. Who knows, I may even be able to do some shout outs to you all if
commentary becomes a regular thing.
·
News Segment
o Articles
·
SC Magazine UK - Max
Metzger - Hospitals turn patients away as NHS caught up in global ransomware
attack
·
WannaCrypt0r, one of the largest
ransomware attacks ever occurred on Friday, May 12th, 2017, and is reported to
have effected organizations in almost 99 different countries across the globe.
·
The virus first hit
headlines as it knocked computers offline at the National Health Service, which
is the public health organization for England, Scotland, Wales, and Northern
Ireland. On Friday, news agencies all over the UK were urging citizens to avoid
the emergency room at all costs.
·
There are also reports that
the virus exploited known vulnerabilities that were recently leaked by the
National Security Agency in the United States.
·
The kicker here is that
patches for those vulnerabilities were actually released by Microsoft in March,
which means that any organizations that were impacted did not apply patches in
just over two months.
·
What does this have to do
with insider threat? Well ransomware is often spread through email with
malicious links or attachments. In fact, the article even mentions that initial
thoughts were that the ransomware was being spread through an email that was
labeled "Clinical Results".
·
This just goes to show that
risks associated with insider threat are real and current. International
investigations related to this major incident are still underway.
·
Infosecurity Magazine -
Driving a Culture of Security - Tips For The CIO by Julian Wragg VP at
Pluralsight
·
Pluralsight is an online
technology learning platform. They aren't a sponsor or anything, I just wanted
to give you all some background about the author.
·
This article lists 5 ideas
for improving security culture.
·
Get with HR Write more
effective policy that people will understand
·
Invest in role specific
training
·
Invest in your team's
skillset - internal penetration testing
·
Create engaging content -
make training more enjoyable
·
Lead by example - executive
management support and culture
·
The thing that I found
interesting is that none of these tips were focused on tools, which I suppose
makes sense because it is based on improving the security culture of an
organization. I will leave a link to this article in the show notes for anyone
who wants to read it.
·
So far this episode we have
highlighted the two major philosophies for dealing with insider threat -
technology and training. What do you think about this article? Do you agree?
·
Feedback Segment
·
Thought of the Week Segment
“
If you want to change the
culture, you will have to start by changing the
organization.
Mary
Douglas
o
·
Outro
o Thank you for listening to episode 1 of The Insider Threat
podcast. Please remember to subscribe, rate, and share with everyone you know!
Those reviews are key to building this out and improving for later episodes, so
please feel free to leave suggestions and constructive criticism.
o You can contact us on twitter @stevehigdon or email us at
theinsiderthreatpodcast@gmail.com.
o Thanks again and I'll see you folks next time!
No comments:
Post a Comment