o Welcome to episode 1 of The Insider Threat podcast.
o This is the week of May 15th, 2017.
o I’m your host, Steve Higdon.
· Quick Announcements Segment
o First episode
o This all started a long time ago when I began writing blog posts and articles centered on selling information security to business minded people. That got me going down the rabbit hole of how to influence the people that impact security.
o Then I started seeing headlines all over the place claiming that insider threats or the human factor was the weakest link in organizations.
o Heck, a quick google search right now shows headlines claiming that “insiders are today’s biggest security threat”, “insider threats responsible for 43% of data breaches”, “58% of Information Security Incidents Attributed to Insider Threat”, and the list goes on.
o I’ve heard the hosts of Paul’s Security Weekly podcast (and by the way, if you don’t listen to them and you are in this industry, you really need to. In fact, you have my permission. Pause this episode and subscribe to their shows right now. I’ll wait.), so anyway, they said that when they go out on pentests they often suggest to their clients that they start with the assumption that they have already infiltrated the network because if they do a simple phishing campaign, one in ten employees is going to click on the link or open the attachment. Making this assumption would save everyone time and money.
o The topic of insider threat has almost become a marketing buzzphrase now. There are several new products on the market in the areas of user behavior analytics, data loss prevention, machine learning, and artificial intelligence. Now if any of you are working on your bingo cards, they should be just about filled up.
o On a serious note though, this certainly is a problem and there are multiple types of solutions on the market to address it. That is what this podcast is gonna be about.
o I really want your listener feedback on this. What are you doing in your organization to deal with the human factor? What do you wish you were able to do? Please leave comments at the link in the show notes or contact me directly on twitter or email. I’ll give you that information at the end of the episode. Not only will your feedback give me more to talk about on the show, but it will also help others in the industry who are trying to tackle the same problem. Who knows, I may even be able to do some shout outs to you all if commentary becomes a regular thing.
· News Segment
· SC Magazine UK – Max Metzger – Hospitals turn patients away as NHS caught up in global ransomware attack
· WannaCrypt0r, one of the largest ransomware attacks ever occurred on Friday, May 12th, 2017, and is reported to have effected organizations in almost 99 different countries across the globe.
· The virus first hit headlines as it knocked computers offline at the National Health Service, which is the public health organization for England, Scotland, Wales, and Northern Ireland. On Friday, news agencies all over the UK were urging citizens to avoid the emergency room at all costs.
· There are also reports that the virus exploited known vulnerabilities that were recently leaked by the National Security Agency in the United States.
· The kicker here is that patches for those vulnerabilities were actually released by Microsoft in March, which means that any organizations that were impacted did not apply patches in just over two months.
· What does this have to do with insider threat? Well ransomware is often spread through email with malicious links or attachments. In fact, the article even mentions that initial thoughts were that the ransomware was being spread through an email that was labeled “Clinical Results”.
· This just goes to show that risks associated with insider threat are real and current. International investigations related to this major incident are still underway.
· Infosecurity Magazine – Driving a Culture of Security – Tips For The CIO by Julian Wragg VP at Pluralsight
· Pluralsight is an online technology learning platform. They aren’t a sponsor or anything, I just wanted to give you all some background about the author.
· This article lists 5 ideas for improving security culture.
· Get with HR Write more effective policy that people will understand
· Invest in role specific training
· Invest in your team’s skillset – internal penetration testing
· Create engaging content – make training more enjoyable
· Lead by example – executive management support and culture
· The thing that I found interesting is that none of these tips were focused on tools, which I suppose makes sense because it is based on improving the security culture of an organization. I will leave a link to this article in the show notes for anyone who wants to read it.
· So far this episode we have highlighted the two major philosophies for dealing with insider threat – technology and training. What do you think about this article? Do you agree?
· Feedback Segment
· Thought of the Week Segment
If you want to change the culture, you will have to start by changing the organization.
o Thank you for listening to episode 1 of The Insider Threat podcast. Please remember to subscribe, rate, and share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions and constructive criticism.
o You can contact us on twitter @stevehigdon or email us at firstname.lastname@example.org.
o Thanks again and I’ll see you folks next time!