Preview Mode Links will not work in preview mode

Apr 30, 2023

Show Topic Summary (less than 300 words)

Insider threat still exists, Lynsey Wolf talks with us about HR’s role in insider threat, how prevalent investigations are in the post-pandemic work from home environment.

 

Questions and potential sub-topics (5 minimum):

  1. What is the difference between insider threat and insider risk?

  1. Motivators of insider threat (not much different than espionage,IMO -bryan)  (MICE: Money, Ideology, Compromise, and Ego.) https://thestack.technology/pentagon-leaks-insider-threat-sysadmin/ 

  1. 75% of all insider threats are being kicked off by HR departments. In short, it's proactive.

  1. “How did HR figure that out?” How are investigations normally initiated? What tools are they implementing to check users or predicting a disgruntled employee?” UEBA? CASB? Employee surveys that are ‘anonymous’? Someone who reported others and it was dismissed? What if HR ‘gets it wrong’ or ‘it’s a hunt to find people no into ‘groupthink’ or ‘not a culture fit’? https://www.cbsnews.com/news/french-worker-fired-for-not-being-fun-at-work-wins-lawsuit-cubik-responds/

  1. How can organizations be mindful of how and what data is collected to mitigate risk without affecting employee trust? And who watches the watchers to ensure data is handled responsibly? Are there any privacy guidelines companies need to understand before they implement such a system? (GDPR? CCPA? Privacy notices? Consent to monitoring on login? https://securiti.ai/blog/hr-employee-data-protection/ )

  1. Are companies causing the thing they are protecting against? (making an insider threat because they’ve become repressive?) (hoping there’s an ‘everything in moderation idea here… finding the happy medium between responsible ‘observability’ and ‘surveillance’)

  1. Lots of ‘insider threat’ tools, including from EDR companies. Do companies do a good job of explaining to employees why you need EDR?

  1. Quiet Quitting - latest term for companies to use to describe “employee has a side gig”. How does this figure into insider threat? Is it assumed that people only have one ‘thing’ they do, or did the lack of a commute give people more time during the pandemic to diversify?

  1. Solutions for employees? Separate their work and private/side gig? Learn what their contract states to keep conflicts of interest or your current/past employer from taking your cool side project/start-up idea away from you? Solutions for companies?

 

Additional information / pertinent Links (would you like to know more?):

(contact info for people to reach out later):

https://www.cisa.gov/detecting-and-identifying-insider-threats 

https://venturebeat.com/data-infrastructure/how-observability-has-changed-in-recent-years-and-whats-coming-next/ 

https://ccdcoe.org/library/publications/insider-threat-detection-study/ 

https://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_001_454627.pdf (insider threat ontology)

https://www.intelligentcio.com/apac/2022/08/01/survey-reveals-organizations-see-malicious-insiders-as-a-route-for-ransomware/ 

https://www.helpnetsecurity.com/2022/04/08/organizations-insider-threats-issue/ 

https://www.fortinet.com/resources/cyberglossary/what-is-ueba 

https://www.gartner.com/en/information-technology/glossary/cloud-access-security-brokers-casbs 

https://thecyberwire.com/glossary/mice

https://qohash.com/the-high-price-of-trust-the-true-cost-of-insider-threats/ 

https://abc7chicago.com/classified-documents-jack-teixeira-air-national-guard-arrest/13126206/ (Air National Guardsman accused in military records leak makes 1st court appearance - story still developing as of 16 April 2023)

https://www.theverge.com/2020/8/4/21354906/anthony-levandowski-waymo-uber-lawsuit-sentence-18-months-prison-lawsuit 

 

Show Points of Contact:

Amanda Berlin: @infosystir @hackershealth 

Brian Boettcher: @boettcherpwned

Bryan Brake: @bryanbrake @bryanbrake@mastodon.social

Website: https://www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec 

Youtube: https://youtube.com/c/BDSPodcast