SlideShare a Scribd company logo

The Insider Threat January.pptx

Download as PPTX, PDF
B
BertrandRussell6

insider threat

Leadership & Management
1 of 14
Ken Zabella Intel Analyst Sr Manager THE INSIDER THREAT
AGENDA Understanding the Insider Threat Insider Threat Trends Insider Threat Program
WHAT IS COUNTERINTELLIGENCE? DETER - DETECT - MITIGATE Simply Stated: Counterintelligence (CI) is about identifying intelligence threats and developing mitigation strategies to address and neutralize those threats
IDENTIFYING THE INSIDER It’s not this easy! The Insider can be easily missed
TYPES OF INSIDERS • Unintentional Insiders. Getting a laptop stolen or uploading the wrong file may seem innocuous, but these actions can unintentionally cause massive damage. A recent survey by the International Security Forum found that the vast majority of insider breaches are actually accidental. This is small solace in the aftermath of an incident. • Exploited Insiders. External attackers commonly target high-value employees who have privileged access with spear phishing emails. On average, for every 10 phishing emails sent out, at least one employee will click on a link that infects his machine, giving attackers the foothold they need to execute an attack. Once attackers gain access to an endpoint, they target and steal privileged credentials, exploiting them to escalate access privileges and move laterally through the network until they reach and gain full domain-level access. This gives them full control over sensitive data and IT systems. • External Insiders. More than 60 percent of organizations allow third-party vendors to remotely access their internal networks with the same privileges and access levels as internal employees. Despite this access, these users are not managed by the host organization, but by the contractor, making it incredibly difficult to secure their privileged access to IT resources. Further, contractors are often targeted by external attackers, as in the hack at the Office of Personnel Management where a contractor was hacked and his privileged credentials were used to infiltrate the system. • Malicious Insiders. These are the real bad guys -- malicious, disgruntled employees who knowingly and purposely abuse their internal access to wreak havoc. They typically have the knowledge, access, information and desire needed to bypass existing security solutions to complete their task. Malicious insiders are often the most difficult to detect and the costliest to clean up after. GCN.com
IDENTIFYING THE INSIDER – MOTIVES “MICE” – Money – Ideology (includes divided loyalty) – Coercion/Compromise – Ego The model now also includes: – Disgruntlement – Revenge/Vindictiveness – Alcoholism/Drug Abuse – Ingratiation
POTENTIAL RISK INDICATORS - ACTIVITIES • Attempts to bypass security controls • Request for clearance or higher level access • Unjustified work pattern • Chronic violation of organization policies • Decline in work performance • Irresponsible social media habits • Unexplained sudden affluence • Outward expression of conflicting loyalties • Unreported foreign contacts / foreign travel • Maintains access to sensitive data after termination notice • Visible disgruntlement towards employer • Use of unauthorized digital external storage devices
CASE STUDY: ??? • Wrote on Twitter “the most dangerous entry to this country was the orange fascist we let into the White House” • Facebook described President Trump as “a soulless ginger orangutan” • Expressed support for Taliban leaders and Osama bin Ladin • Stated: “It’s a Christlike vision to have a fundamentalist Islamic State” • Praised Edward Snowden • Retweeted government leaks • Handwrote notes about “burning down the White House, fleeing to Afghanistan and joining the Taliban”
CASE STUDY: ??? • Anger, anxiety and potential mental heath issues • After receiving clearance, cited at least 8 times for misconduct over 3 years in the Reserve • disorderly conduct, drunkenness and absence without leave, all later dropped • Arrested for shooting the rear tire of a construction vehicle because the worker disrespected him • Fired a bullet into his ceiling and through the apartment above • Arrested on disorderly conduct charge for destroying furnishings in a nightclub • Complained that individuals were using a microwave to send vibrations into his body • Roommate reported frequent drinking and paranoia that people were “coming to get him”
INSIDER THREAT TRENDS – WHEN DOES IT HAPPEN? • 59% of employees leaving a company admit to taking proprietary information with them (FBI) • Out of 800 adjudicated insider threat cases, an overwhelming majority of subjects took the information within the last 30 days of employment (CERT; Carnegie Mellon) • 60% of cases were individuals who had worked for the organization for less than 5 years (CPNI) • Majority of acts were carried out by staff (88%), 7% were contractors, and 5% temporary staff (CPNI)
HOW TO CATCH A SPY? What is the most common way that spies within the U.S. Government and U.S. cleared defense contractors are detected and caught? A: Routine counterintelligence monitoring B: Tip from friend, family, co-worker C: Their own mistakes D: Reporting by U.S. sources within foreign intelligence services Answer: D – There is no loyalty in the spy business, and intelligence officers who have been recruited as sources by the U.S. Intelligence Community eagerly betray the U.S. persons who have given them information
WHAT ARE WE DOING? • Invested in a dedicated CI program • Identification of Critical Assets • Risk Analysis and Mitigation System (RAMS) • Sharkcage • FSO CI Awareness Report • Middle Way Initiative • Off the Grid Program Overarching Goal Deter – Detect - Mitigate
METHODS OF OPERATION Criminal Activity • CLEAR / TIP • Training & Awareness • Location-specific Threat Product Mitigation Strategy Surveillance • Training & Awareness • Trade / Airshow Support Foreign Visit • Visit Management System • Training & Awareness • FLE / IC Engagement • ISTART Post-travel Security Survey Solicitation / Marketing Services • Training & Awareness • Trade / Airshow Support • ‘Contact Us’ Email Box Reporting Request For Information • Trade / Airshow Support • Training & Awareness • ‘Contact Us’ Email Box Reporting Exploitation Of Relationships • Training & Awareness • Program Management (Joint Ventures) Targeted Training Academic Solicitation • LM Fellows Training & Awareness • FLE / IC Engagement • Foreign University IP Tracking Suspicious Network Activity • Embargoed VPN • Shark Cage • DSC Loaner Laptop Policy • CIRT Reporting To DC3 And DCISE Seeking Employment • Cyber Alerts On Letter From Direct Competitors • Talent Acquisition Training Search / Seizure • DSC Loaner Laptop Policy • Training & Awareness • Foreign Travel Pre-briefs Acquisition Of Technology • Supply Chain / Procurement Training • ‘Contact Us’ Email Box Reporting • Support To Mergers & Acquisitions • FLE / IC Engagement • Trade / Airshow Support
The Insider Threat January.pptx

Recommended

Counterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxCounterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxZakiAhmed70
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightCBIZ, Inc.
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking peopleTudor Damian
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Chapter2
Chapter2Chapter2
Chapter2appledam
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 

Recommended

Counterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxCounterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxZakiAhmed70
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightCBIZ, Inc.
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking peopleTudor Damian
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Chapter2
Chapter2Chapter2
Chapter2appledam
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdfMeshalALshammari12
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Insider threats
Insider threatsInsider threats
Insider threatsizoologic
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead ForumCarolyn Slade, MS-HIM
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead ForumHealth IT Conference – iHT2
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum Carolyn Slade, MS-HIM
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Marta Barrio Marcos
 
02 presentation-christianprobst
02 presentation-christianprobst02 presentation-christianprobst
02 presentation-christianprobstInfinIT - Innovationsnetværket for it
 
SYNERGY INITIAL SECURITY BRF 2023 (1).ppt
SYNERGY INITIAL SECURITY BRF 2023 (1).pptSYNERGY INITIAL SECURITY BRF 2023 (1).ppt
SYNERGY INITIAL SECURITY BRF 2023 (1).pptNickellReddy
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringJack Kessler
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPace IT at Edmonds Community College
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
What is social engineering & why it is important
What is social engineering & why it is importantWhat is social engineering & why it is important
What is social engineering & why it is importantVikram Khanna
 
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceCall Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceanilsa9823
 

More Related Content

Similar to The Insider Threat January.pptx

Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Insider threats
Insider threatsInsider threats
Insider threatsizoologic
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Marta Barrio Marcos
 
SYNERGY INITIAL SECURITY BRF 2023 (1).ppt
SYNERGY INITIAL SECURITY BRF 2023 (1).pptSYNERGY INITIAL SECURITY BRF 2023 (1).ppt
SYNERGY INITIAL SECURITY BRF 2023 (1).pptNickellReddy
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringJack Kessler
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
What is social engineering & why it is important
What is social engineering & why it is importantWhat is social engineering & why it is important
What is social engineering & why it is importantVikram Khanna
 

Similar to The Insider Threat January.pptx (20)

Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Insider threats
Insider threatsInsider threats
Insider threats
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
 
02 presentation-christianprobst
02 presentation-christianprobst02 presentation-christianprobst
02 presentation-christianprobst
 
SYNERGY INITIAL SECURITY BRF 2023 (1).ppt
SYNERGY INITIAL SECURITY BRF 2023 (1).pptSYNERGY INITIAL SECURITY BRF 2023 (1).ppt
SYNERGY INITIAL SECURITY BRF 2023 (1).ppt
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
What is social engineering & why it is important
What is social engineering & why it is importantWhat is social engineering & why it is important
What is social engineering & why it is important
 

Recently uploaded

CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceanilsa9823
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sectorthomas851723
 
CEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyCEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyHafizMuhammadAbdulla5
 
Introduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-EngineeringIntroduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-Engineeringthomas851723
 
Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentationmintusiprd
 
Board Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch PresentationBoard Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch Presentationcraig524401
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Nehwal
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Roomdivyansh0kumar0
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Reviewthomas851723
 
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...AgileNetwork
 
crisiscommunication-presentation in crisis management.pptx
crisiscommunication-presentation in crisis management.pptxcrisiscommunication-presentation in crisis management.pptx
crisiscommunication-presentation in crisis management.pptxSamahhassan30
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampPLCLeadershipDevelop
 
Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insightWayne Abrahams
 

Recently uploaded (17)

Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 16 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Charbagh Lucknow best sexual service
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sector
 
CEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biographyCEO of Google, Sunder Pichai's biography
CEO of Google, Sunder Pichai's biography
 
Introduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-EngineeringIntroduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-Engineering
 
Becoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette ThompsonBecoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette Thompson
 
Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentation
 
Board Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch PresentationBoard Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch Presentation
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Review
 
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Servicesauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
 
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
 
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
crisiscommunication-presentation in crisis management.pptx
crisiscommunication-presentation in crisis management.pptxcrisiscommunication-presentation in crisis management.pptx
crisiscommunication-presentation in crisis management.pptx
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insight
 

The Insider Threat January.pptx

  • 1. Ken Zabella Intel Analyst Sr Manager THE INSIDER THREAT
  • 2. AGENDA Understanding the Insider Threat Insider Threat Trends Insider Threat Program
  • 3. WHAT IS COUNTERINTELLIGENCE? DETER - DETECT - MITIGATE Simply Stated: Counterintelligence (CI) is about identifying intelligence threats and developing mitigation strategies to address and neutralize those threats
  • 4. IDENTIFYING THE INSIDER It’s not this easy! The Insider can be easily missed
  • 5. TYPES OF INSIDERS • Unintentional Insiders. Getting a laptop stolen or uploading the wrong file may seem innocuous, but these actions can unintentionally cause massive damage. A recent survey by the International Security Forum found that the vast majority of insider breaches are actually accidental. This is small solace in the aftermath of an incident. • Exploited Insiders. External attackers commonly target high-value employees who have privileged access with spear phishing emails. On average, for every 10 phishing emails sent out, at least one employee will click on a link that infects his machine, giving attackers the foothold they need to execute an attack. Once attackers gain access to an endpoint, they target and steal privileged credentials, exploiting them to escalate access privileges and move laterally through the network until they reach and gain full domain-level access. This gives them full control over sensitive data and IT systems. • External Insiders. More than 60 percent of organizations allow third-party vendors to remotely access their internal networks with the same privileges and access levels as internal employees. Despite this access, these users are not managed by the host organization, but by the contractor, making it incredibly difficult to secure their privileged access to IT resources. Further, contractors are often targeted by external attackers, as in the hack at the Office of Personnel Management where a contractor was hacked and his privileged credentials were used to infiltrate the system. • Malicious Insiders. These are the real bad guys -- malicious, disgruntled employees who knowingly and purposely abuse their internal access to wreak havoc. They typically have the knowledge, access, information and desire needed to bypass existing security solutions to complete their task. Malicious insiders are often the most difficult to detect and the costliest to clean up after. GCN.com
  • 6. IDENTIFYING THE INSIDER – MOTIVES “MICE” – Money – Ideology (includes divided loyalty) – Coercion/Compromise – Ego The model now also includes: – Disgruntlement – Revenge/Vindictiveness – Alcoholism/Drug Abuse – Ingratiation
  • 7. POTENTIAL RISK INDICATORS - ACTIVITIES • Attempts to bypass security controls • Request for clearance or higher level access • Unjustified work pattern • Chronic violation of organization policies • Decline in work performance • Irresponsible social media habits • Unexplained sudden affluence • Outward expression of conflicting loyalties • Unreported foreign contacts / foreign travel • Maintains access to sensitive data after termination notice • Visible disgruntlement towards employer • Use of unauthorized digital external storage devices
  • 8. CASE STUDY: ??? • Wrote on Twitter “the most dangerous entry to this country was the orange fascist we let into the White House” • Facebook described President Trump as “a soulless ginger orangutan” • Expressed support for Taliban leaders and Osama bin Ladin • Stated: “It’s a Christlike vision to have a fundamentalist Islamic State” • Praised Edward Snowden • Retweeted government leaks • Handwrote notes about “burning down the White House, fleeing to Afghanistan and joining the Taliban”
  • 9. CASE STUDY: ??? • Anger, anxiety and potential mental heath issues • After receiving clearance, cited at least 8 times for misconduct over 3 years in the Reserve • disorderly conduct, drunkenness and absence without leave, all later dropped • Arrested for shooting the rear tire of a construction vehicle because the worker disrespected him • Fired a bullet into his ceiling and through the apartment above • Arrested on disorderly conduct charge for destroying furnishings in a nightclub • Complained that individuals were using a microwave to send vibrations into his body • Roommate reported frequent drinking and paranoia that people were “coming to get him”
  • 10. INSIDER THREAT TRENDS – WHEN DOES IT HAPPEN? • 59% of employees leaving a company admit to taking proprietary information with them (FBI) • Out of 800 adjudicated insider threat cases, an overwhelming majority of subjects took the information within the last 30 days of employment (CERT; Carnegie Mellon) • 60% of cases were individuals who had worked for the organization for less than 5 years (CPNI) • Majority of acts were carried out by staff (88%), 7% were contractors, and 5% temporary staff (CPNI)
  • 11. HOW TO CATCH A SPY? What is the most common way that spies within the U.S. Government and U.S. cleared defense contractors are detected and caught? A: Routine counterintelligence monitoring B: Tip from friend, family, co-worker C: Their own mistakes D: Reporting by U.S. sources within foreign intelligence services Answer: D – There is no loyalty in the spy business, and intelligence officers who have been recruited as sources by the U.S. Intelligence Community eagerly betray the U.S. persons who have given them information
  • 12. WHAT ARE WE DOING? • Invested in a dedicated CI program • Identification of Critical Assets • Risk Analysis and Mitigation System (RAMS) • Sharkcage • FSO CI Awareness Report • Middle Way Initiative • Off the Grid Program Overarching Goal Deter – Detect - Mitigate
  • 13. METHODS OF OPERATION Criminal Activity • CLEAR / TIP • Training & Awareness • Location-specific Threat Product Mitigation Strategy Surveillance • Training & Awareness • Trade / Airshow Support Foreign Visit • Visit Management System • Training & Awareness • FLE / IC Engagement • ISTART Post-travel Security Survey Solicitation / Marketing Services • Training & Awareness • Trade / Airshow Support • ‘Contact Us’ Email Box Reporting Request For Information • Trade / Airshow Support • Training & Awareness • ‘Contact Us’ Email Box Reporting Exploitation Of Relationships • Training & Awareness • Program Management (Joint Ventures) Targeted Training Academic Solicitation • LM Fellows Training & Awareness • FLE / IC Engagement • Foreign University IP Tracking Suspicious Network Activity • Embargoed VPN • Shark Cage • DSC Loaner Laptop Policy • CIRT Reporting To DC3 And DCISE Seeking Employment • Cyber Alerts On Letter From Direct Competitors • Talent Acquisition Training Search / Seizure • DSC Loaner Laptop Policy • Training & Awareness • Foreign Travel Pre-briefs Acquisition Of Technology • Supply Chain / Procurement Training • ‘Contact Us’ Email Box Reporting • Support To Mergers & Acquisitions • FLE / IC Engagement • Trade / Airshow Support