Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness of your employees | Part of the Avatu One-Step Ahead Security programme

One Step Ahead - Webinar
In partnership with:
How cyber criminals exploit the
goodness of your employees
An FBI perspective

Webinar introduction
by Joe Jouhal
CEO at Avatu
Please send your questions in
through the WebEx system
We’ll answer them one-by-one at
the end of the webinar

John Boles
is a former assistant director with the FBI.
Having served over 20 years in the FBI as a
national security executive, his experience in
leading cyber investigations worldwide and
managing critical incident response, his expertise
helps clients protect their data and their business.
Today he’s director of Navigant’s Global Legal
Technology Services.
Your speakers

David Nice
has worked in the security environment for
almost 20 years and consequently understands
the challenges faced by companies - and public
bodies - inside and out.
Today, working with ObserveIT, he specialises
in insider threats and helping people to adapt
their behaviours.
Your speakers

What is the cyber
INSIDER Threat?
Definition:
Anyone with legitimate access (employee, vendor,
contractor) to a company network/data who puts
that data at risk through either willful misconduct
or unintentional actions

What is the cyber
INSIDER Threat?
• Too often, we look outward for danger,
without considering that which can do the
most damage
• Insiders know where the information is,
where the secrets are kept
• Insiders have the legitimate access
crooks covet

Malicious INSIDER
• Have intent to harm the company
or improve themselves
• Often motivated by spite, revenge,
or greed

Malicious INSIDER
Robert Hanssen spied for the Russians against
the USA for decades because he felt no one
appreciated his intelligence
He stole information and put lives at risk

Malicious INSIDER
Edward Snowden stole data based on his
legitimate access for greed
He was recruited by foreign intelligence
agencies by appealing to his inflated
sense of self

Unwitting INSIDER
• Unintentionally cause harm to the network,
often in the course of their daily work
• Click on unsafe links
• Visit insecure websites
• Login to free and unprotected Wi-Fi

Unwitting INSIDER
• Lose company laptop/mobiles
• Frequently targeted by cyber crooks
• Often the customer facing representative

Damages
• Insider theft/inadvertent compromise is
often undetected for long periods
• Theft of IP or even client lists can eliminate
competitive advantage
• Stolen PII/PHI can subject a company to
severe fines and, under GDPR, possibly civil
legal action
• Reputational damage is frequently
long-lasting

What to do?
• Start with strong and clear policies and
governance
• Include mobile devices and BYOD
• Ensure you have an acceptable use policy
• Monitor accesses and ensure it’s appropriate
Communicate the rules and make sure
employees understand them

Training is key
• Employees must be able to
o Recognise risky behaviour
o Recognise suspicious email and links
o Know what actions to take
• Training should be ongoing and responsive
• Training is best retained when it is positive
and targeted

Tech is important, too
• Monitor traffic and connections
o Are employees going to risky sites
o Are employees using unauthorised apps
or data transfer applications
o Is the traffic going where you
expect it to?
• Whitelisting vs Blacklisting

It’s the people
• Must combine tech with policy and
oversight with training
• Trust but verify
• It’s much safer (and cheaper) to identify
and remediate risky behaviours than recover
from a breach
• Real cyber security is holistic
Humans are creatures of habit. You can spot the
early warning signs with technology and reduce
the risk

Identify and Eliminate Insider Threats

Identify and Eliminate Insider Threats
Over 1,500 customers worldwide

Trust but Verify
• Make your employees advocates for risk
prevention against threats
• Insider threats put your organisation at risk

The benefits of
addressing the
INSIDER Threat
• A heightened awareness of security
throughout the organisation
• A steep decline in the number of
security incidents
• A reduction in the amount of time spent
detecting and investigating incidents

• Identification of critical users & systems
• Identification of rogue accounts & shared accounts
• Identification of sensitive file/ folder locations
Know your CRITICAL assets
Src: NIST Special Publication 800-61 Volume 2

Logs can be difficult to correlate and understand
Can YOU tell what happened here?

Visibility
• Unique ‘over-the-shoulder’ view of all employee, vendor
and consultant activity provides unmatched visibility
• Alerts are in plain English and easy to understand
• Investigations take minutes instead of days
…a video is worth 1,000 logs

Detect
• 180 out-of-the-box
Insider Threat indicators
• 25 Risk categories
customisable by user
group:
• Data exfiltration
• Bypassing security controls
• Creating backdoor
• Identity theft
• Privilege elevation
• Unauthorised admin tasks
• Malicious software
• Shell attack
• System tampering
Decrease RISK immediately with actionable analytics

Analytics
• Uncover and investigate risky user activity through
identification of anomalous behaviour
• Key logging alerts detect data exfiltration attempts when users
type protected keywords in emails, chat applications, social
media sites, and more
Dynamic
filters
User activity and working
hours over time
Total and average time
per day spent by user
Most used
applications
and websites
ACHIEVE greater insight with alerts and analytics

Increase VISIBILITY
with website categorisation
• Know when users visit un-allowed/out-of-policy websites, such as
o Adult sites, illegal streaming, Darknet, illegal drugs, workplace
violence, time wasting
• Know when users visit bad reputation sites to avoid:
o Phishing (block the user before disclosing any PII)
o Contamination (block before downloading malicious content)
Website
categories are
indicated in alerts
and reports for
greater visibility
into user
behaviour

Educate
EDUCATE - early and often
• Educate employees about policy violations in real time
• Offer constructive alternatives
• Provide communication medium for security policy
feedback and suggestions

Deter
• Warn users against proceeding with out-of-policy activities
• Notify users that policy violations will be recorded
and reviewed
• Reduce non-compliant actions by 80% by implementing
real-time warnings
Show warnings:
out-of-policy behaviour is
recorded & reviewed
DETER non-compliant actions with notifications

Changing employee BEHAVIOUR
reduces the risk of a security
breach by 45% to 70%

Prevent
• Direct enforcement of company policy
• Effective asset protection and damage control
• Optimise Security and IT processes by collecting user
feedback before the application is closed or user is logged-off
A Remote Vendor trying
to connect to a Server.
User is forced to Log Off
(with optional user-provided feedback).
Security analysts can quickly
spot a blocked user and easily
review feedback provided
by the user
PREVENT users from violating policies

SECURITY without compromising
employee privacy

Forrester Techradar ™ : endpoint security, Q1 2017

Time for your
questions

Thank you
For more information contact:
luisa.farmer@avatu.co.uk
phone: +44 1296 621121

Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness of your employees | Part of the Avatu One-Step Ahead Security programme

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness of your employees | Part of the Avatu One-Step Ahead Security programme

Similar to Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness of your employees | Part of the Avatu One-Step Ahead Security programme (20)

Recently uploaded

Recently uploaded (20)

Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness of your employees | Part of the Avatu One-Step Ahead Security programme