SlideShare a Scribd company logo

Dealing with the insider threat.

Matt Lemon
Matt Lemon

Short presentation on the definition of an insider, motivations, identification, and combating or preventing the threat.

Technology
1 of 14
Download to read offline
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Presentation Title Presented By Dealing with the insider threat. Matt Lemon Global Head of Information Security
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Introduction: • Definition of an insider threat. • Motivations. • A few statistics. • Identifying the threat. • Combatting the threat. • Preventing the threat.
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Quick poll Which is the bigger risk? • External attacker • Organisations own staff Threat Internal External Forrester 2013 - “Understand the State of Data Security and Privacy”
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Definition 1. The trusted unwitting insider. 2. The trusted witting insider. 3. The untrusted insider. A lot is mentioned in the media about the threats of cyberspace, where outside entities use software flaws, hijacked computers and social engineering to strike at company networks. For many, insiders are the greater cause for concern.
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Motivation • Financial Gain • Career Advancement • Revenge • Thrill • Accidental error • Being helpful • Political
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Risky areas • Theft • Deletion or Corruption of data • Physical damage • Data leakage
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 How Insiders are handled Source: 2011 CyberSecuirty Watch Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011.
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Identifying threats. FBI Research Spotting behaviour is difficult because there is so little and unhelpful data to work with. Finding the red flags that predict an insider threat also gives rise to a lot of false positives. Former FBI Chief Information Security Officer Patrick Reidy
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Identifying threats The Insider Threat Cyber “Kill Chain”.
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Identifying the threats • Often first in and last out of the office. • Lots of unused holiday. • Changes in lifestyle – Spending, Socializing, Marital Status. • Resigned. • Working out redundancy. • Passed over for promotion or pay review. • Pending HR disciplinary.
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Combatting the threats Positive Social Engineering.
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Combat & Prevention • Document and enforce policies and controls. • Include insider threat awareness into security training. • Monitor and respond to suspicious or disruptive behaviour. • Anticipate and manage negative issues. • Know your assets. • Use strict password and account management policies. • Enforce separation of duties and least privilege. • Use access control and monitoring policies on privileged users. • Use Security Event and Information Management (SIEM) to monitor and audit staff. • Implement secure backup and recovery processes. • Establish a baseline of normal network behaviour. • Monitor for potential Data Leakage.
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Tools & Techniques NOT AN ENDORSEMENT – NO AFFILIATION. • SpectorSoft – Spector 360 (Employee Monitoring Software) • Tripwire – IP360 • Security Onion - Open Source IDS
GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Thank you….. plus.google.com/+matthewlemon/ @mattlemon

Recommended

Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threatillustro
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoMatt Frowert
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3Lancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
Insider Threat
Insider ThreatInsider Threat
Insider ThreatAndy Thompson
 
Hackers
HackersHackers
HackersAlvaro Cipriano
 

Recommended

Insider threat
Insider threatInsider threat
Insider threatARCON TECHSOLUTIONS
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threatillustro
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoMatt Frowert
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3Lancope, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
Insider Threat
Insider ThreatInsider Threat
Insider ThreatAndy Thompson
 
Hackers
HackersHackers
HackersAlvaro Cipriano
 
Hackers
HackersHackers
Hackersguesta04f59b
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurityUnited Technology Group (UTG)
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your businessManagement Insights LLC
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime caseOnline
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
Preventing Advanced Targeted Attacks with IAM Best Practices
Preventing Advanced Targeted Attacks with IAM Best PracticesPreventing Advanced Targeted Attacks with IAM Best Practices
Preventing Advanced Targeted Attacks with IAM Best PracticesAndy Thompson
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimesSweta Kumari Barnwal
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesSweta Kumari Barnwal
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...EC-Council
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskSurfWatch Labs
 

More Related Content

What's hot

The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thUnited Technology Group (UTG)
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime caseOnline
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentationSreejith Nair
 
Preventing Advanced Targeted Attacks with IAM Best Practices
Preventing Advanced Targeted Attacks with IAM Best PracticesPreventing Advanced Targeted Attacks with IAM Best Practices
Preventing Advanced Targeted Attacks with IAM Best PracticesAndy Thompson
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 

What's hot (20)

Hackers
HackersHackers
Hackers
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data Breach
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10thCYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
CYBERSECURITY: Game Planning for Success lunch and learn event, April 10th
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
 
10 things you should know about cybersecurity
10 things you should know about cybersecurity10 things you should know about cybersecurity
10 things you should know about cybersecurity
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your business
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMS
 
Target data breach presentation
Target data breach presentationTarget data breach presentation
Target data breach presentation
 
Preventing Advanced Targeted Attacks with IAM Best Practices
Preventing Advanced Targeted Attacks with IAM Best PracticesPreventing Advanced Targeted Attacks with IAM Best Practices
Preventing Advanced Targeted Attacks with IAM Best Practices
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimes
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimes
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 

Similar to Dealing with the insider threat.

Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...EC-Council
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskSurfWatch Labs
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Government
 
Insider threat webinar slides no cn
Insider threat webinar slides no cnInsider threat webinar slides no cn
Insider threat webinar slides no cnDevOps.com
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]APNIC
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxmccormicknadine86
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxsleeperharwell
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604ISSA LA
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationSyed Azher
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017Ray Bugg
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Innovators
 

Similar to Dealing with the insider threat. (20)

Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
Insider threat webinar slides no cn
Insider threat webinar slides no cnInsider threat webinar slides no cn
Insider threat webinar slides no cn
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an Organisation
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber Threats
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for Nonprofits
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Dealing with the insider threat.

  • 1. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Presentation Title Presented By Dealing with the insider threat. Matt Lemon Global Head of Information Security
  • 2. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Introduction: • Definition of an insider threat. • Motivations. • A few statistics. • Identifying the threat. • Combatting the threat. • Preventing the threat.
  • 3. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Quick poll Which is the bigger risk? • External attacker • Organisations own staff Threat Internal External Forrester 2013 - “Understand the State of Data Security and Privacy”
  • 4. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Definition 1. The trusted unwitting insider. 2. The trusted witting insider. 3. The untrusted insider. A lot is mentioned in the media about the threats of cyberspace, where outside entities use software flaws, hijacked computers and social engineering to strike at company networks. For many, insiders are the greater cause for concern.
  • 5. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Motivation • Financial Gain • Career Advancement • Revenge • Thrill • Accidental error • Being helpful • Political
  • 6. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Risky areas • Theft • Deletion or Corruption of data • Physical damage • Data leakage
  • 7. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 How Insiders are handled Source: 2011 CyberSecuirty Watch Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011.
  • 8. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Identifying threats. FBI Research Spotting behaviour is difficult because there is so little and unhelpful data to work with. Finding the red flags that predict an insider threat also gives rise to a lot of false positives. Former FBI Chief Information Security Officer Patrick Reidy
  • 9. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Identifying threats The Insider Threat Cyber “Kill Chain”.
  • 10. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Identifying the threats • Often first in and last out of the office. • Lots of unused holiday. • Changes in lifestyle – Spending, Socializing, Marital Status. • Resigned. • Working out redundancy. • Passed over for promotion or pay review. • Pending HR disciplinary.
  • 11. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Combatting the threats Positive Social Engineering.
  • 12. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Combat & Prevention • Document and enforce policies and controls. • Include insider threat awareness into security training. • Monitor and respond to suspicious or disruptive behaviour. • Anticipate and manage negative issues. • Know your assets. • Use strict password and account management policies. • Enforce separation of duties and least privilege. • Use access control and monitoring policies on privileged users. • Use Security Event and Information Management (SIEM) to monitor and audit staff. • Implement secure backup and recovery processes. • Establish a baseline of normal network behaviour. • Monitor for potential Data Leakage.
  • 13. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Tools & Techniques NOT AN ENDORSEMENT – NO AFFILIATION. • SpectorSoft – Spector 360 (Employee Monitoring Software) • Tripwire – IP360 • Security Onion - Open Source IDS
  • 14. GRC 2.0 - Breaking Down The Silos ISACA Ireland Conference – 3 rd October 2014 Thank you….. plus.google.com/+matthewlemon/ @mattlemon