SlideShare a Scribd company logo

Unintentional Insider Threat featuring Dr. Eric Cole

Download as PPTX, PDF
D
David Mai, MBA

ObserveIT Webinar 4/26/2016: Unintentional Insider Threat - Top Employee Security Mistakes That Put Your Data at Risk.

Software
1 of 19
UNINTENTIONAL INSIDER THREAT: Top Employee Security Mistakes That Put Your Data at Risk by Dr. Eric Cole ecole@secureanchor.com www.secureanchor.com Secure Anchor is All Cyber Defense, All of the Time. PREVENT – DETECT - RESPOND
Insiders Are Responsible for 90% of Security Incidents * Mailicious ∙ Fraud/Data Theft ∙ Inappropriate access ∙ Disgruntled employee Unintentional ∙ Misuse of systems ∙ Log-in/log-out failures ∙ Cloud storage 71%29% * Verizon 2015 Data Breach Investigations Report * Kaspersky Lab 2016 Security Risks Special Report Are You Focused on the Correct Area?
Nature of Insider Threat Two main forms of insider threat ● Deliberate/malicious insider ● Accidental/Unintentional insider Why do insiders become targets? As external targets become more difficult, attackers find insiders are an easier avenue to compromise.
The real threat and biggest risk to confidential data is the negligent employee, more commonly categorized as the unintentional insider threat.
All it Takes is One Click From an endpoint security perspective, the two most dangerous applications on the planet are: email and web browsers
Insider Threat Current State Insider threats are on IT’s radar Spending on insider threats will increase The financial impact is significant Organizations fail to focus on solutions Insider threat often the cause of damage Prevention is more a state of mind than a reality
Assessing Vulnerability to Insiders ● What information would an adversary target? ● What systems contain the information that attackers would target? ● Who has access to critical information? ● What would be the easiest way to compromise an insider? ● What measures or solutions can IT use to prevent/detect these attacks? ● Does our current budget appropriately address insider threats? ● What would a security roadmap that includes insider threats look like for our organization?
How well is your organization doing with insider threats? Write your organization’s report card and focus on the lowest scoring areas. *** Findings from a recent survey on Insider Threat
How to Effectively Manage Insider Threats Having Clear Visibility into Employee Actions is Critical. Lifecycle Proactive Reactive Notify Employees of Company Policy Rapidly discern mailicious from benign actions Get a “Stack Ranked” view of riskiest users Warnings out-of-policy actions will be recorded and reviewed
Having Clear Visibility into Employee Actions is Critical Log Files are Not the Answer ● Too much data to interpret ● Time and manpower to understand ● Can only infer conclusions User Activity Recording is Key ● Instantly understandable by anyone ● Irrefutable evidence of user actions
Notify employees of company policy violation in real-time and context ● Inform employees of potential policy violations, as they occur ● A proven approach to cutting the number of security incidents in half Educate
● Warn users against proceeding with dangerous or of out-of- policy activities ● Warn policy violations will be recorded and reviewed ● Mailicious users are 80% less likely to continue Deter Show warnings out-of-policy behavior will be recorded and reviewed
● Easy and intuitive - User- centric view ● Discover the riskiest users, and gain deep visibility into their present and past ● Streamlined Incident Response - investigate a handful of risky users instead of thousands tedious false alerts/discrete events Detect Data exfiltration Tipping point Capture and hide data
● Video session replay provides context to rapidly discern mailicious from benign actions ● Accelerate investigations from weeks/months to minutes/hours Investigate
Typical Deployment ● Doesn’t impact stability of maschine ● Scalable beyond thousands of devices * ObserveIT is not kernel-based, at a user-mode level Agent Agent Agent * Offline mode enabled Switch HTTP Traffic ObserveIT Application Server SQL Traffic Database Server ObserveIT Web Console ObserveIT Admin
The Benefits of Addressing the Insider Threat Quicker resolution and enforcement of company policies, which creates a more secure and compliant environment around your protected information ● A steep decline in the number of inappropriate accesses ● A reduction in the amount of time spent detecting and investigation incidents ● A heightened awareness of security throughout the organization ● A dramatic shift in the culture of security and compliance ● More efficient compliance with regulatory requirements ● Achievement of security goals with no additional staff resources
ObserveIT Delivers Instant ROI – Reducing Security Incidents 1000 800 600 400 200 0 Educate Deter Detect Investigate Incidents Notify employees of company policy Warn policy violations their actions will be recorded and reviewed Get a “Stack Ranked” view of riskiest users Rapidly discern mailicious from benign actions
Fact: Your Authorized Users Represent Your Greatest Risk! Insider threats are far more difficult to detect and prevent than external attacks. Insider Threat Report 75% of insider threats go unnoticed. CERT Insider Threat Center Insider Threats are twice as costly and damaging as external threats. CERT Insider Threat Center Attack Detection Insider Attacks External Attacks 32 Months 0 5 10 15 20 25 30 35 6 Months
Conclusion ● Perform damage assessment of threats ● Map past and current investment against threats ● Determine exposure to insider threats ● Create attack models to identify exposures ● Identify root-cause vulnerabilities ● Block and remove the vector of the attack ● Control flow of inbound delivery methods ● Filter on executable, mail and web links ● Monitor and look for anomalies in outbound activity

Recommended

Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
David Mai, MBA
 
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
ObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
ObserveIT
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Lancope, Inc.
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
Brian Honan
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
AlienVault
 

Recommended

Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
David Mai, MBA
 
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
ObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
ObserveIT
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Lancope, Inc.
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
Brian Honan
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
AlienVault
 
Legal and ethical aspects
Legal and ethical aspectsLegal and ethical aspects
Legal and ethical aspects
CAS
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howland
nado-web
 
Integrated cyber defense
Integrated cyber defenseIntegrated cyber defense
Integrated cyber defense
kajal kumari
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
primeteacher32
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 
Information risk management
Information risk managementInformation risk management
Information risk management
Akash Saraswat
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
Thomas Christopher Ty
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
ahmad abdelhafeez
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
Resilient Systems
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
Andrew Case
 
Think Your Network Is Safe? Check Your Printers
Think Your Network Is Safe? Check Your PrintersThink Your Network Is Safe? Check Your Printers
Think Your Network Is Safe? Check Your Printers
scoopnewsgroup
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
Matthew J McMahon
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
ObserveIT
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Innovation Network Technologies: InNet
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
Alan Holyoke
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
kajal kumari
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
netwealthInvest
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
ObserveIT
 

More Related Content

What's hot

Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cybera Inc.
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
Resilient Systems
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Innovation Network Technologies: InNet
 

What's hot (20)

Legal and ethical aspects
Legal and ethical aspectsLegal and ethical aspects
Legal and ethical aspects
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howland
 
Integrated cyber defense
Integrated cyber defenseIntegrated cyber defense
Integrated cyber defense
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human BehaviourCyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
 
Information risk management
Information risk managementInformation risk management
Information risk management
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
 
Think Your Network Is Safe? Check Your Printers
Think Your Network Is Safe? Check Your PrintersThink Your Network Is Safe? Check Your Printers
Think Your Network Is Safe? Check Your Printers
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
 

Similar to Unintentional Insider Threat featuring Dr. Eric Cole

Audit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge TrainingAudit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge Training
Tory Quinton
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2
Chris Baldwin
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
SolarWinds
 
Data erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksData erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacks
Blancco
 

Similar to Unintentional Insider Threat featuring Dr. Eric Cole (20)

Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
 
Audit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge TrainingAudit and Compliance BDR Knowledge Training
Audit and Compliance BDR Knowledge Training
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdfTop_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
Top_20_Incident_Responder_Interview_Questions_and_Answers_1.pdf
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdf
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice Guide
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider Threats
 
Data erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacksData erasure's role in limiting cyber attacks
Data erasure's role in limiting cyber attacks
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security index
 
You will be breached
You will be breachedYou will be breached
You will be breached
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 

Recently uploaded

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 

Recently uploaded (20)

WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - Kanchana
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 

Unintentional Insider Threat featuring Dr. Eric Cole

  • 1. UNINTENTIONAL INSIDER THREAT: Top Employee Security Mistakes That Put Your Data at Risk by Dr. Eric Cole ecole@secureanchor.com www.secureanchor.com Secure Anchor is All Cyber Defense, All of the Time. PREVENT – DETECT - RESPOND
  • 2. Insiders Are Responsible for 90% of Security Incidents * Mailicious ∙ Fraud/Data Theft ∙ Inappropriate access ∙ Disgruntled employee Unintentional ∙ Misuse of systems ∙ Log-in/log-out failures ∙ Cloud storage 71%29% * Verizon 2015 Data Breach Investigations Report * Kaspersky Lab 2016 Security Risks Special Report Are You Focused on the Correct Area?
  • 3. Nature of Insider Threat Two main forms of insider threat ● Deliberate/malicious insider ● Accidental/Unintentional insider Why do insiders become targets? As external targets become more difficult, attackers find insiders are an easier avenue to compromise.
  • 4. The real threat and biggest risk to confidential data is the negligent employee, more commonly categorized as the unintentional insider threat.
  • 5. All it Takes is One Click From an endpoint security perspective, the two most dangerous applications on the planet are: email and web browsers
  • 6. Insider Threat Current State Insider threats are on IT’s radar Spending on insider threats will increase The financial impact is significant Organizations fail to focus on solutions Insider threat often the cause of damage Prevention is more a state of mind than a reality
  • 7. Assessing Vulnerability to Insiders ● What information would an adversary target? ● What systems contain the information that attackers would target? ● Who has access to critical information? ● What would be the easiest way to compromise an insider? ● What measures or solutions can IT use to prevent/detect these attacks? ● Does our current budget appropriately address insider threats? ● What would a security roadmap that includes insider threats look like for our organization?
  • 8. How well is your organization doing with insider threats? Write your organization’s report card and focus on the lowest scoring areas. *** Findings from a recent survey on Insider Threat
  • 9. How to Effectively Manage Insider Threats Having Clear Visibility into Employee Actions is Critical. Lifecycle Proactive Reactive Notify Employees of Company Policy Rapidly discern mailicious from benign actions Get a “Stack Ranked” view of riskiest users Warnings out-of-policy actions will be recorded and reviewed
  • 10. Having Clear Visibility into Employee Actions is Critical Log Files are Not the Answer ● Too much data to interpret ● Time and manpower to understand ● Can only infer conclusions User Activity Recording is Key ● Instantly understandable by anyone ● Irrefutable evidence of user actions
  • 11. Notify employees of company policy violation in real-time and context ● Inform employees of potential policy violations, as they occur ● A proven approach to cutting the number of security incidents in half Educate
  • 12. ● Warn users against proceeding with dangerous or of out-of- policy activities ● Warn policy violations will be recorded and reviewed ● Mailicious users are 80% less likely to continue Deter Show warnings out-of-policy behavior will be recorded and reviewed
  • 13. ● Easy and intuitive - User- centric view ● Discover the riskiest users, and gain deep visibility into their present and past ● Streamlined Incident Response - investigate a handful of risky users instead of thousands tedious false alerts/discrete events Detect Data exfiltration Tipping point Capture and hide data
  • 14. ● Video session replay provides context to rapidly discern mailicious from benign actions ● Accelerate investigations from weeks/months to minutes/hours Investigate
  • 15. Typical Deployment ● Doesn’t impact stability of maschine ● Scalable beyond thousands of devices * ObserveIT is not kernel-based, at a user-mode level Agent Agent Agent * Offline mode enabled Switch HTTP Traffic ObserveIT Application Server SQL Traffic Database Server ObserveIT Web Console ObserveIT Admin
  • 16. The Benefits of Addressing the Insider Threat Quicker resolution and enforcement of company policies, which creates a more secure and compliant environment around your protected information ● A steep decline in the number of inappropriate accesses ● A reduction in the amount of time spent detecting and investigation incidents ● A heightened awareness of security throughout the organization ● A dramatic shift in the culture of security and compliance ● More efficient compliance with regulatory requirements ● Achievement of security goals with no additional staff resources
  • 17. ObserveIT Delivers Instant ROI – Reducing Security Incidents 1000 800 600 400 200 0 Educate Deter Detect Investigate Incidents Notify employees of company policy Warn policy violations their actions will be recorded and reviewed Get a “Stack Ranked” view of riskiest users Rapidly discern mailicious from benign actions
  • 18. Fact: Your Authorized Users Represent Your Greatest Risk! Insider threats are far more difficult to detect and prevent than external attacks. Insider Threat Report 75% of insider threats go unnoticed. CERT Insider Threat Center Insider Threats are twice as costly and damaging as external threats. CERT Insider Threat Center Attack Detection Insider Attacks External Attacks 32 Months 0 5 10 15 20 25 30 35 6 Months
  • 19. Conclusion ● Perform damage assessment of threats ● Map past and current investment against threats ● Determine exposure to insider threats ● Create attack models to identify exposures ● Identify root-cause vulnerabilities ● Block and remove the vector of the attack ● Control flow of inbound delivery methods ● Filter on executable, mail and web links ● Monitor and look for anomalies in outbound activity