International Cyber Expo International Cyber Expo
  • About Us
Sunday, 19 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Q&A with David Venable, Masergy

by The Gurus
June 6, 2016
in Editor's News, News
Share on FacebookShare on Twitter

The Guru was lucky enough to get this Q&A with ex-NSA analyst and current VP of cybersecurity at Masergy David Venable – here’s what we found out.
Can you tell me a little about insider threats – how much of a problem are they?
While the entire threat landscape is changing dramatically with the increased sophistication of adversaries, nation state and state-sponsored actors, and rapidly evolving attack surfaces, one of the few things that hasn’t changed is that the insider threat is one of the most, if not the most, insidious threat in almost any environment. That’s not FUD (Fear, Uncertainty and Doubt) either, just look at the negative impact that Edward Snowden’s leak of thousands of files from the US National Security Agency [NSA] has had on the the US intelligence apparatus. 
According to A Preliminary Model of Insider Theft of Intellectual Property, a paper published by Carnegie Mellon University, 75% of cases of insider IP thefts were performed by employees. Some 65% had already accepted a new job somewhere else while 35% stole to gain an immediate advantage at a new job. And 25% of cases resulted in the stolen information being given to a foreign government or company.
How widespread or common are these types of threats?
Today external attacks are almost constant and less damaging [with the exception of high-profile attacks and near-total breaches, such as those against Sony and Ashley Madison. By contrast, insider attacks are more rare, but typically far more damaging such as the damage caused by Edward Snowden’s leak of NSA documents to the government’s security infrastructure.
Are business paying enough attention to the threat posed by their employees?
From what I’m seeing in the field, the vast majority of organisations are overlooking the insider threat. Very few organisations are actively posturing against, or frankly even considering, insider threats.
How can technology help to detect and prevent insider attacks?
Behavioral analysis on internal network traffic is one of the best defenses against a ‘Edward Snowden-style’ insider attack. Users typically behave in certain ways. When that behaviour changes, it usually means something. For example, according to Wired, Snowden, who famously leaked thousands of NSA documents, spent a great deal of time scouring the private classified NSA network for documents and downloading them to his workstation, memory sticks and CDs — a dramatic shift from typical behaviour of someone in his role. This would have easily been detected with behavioral analysis. 
Data Loss Prevention (DLP), which typically scans outbound data for known sensitive information, can also help, although it’s not a replacement for good physical security. DLP wouldn’t have prevented either Snowden or Chelsea Manning from walking out with secrets burned onto CDs labeled “Lady Gaga.”
Another good prevention technique is to ensure that sensitive documents are properly protected and only accessible by people who have a business ‘need-to-know.’
Unfortunately, none of these will detect or prevent the most dangerous insider threat: when an employee takes sensitive information they have been entrusted with to do their jobs. Unfortunately, this is less preventable via technology and requires insight into employees’ changing behaviors and attitudes. 
How do these types of attacks happen, what are the main weaknesses that are being exploited?
One of the most common mechanisms is not a technical one: it’s asking a friend. In fact, according to a Carnegie Mellon University paper, A Preliminary Model of Insider Theft of Intellectual Property, 19% of intellectual property theft cases involved colluding with another insider. In the case of malicious collusion, not much can be done. However, good security awareness training can be invaluable in preventing social engineering attacks – where an employee tricks another employee into providing sensitive information.
Another common technique is improper sharing permissions on drives, folders, and documents.
Finally, and this seems to be rarer, is the use of technological exploitation techniques against internal systems. 
Do insider attacks need to be treated differently to external attacks?
First and foremost, CISOs and CIOs need to stop treating the internal network like it’s a safe or trusted zone. It’s not. BYOD environments realise this, but the more important lesson here is that non-BYOD networks aren’t safe either.
Regular internal vulnerability assessments and penetration testing are key to finding and remediating internal weaknesses. Remediation is the key. I can’t even tell you how many internal assessments we’ve performed to check a compliance box that it was done — but the results were never acted upon. The addition of Behavioral IDS (intrusion detection system) sensors on the internal network will improve the situation dramatically, as will regular evaluation of access rights and sharing permissions.
Will insider attacks get better or worse?
It gets worse every day. As Willie Sutton, the infamous American bank robber said, when asked why he robbed banks, “That’s where the money is.”  The insider threat is getting worse because that’s where the valuable information is — but there’s an additional component here: that’s also where the weakest controls often are. 
We lock down the external. As an industry, we’ve become better at that over the years. However, as long as there’s valuable information, someone’s willing to get access via the HVAC network like the case with retailer Target, recruit an unscrupulous employee, or in some of the worst cases – get a job at a company to gain access to information in order to steal it.

Tags: controlsdatadisgruntlesEmployeeHackInformationInsiderInsider Threatintellectual propertyIPjobnational security agencyNSApasswordsecuritySnowdenTargetTheft
ShareTweet
Previous Post

The death of the password is upon us

Next Post

NSFOCUS Introduces Global Cloud Security Platform

Recent News

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

July 17, 2026
AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol