Eskenzi PR Eskenzi PR
  • About Us
Tuesday, 20 April, 2021
IT Security Guru
Eskenzi PR
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Q&A with David Venable, Masergy

by The Gurus
June 6, 2016
in Editor's News, News
Share on FacebookShare on Twitter

The Guru was lucky enough to get this Q&A with ex-NSA analyst and current VP of cybersecurity at Masergy David Venable – here’s what we found out.
Can you tell me a little about insider threats – how much of a problem are they?
While the entire threat landscape is changing dramatically with the increased sophistication of adversaries, nation state and state-sponsored actors, and rapidly evolving attack surfaces, one of the few things that hasn’t changed is that the insider threat is one of the most, if not the most, insidious threat in almost any environment. That’s not FUD (Fear, Uncertainty and Doubt) either, just look at the negative impact that Edward Snowden’s leak of thousands of files from the US National Security Agency [NSA] has had on the the US intelligence apparatus. 
According to A Preliminary Model of Insider Theft of Intellectual Property, a paper published by Carnegie Mellon University, 75% of cases of insider IP thefts were performed by employees. Some 65% had already accepted a new job somewhere else while 35% stole to gain an immediate advantage at a new job. And 25% of cases resulted in the stolen information being given to a foreign government or company.
How widespread or common are these types of threats?
Today external attacks are almost constant and less damaging [with the exception of high-profile attacks and near-total breaches, such as those against Sony and Ashley Madison. By contrast, insider attacks are more rare, but typically far more damaging such as the damage caused by Edward Snowden’s leak of NSA documents to the government’s security infrastructure.
Are business paying enough attention to the threat posed by their employees?
From what I’m seeing in the field, the vast majority of organisations are overlooking the insider threat. Very few organisations are actively posturing against, or frankly even considering, insider threats.
How can technology help to detect and prevent insider attacks?
Behavioral analysis on internal network traffic is one of the best defenses against a ‘Edward Snowden-style’ insider attack. Users typically behave in certain ways. When that behaviour changes, it usually means something. For example, according to Wired, Snowden, who famously leaked thousands of NSA documents, spent a great deal of time scouring the private classified NSA network for documents and downloading them to his workstation, memory sticks and CDs — a dramatic shift from typical behaviour of someone in his role. This would have easily been detected with behavioral analysis. 
Data Loss Prevention (DLP), which typically scans outbound data for known sensitive information, can also help, although it’s not a replacement for good physical security. DLP wouldn’t have prevented either Snowden or Chelsea Manning from walking out with secrets burned onto CDs labeled “Lady Gaga.”
Another good prevention technique is to ensure that sensitive documents are properly protected and only accessible by people who have a business ‘need-to-know.’
Unfortunately, none of these will detect or prevent the most dangerous insider threat: when an employee takes sensitive information they have been entrusted with to do their jobs. Unfortunately, this is less preventable via technology and requires insight into employees’ changing behaviors and attitudes. 
How do these types of attacks happen, what are the main weaknesses that are being exploited?
One of the most common mechanisms is not a technical one: it’s asking a friend. In fact, according to a Carnegie Mellon University paper, A Preliminary Model of Insider Theft of Intellectual Property, 19% of intellectual property theft cases involved colluding with another insider. In the case of malicious collusion, not much can be done. However, good security awareness training can be invaluable in preventing social engineering attacks – where an employee tricks another employee into providing sensitive information.
Another common technique is improper sharing permissions on drives, folders, and documents.
Finally, and this seems to be rarer, is the use of technological exploitation techniques against internal systems. 
Do insider attacks need to be treated differently to external attacks?
First and foremost, CISOs and CIOs need to stop treating the internal network like it’s a safe or trusted zone. It’s not. BYOD environments realise this, but the more important lesson here is that non-BYOD networks aren’t safe either.
Regular internal vulnerability assessments and penetration testing are key to finding and remediating internal weaknesses. Remediation is the key. I can’t even tell you how many internal assessments we’ve performed to check a compliance box that it was done — but the results were never acted upon. The addition of Behavioral IDS (intrusion detection system) sensors on the internal network will improve the situation dramatically, as will regular evaluation of access rights and sharing permissions.
Will insider attacks get better or worse?
It gets worse every day. As Willie Sutton, the infamous American bank robber said, when asked why he robbed banks, “That’s where the money is.”  The insider threat is getting worse because that’s where the valuable information is — but there’s an additional component here: that’s also where the weakest controls often are. 
We lock down the external. As an industry, we’ve become better at that over the years. However, as long as there’s valuable information, someone’s willing to get access via the HVAC network like the case with retailer Target, recruit an unscrupulous employee, or in some of the worst cases – get a job at a company to gain access to information in order to steal it.

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: controlsdatadisgruntlesEmployeeHackInformationInsiderInsider Threatintellectual propertyIPjobnational security agencyNSApasswordsecuritySnowdenTargetTheft
ShareTweetShare
Previous Post

The death of the password is upon us

Next Post

NSFOCUS Introduces Global Cloud Security Platform

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

AT&T Cybersecurity Launches New Managed Endpoint Security Solution with SentinelOne

AT&T Cybersecurity Launches New Managed Endpoint Security Solution with SentinelOne

April 19, 2021
Dominos pizza

Domino’s India suffers data breach

April 19, 2021
whatsapp icon

Vulnerabilities found in older version of WhatsApp

April 19, 2021
Data Breach Cyber attack code

University of Hertfordshire suffers system outage due to cyberattack 

April 15, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept