Intro
Welcome back! This is episode 24 of The Insider Threat podcast, for the week of October 30th, 2017.
For the announcements this week, I had a wonderful conversation with someone who might be coming onto the show to talk about human behavior from a psychological standpoint and what that means for HR and insider threat risk. I'm really looking forward to that. On the personal side, I got a promotion this last week and I'll be able to have more influence on security in my organization, which is awesome. And that’s about everything I have for announcements, so...
Infosec Question of the Week
It's time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!
The question last week was "In 2003, David Heinemeier Hansson created and has since maintained a key capability that has programmer happiness as one of its key principles. What did he create?"
The answer was "Ruby on Rails".
Commentary
Congratulations to:
Maggie from Richfield, Rylie from Blackduck, Minnesota, Abe from Maryland, and Francis from Eastbourne for getting the correct answer.
Here's your question for this week: "In 1984, a computer hacker and DIY media organization called Cult of the Dead Cow was formed in Lubbock, Texas. They gained quite a bit of notoriety when they wrote a remote system administration tool. What was the name of this tool?"
Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "door".
Info - https://en.wikipedia.org/wiki/Back_Orifice
Discussion Topic for the Week
This week’s discussion topic is the motivations of malicious insiders
- What are malicious insiders?
?- Insiders who intentionally present risk to the organization
?- Are NOT negligent insiders
?- Are not the most common type of insiders (only 6%)
?- ARE the most widely marketed
- What are the common motivators for malicious insiders?
?- Personal use
??- Getting ahead at work
??- Getting ahead with your next employer
??- Blackmailing coworkers
?- Financial Gain
??- Selling information directly to competitors or foreign governments
??- Trying to sell it on the dark web
?- Sabotage
??- Doing something to get back at either the organization as a whole or someone in particular
??- Could be for missed promotion, wrongful firing, unethical practices
- What are key characteristics of malicious insiders?
?- Working during off hours
?- Trying to get access to information outside their job role
?- Displaying signs of extreme debt
?- Displaying signs of unexplainable wealth
?- Generally talking negatively about the organization or leadership
- How can we fix it?
?- Technology like User and Entity Behavior Analytics, monitoring solutions, access controls
?- Non-technical solutions like proper termination procedures, background checks, and training for recognizing signs of malicious insiders and reporting
News
- Insider threat news was pretty dry this week
- A ransomware attack took place primarily against Russian and Ukrainian companies, but the command and control infrastructure seems to be offline
- I don't know about you, but I'm definitely starting to get ransomware fatigue
- The Indian government advises against using public WiFi, go figure
- The Reaper botnet has over a million infected devices and researchers have warned that it could take down the internet
- Anonymous launched FreeCalalonia campaign, targeting Spanish government sites
Thought of the Week Segment
Our thought of the week comes from American music artist, poet, and philosopher Tom Waits. He said, "The large print giveth and the small print taketh away."
Outro
Thank you for listening to episode 24 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions. Hey, do me a favor this week and tell a friend about the show. The more we get this information out there, the better.
You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.
Thanks again and I'll see you folks next time!?
Comentarios