IntroductionIn this episode we cover the victimization of phishing, some insider threat news, and more. Don't touch that dial!
Welcome back! This is episode 39 of The Insider Threat podcast, for the week of June 4th, 2018.
Infosec Trivia QuestionIt's time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!
The question last episode was "In 2013, someone hacked into the Twitter account of the Associated Press and tweeted about explosions. This caused the DOW to drop 143 points, even though AP employees immediately corrected the disinformation. In this fake news post, where did the explosions take place?"
The answer was "The White House".
This is just one way that nefarious peole can have a negative impact on industry and society. If you really want to see some interesting things, watch Black Mirror.
Congratulations to: Elizabeth from Nisswa, David from Beaumont, Lily from Victoria, Kelvin from Aimster, and Mollie from Garden City for getting the correct answer.
Here's your question for this episode: "In 1996, the term 'phishing' was introduced in a Usenet group that was focused on America Online. What was the name of this group?""
Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Hades".
Discussion TopicThe discussion topic for this week is the victimization of phishing.
Both real phishing attacks and internal phishing
Safe to say that if everyone in the organization gets a phishing email, a percentage of employees WILL click on it
Focus training not just on prevention, but response
Encourage reporting, even if they accidentally fall victim
Last thing you want is for people to be afraid to report because they clicked on the link or open the attachment - they are the most important
(I tell my users) I'd rather have 100 false reports every day that I have to weed through than miss that one real one that causes a major breach
Does your organization conduct internal phishing assessments?
Do you hire a vendor to do this, or do you do it yourself?
How can we encourage our people to file reports even after they fall vicitim?
One way that I do this is to personally thank them for their reports, no matter how benign
You can also send out security newsletters to your employees highlighting typical attack vectors and known current techniques
Bottom line - the better your security culture is, the more likely they are to report suspicious activities
NewsA complaint filed May 24 in U.S. District Court for the Middle District of Louisiana alleges a recently terminated employee hacked into the company's website and email system, essentially rendering both unusable; and took client files when she left.
Partco is apparently a machine shop that provides services to the energy sector.
This complaint states that the employee hacked into these systems but from what I'm reading, she was basically in human resources and served as the office manager when it came to safety and compliance. In the world we live in now, where everyone is flapping their arms and claiming that there is such a shortage of skilled tallent in information security, I find it hard to believe that this individual (Ms. Mary Langlois-Templet), actually hacked into anything. I'm not saying she didn't do it, but the company was in the middle of being acquired and this smells like they just didn't revoke her access when she left.
I don't think I need to go into too much detail with the moral of this story, as it is one we have heard before.
Take care of your employees, even when they are being terminated.
For the love of all things holy, disable accounts AS someone separates from the organization.
Reread numbers 1 and 2.
QuoteOur closing thought for this episode comes from American educator, businessman, author, and speaker, Dr. Stephen Covey. He said, "The key is not to prioritize what's on your schedule, but to schedule your priorities."
OutroThank you for listening to episode 39 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.
You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we've covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.
Thanks again and I'll see you folks next time!
Contact information:Call in number: (443) 292-2287
Email - steve@theinsiderthreatpodcast.com
Blog - http://www.stephenhigdon.com
Twitter - https://twitter.com/stevehigdon
LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/
Comentarios