Embed Size (px)
Citation preview
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Presentation Title
Presented By
Dealing with the insider threat.
Matt LemonGlobal Head of Information Security
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Introduction:
• Definition of an insider threat.
• Motivations.
• A few statistics.
• Identifying the threat.
• Combatting the threat.
• Preventing the threat.
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Quick poll
Which is the bigger risk?
• External attacker• Organisations own staff
Threat
Internal External
Forrester 2013 - “Understand the State of Data Security and Privacy”
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Definition
1. The trusted unwitting insider.2. The trusted witting insider.3. The untrusted insider.
A lot is mentioned in the media about the threats of cyberspace, where
outside entities use software flaws, hijacked computers and social engineering
to strike at company networks. For many, insiders are the greater cause for
concern.
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Motivation
• Financial Gain
• Career Advancement
• Revenge
• Thrill
• Accidental error
• Being helpful
• Political
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Risky areas
• Theft
• Deletion or Corruption of data
• Physical damage
• Data leakage
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
How Insiders are handled
Source: 2011 CyberSecuirty Watch Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon
University and Deloitte, January 2011.
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Identifying threats.
FBI Research
Spotting behaviour is difficult
because there is so little and
unhelpful data to work with. Finding
the red flags that predict an insider
threat also gives rise to a lot of false
positives.
Former FBI Chief Information Security Officer Patrick Reidy
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Identifying threats
The Insider Threat Cyber “Kill Chain”.
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Identifying the threats
• Often first in and last out of the office.
• Lots of unused holiday.
• Changes in lifestyle – Spending, Socializing, Marital Status.
• Resigned.
• Working out redundancy.
• Passed over for promotion or pay review.
• Pending HR disciplinary.
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Combatting the threats
Positive Social Engineering.
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Combat & Prevention
• Document and enforce policies and controls.
• Include insider threat awareness into security training.
• Monitor and respond to suspicious or disruptive behaviour.
• Anticipate and manage negative issues.
• Know your assets.
• Use strict password and account management policies.
• Enforce separation of duties and least privilege.
• Use access control and monitoring policies on privileged
users.
• Use Security Event and Information Management (SIEM) to
monitor and audit staff.
• Implement secure backup and recovery processes.
• Establish a baseline of normal network behaviour.
• Monitor for potential Data Leakage.
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Tools & Techniques
NOT AN ENDORSEMENT – NO AFFILIATION.
• SpectorSoft – Spector 360 (Employee Monitoring Software)
• Tripwire – IP360
• Security Onion - Open Source IDS
GRC 2.0 - Breaking Down The Silos
ISACA Ireland Conference – 3rd
October 2014
Thank you…..
plus.google.com/+matthewlemon/
@mattlemon
