Podcast Transcription


Dr. Christine Izuakor:
Welcome to the Veriato Insider, a biweekly podcast, covering some of the latest trends in things to know in cybersecurity. This podcast is sponsored by Veriato, a next generation employee monitoring and insider threat detection software provider. To learn more about how Veriato can help protect your company, check out veriato.com. I'm Dr. Christine Izuakor, your host for today's segment. And our topic is about balancing employee support and monitoring during the remote era. Now, we've already seen in the news many large corporations now planning to, um, have remote work forces, uh, into 2021. And so I s- uh, suspect this will become the new norm. And so, employee monitoring is gonna be huge, of course. And, um, though employees are out of sight, we still have to keep them in mind, just as we would in the office.

And so, we have a special guest with us today to cover this topic, uh, Victor Jabri, is joining us today from New York. Victor is an experienced security expert who has worked across numerous security and intelligence functions, everywhere from the US Army and Department of Defense, to supporting large companies like Lockheed Martin and Amazon. Of course, we know that intelligent is such a critical enabler when it comes to insider threat management and employee monitoring. And so, Victor has great perspective to contribute here. Welcome, Victor, and thanks so much for joining us.

Victor Jabri:
Thank you for inviting me to join this important conversation, Dr. Izuakor.

Dr. Christine Izuakor:
Awesome, awesome. So, maybe kick us off by first telling us more about your background and experience with managing, um, insider threat programs and intelligence.

Victor Jabri:
So, I've been involved in insider threat and counterintelligence for about 21 years now. And as you've, uh, stated, I started my career, really, with the US Army. I was a counterintelligence special agent and, uh, primarily focused on investigations during the early part of my career. Uh, and eventually moved in and away from the investigations' role, from specifically protecting sensitive and classified programs against foreign intelligence influence and penetration, to more of a role involved in creating the insider threat.

Much like our foreign intelligence, uh, competitors, I learned to apply similar methodology used to penetrate army and DOD programs, but in this case, to cultivate and create insider threats overseas. As the insider threat and counterintelligence landscape evolved, and the DOD and private sector technology s- solutions were incorporated into insider threat and counterintelligence, I learned how to apply these new tools to either counter or create insider threats.

I eventually transitioned away from the army and the DOD and into the private sector, where I cut my teeth leading programs protecting intellectual property and emerging technologies, and countering the ever-present insider threat. Today, I work as a consultant for a large financial investment firm as their insider threat investigations lead specialist, and consult with a variety of independent security and intelligence professionals to refine their respective capabilities.

Dr. Christine Izuakor:
It's such an interesting perspective to see both sides, right? Defending against insider threats and also creating them, um, definitely, cool to see. Now, from your perspective, what are some unique trends and challenges you've seen when it comes to supporting employees who are working at home during this new era?

Victor Jabri:
Probably one of the most market aspects of insider threat that I've seen is a heavy reliance on technology to pro- protect or solve against insider threat issues. And the perception that mitigating insider threat through technology, a singularly easy and a straightforward approach. The human factor, which is something I'll touch on later is equally important, especially when paired with technology. So the paradigm is shifting just a little bit, but that heavy reliance has, uh, almost paid a toll on some programs. But an unfortunate reality is that implementing these technology controls sometimes leads the hindering how business gets done. For instance, printing emerged as a major issue as did controlling access to files and folders residing on company networks and sharing information with external parties or in some cases, whether or not VPN solutions would meet business needs.

So implementing the controls requires extensive knowledge of business operations in order to develop the controls to ensure that business gets done and that the controls did not get in the way of doing business more importantly. In a nutshell, developing these controls comm- commonly with developing viable work solutions is key. Another thing to consider is that previous indicators of insider risk don't necessarily apply in the same way, for instance, working odd hours, something that would always, you know, gather some attention, uh, has changed unless you know as an insider threat professional, what has been agreed upon either at a team level or between a manager and an employee. This particular indicator may or may not represent a risk or threat.

One of the most telling and unique challenges however, in supporting employees working from home, is the shifting narrative around how organizations perceive it. Initially organizational concerns focused on productivity, but quickly transition to an emphasis on mental health and building in workplace models. This is a good change and necessary given that employees are experiencing potentially higher degrees of stress now. It also signifies that organizations are beginning to recognize that the health of their workforce is vital to the continuity of their operations and countering the insider threat.

Dr. Christine Izuakor:
Yeah, that's a really good point on how threat indicators are shifting as a result of current time that we live in and how a lot of the, the things that we would, you know, consider suspicious before, there's a, just a lot more gray areas. Now, there are quite a few value adds when it comes to employee monitoring. However, the most common ones appear to be around productivity and security. And so two questions for you first, you know, what are ways companies can use employee monitoring to support remote work productivity? And then the second half of that is how can employee monitoring and even user behavior analytics help from a security standpoint?

Victor Jabri:
Well, productivity can be monitored in a number of ways. However, it's the approach to the render data that matters the most. Instead of approaching the challenge from that of a gotcha game, productivity monitoring can shed light on the fact that productivity has changed. Or in some cases, as I've seen, has improved approach these situations as opportunities to ask important questions, to be curious, and to potentially adopt new processes while learning how to use these technologies in different ways to get the job done. The last thing we want, at least from an insider threat perspective is for employees to circumvent technology controls because they can't get their job done. Thus eliminating our ability as inside of the threat professionals to adapt and respond accordingly. Really, it all boils down to identifying solutions to help employees deliver results.

And so far as your second question, employee monitoring can contribute pieces to the greater security puzzle. For instance, when combining the sites and employee might've visited with documents, they've accessed or downloaded, people they've emailed and layer those into behavioral indicator models that may be shared through supervisors, HR, or part of a peer reporting program, a comprehensive risk framework can be developed to better understand whether an employee is acting maliciously, simply making mistakes, or is still adapting to this new paradigm.

Dr. Christine Izuakor:
I saw an article the other day about how, uh, private investigators are in greater demand right now because companies are hiring them to check and make sure employees are indeed working from home. Now that's kind of wild (laughs) to me, um, at least from my perspective, but it seems like companies are struggling to balance supporting, uh, and monitoring employees during this era. And many just aren't quite sure how to approach it. Now, what are monitoring considerations that companies should keep in mind in your opinion, and how can employers get ahead of some of the common pitfalls as they build employee monitoring programs?

Victor Jabri:
The goal of any employee monitoring program and any security program for that matter is to create mechanisms to identify indicators of risk as early as possible, and from as many sources as possible prior to an employee taking actions m- might hurt or harm other employees systems or the company. My preference is to start with security and education, uh, awareness training, it's essential. Help transform the workforce into active human sensors that are also willing and able to report issues of concerns through consistent and interactive security training. From there, develop a comprehensive strategy for how to investigate any issues that arise either through peer reporting, or technical monitoring, or both.

In essence, the goal is to create a proactive whole person, whole enterprise security risk model, train your employees to be able to recognize risks or threats, provide them with the mechanisms to hand them off to the cognizant officials and pool every technical resource possible to identify and mitigate a threat before tragedy strikes. Anything less typically costs more in the long run anyway, in terms of time, resources and lost reputational credibility. And it just makes it that much more difficult for employees to do the right thing.

Dr. Christine Izuakor:
Yeah. You touched on one of my favorite topics, which is raise that awareness and train people when it comes to insider threat, um, again, one of my favorite topics. Now, as we wrap up here, do you have any, uh, final thoughts that you want to add?

Victor Jabri:
Yeah. Uh, cybersecurity solutions and security solutions in general, don't necessarily deter bad people from doing bad things. Thus, the goal should be to beco- avoid becoming a better and more costly victim. Decades of intelligence and scientific research have shown that all behaviors present indicators. Unfortunately, most indicators are almost always readily apparent in hindsight, and rarely detected by technology during the initial stages. Thus, the importance for transforming your workforce into a model of human sensors, willing and able to report suspicious activities. Transforming this workforce from a legacy model of cyber reliance into one where cyber resiliency becomes the new security mantra and standard is the goal. Your human sensors, after all, are the key to success and far less costly to an organization. So include them in your solution equation now.

Dr. Christine Izuakor:
Well, Victor, thanks so much for joining us today. Uh, that concludes the Veriato Insider podcast for this week. Again, this has been brought to you by Veriato, an award-winning cybersecurity company recently recognized with the Gold Award for best insider threat solution of 2020. Their solutions are anchored around four core pillars of cybersecurity protection, including insider threat detection, employee monitoring, and web filtering, workplace investigations, and ransomware support. So to learn more about how Veriato can help protect your company, check out veriato.com. Thanks for tuning in and again, a special thank you to Victor for joining us today.

Victor Jabri:
Thank you so much for the opportunity. It's been a pleasure and I look forward to working with everyone in the community moving forward.

Dr. Christine Izuakor:
You know, I'm Dr. Christine Izuakor, the CEO of Cyber Pop-up, and it has been our pleasure to share these insights with you. Until next time, stay safe and secure insiders.


Listen To Podcast