Podcast Transcription


Dr. Christine Izuakor:
Welcome to the Veriato Insider, a biweekly podcast covering some of the latest trends and things to know in cybersecurity. This podcast is sponsored by Veriato, an award-winning employee monitoring and insider threat detection software provider. To learn more about how Veriato can help protect your company, check out Veriato.com.

Dr. Christine Izuakor:
Reporting to you from Chicago today, I'm Dr. Christine Izuakor, and I'll be your host. I believe in taking lessons from the past and using them to avoid mistakes in the future, and so I wanted to look back at some of the breaches we've seen happen during the last year and pick one that can teach us a lot. And I found a pretty good one, one that I don't believe got much attention in the press, but is absolutely mind-blowing in my opinion.

Dr. Christine Izuakor:
In 2019 Dominion National, a dental and vision insurance provider, discovered a breach that impacted 2.9 million customers. Happens all the time, right? So what makes this so special? Well according to reports, the attacker gained access to their system in 2010. Yes, this would mean that they were investigating this attack almost a decade later. Now think about what could happen in a 10 year span. I mean, imagine living in your home every day with your family, going to work or school, coming home, eating, sleeping, living, and more, not knowing that there is an intruder living in your basement for 10 years. That's essentially what this is like.

Dr. Christine Izuakor:
And so this week we're talking about a longstanding challenge when it comes to managing business risk, especially in the cybersecurity space, and that's visibility. Now, what do I mean by visibility? There's different definitions and layers to visibility in cybersecurity: it could mean your ability to see and understand what assets are on your network, it could be your ability to see incidents happening in the cloud, for example, it could mean a ton of things. But for this session, when I talk about visibility, I mean being able to see when not so great things are happening in your company that you should do something about.

Dr. Christine Izuakor:
I'm going to share a few quick stats to further highlight this. According to IBM, the average time to identify a breach in 2019 was 206 days. In addition, the average life cycle of a breach was about 314 days from breach to containment. Some are much higher, as we saw with Dominion of course, but even they aren't alone. So for example, in the case of Marriott Starwood, that breach happened a couple of years ago and impacted 500 million people. It wasn't made public until four years later.

Dr. Christine Izuakor:
Now it's 2020, why is it still taking us this long to discover breaches? And the better question, how can we reduce the amount of time it takes to detect a breach? Now I'll spend the rest of this time covering those topics, but specifically covering some of the basics of detection, and also how user behavior analytics can make a huge difference in this space. I'll also take a few minutes towards the end of the podcast to talk about some other trending t

Dr. Christine Izuakor:
So first, let's start with the basics. A good place to start in detection is checking for indicators of compromise, of course. So there are quite a few telltale signs that can suggest a company may have been compromised. Common examples include, a single device that's using multiple credentials across the network, could be the detection of aggressive port scanning, it could be elevations of access in normal users, it could be system files that are being modified that probably shouldn't be, and much more.

Dr. Christine Izuakor:
And there's a lot of existing technology today that can help you gain insight into some of those indicators of compromise, everything from intrusion detection and prevention systems, file integrity, monitoring SIM solutions, and much more. I won't bore you with a list of every single option, but there is a ton. And while these are still relevant and helpful solutions today, attackers are getting very creative in how they mask their activity so that they don't trigger alarms.

Dr. Christine Izuakor:
And so, as an industry we have to get creative and adapt to that. Now before I get into the ways that we can get creative and address this, the other huge part of a very basic recommendation when it comes to detection, as simple as it sounds, is to make sure you have people to actually check and monitor the technology and the solutions that you have. So no tool, that I've seen at least, no matter how great, is going to solve all of your problems without any human intervention.

Dr. Christine Izuakor:
Interesting things are happening at the intersection of cybersecurity and artificial intelligence, and I'll touch on that a little bit later, and that can help in this space, but the bottom line is that having someone to monitor these alerts is very important. How many times do we see companies run and invest in technology without understanding who's actually going to be monitoring it? And doing this actually puts companies in a riskier position, because it's one thing to claim ignorance or not know what's going on in your network, but it's another thing to have the tools and to get the alerts that something is going on and still not do anything about it. And I understand almost every security team out there appears to be understaffed, but this is where things like managed service providers, targeted cyber talent training, and hiring investments in automation, better technology and more can help.

Dr. Christine Izuakor:
Now, so far I've talked about some common detection technology and the need for people, but the last topic I want to focus on is where those two things intersect, which is essentially focusing on user behavior. And so the term for this user behavior analytics, also known as UBA, which is what I'll call it for the rest of this podcast, I'm going to spend a little bit more time on this topic because I think it's important to highlight, from a creativity and a from a next generation detection kind of standpoint.

Dr. Christine Izuakor:
Now, UBA is not insanely new, it's been around since the early 2000s. It's essentially a process that measures and evaluates normal user activities happening in your network or on your systems in order to see when something abnormal is occurring, such as a hacked account, for example. Now the fundamental operating principle of UBA is to establish a snapshot of typical activities a user might make in an organization through logs and through other data sources, and then anytime there's a new user activity that occurs, this analysis is done based on artificial intelligence and machine learning models to see if the activity matches what is considered normal. And if there is a significant deviation that may be cause for alarm.

Dr. Christine Izuakor:
It goes a step further to overlay context around the user's behavior, so that it can more accurately determine if an activity is potentially malicious. This is powerful for quite a few reasons. A UBA can help reduce the risk of undetected attacks and help companies to detect and respond more quickly. I already talked about some of the signs that suggest a company has been compromised or breached, and technology that can help in that space, however, as these attackers get more sophisticated in finding ways to trick traditional alerting technology, this is where it really makes a difference. And so thankfully UBA and other AI based solutions are getting intelligent enough to conduct more deep learning on user behavior and adapt quickly, so that it's harder for to evade those alarms.

Dr. Christine Izuakor:
Insider threat is another big one. A significant amount of breaches start with your own trusted employees and connected third parties. And so user behavior analytics can help you evaluate often difficult to analyze concepts related to people. So think measuring employee sentiment, sabotage, abuse of access or authority, and other violations of policy that often get detected as anomalous user activity.

Dr. Christine Izuakor:
Attackers also often escalate their user access permissions to gain access to more critical resources and potentially inflict greater damage, and so that's another area of benefit here, potentially. One report mentioned that about 74% of breaches usually involve access to a privileged account. So these accounts are very critical to protect, and it is important to be able to detect any risky behavior and alert as quickly as possible when there's funny business going on with privileged accounts, because it's definitely one of the common signs that there has been a breach or a potential compromise.

Dr. Christine Izuakor:
Now when you're taking this user-centric approach to detection, there are five important elements or capabilities that matter in order to help you get the most out of user behavior analytics, and that helping you at detection. One, you want to be able to monitor all user activity around the clock. Whether it's emails, instant messaging, keystrokes from a keyboard or more, you want that visibility. I know it sounds a bit a Big-Brotherish, no one wants to feel spied on, but this level of surveillance is necessary in today's cyber climate.

Dr. Christine Izuakor:
Even better, some solutions offer dark web tracking, psycholinguistics analysis, which is the study of relationships between linguistic behavior and psychological processes that can help you determine, through communication styles, if an employee, for example, is disgruntled or angry or planning to leave the company. There's tons of other more advanced user activity considerations as well.

Dr. Christine Izuakor:
And again, I know for some people listening it might sound sketchy, and you definitely want to consider privacy laws and legal agreements or requirements when rolling out this kind of technology, but it's definitely not unreasonable. I'm sure there was a time when people felt video cameras in public areas made them feel spied on, but with time people understand the value and the importance. The way that I like to describe it to users is that if someone stole your login credentials and used it to steal a million dollars from your company, without this kind of technology, you're going to be the one to go down for it.

Dr. Christine Izuakor:
The second capability you want is the ability to analyze everything using artificial intelligence. User activity, and all of the computer logs associated with that, are presented in the form of what we call Big Data. It's a lot of data, and leveraging advanced AI algorithms to review and understand that data at a much faster rate than human beings can is a key differentiator here. I talked earlier about the importance of having people to monitor alerts, and AI is changing the game here in that you know what requires a user so much time to review, our machines can do in of course in less time than we ever had before. I still remember days as an intern sifting through literally hundreds of thousands of logs and security alerts trying to figure out what I needed to pay attention to, versus what was a false alarm, and I've seen AI make that process so much more effective.

Dr. Christine Izuakor:
The third is that it should alert your team when there is a threat, a relevant threat. And that word relevant is very important. Getting alerts that matter as quickly as possible will allow your team to act fast and focus on the right things. You can also automate some of the basic responses and administrative tasks if necessary.

Dr. Christine Izuakor:
The fourth is to be able to review the evidence and investigate. Again, speaking from experience, it can take days, weeks, or even months to figure out what happened after you detect an incident. With playback features and similar functions that you find in some of the latest tools, you can learn the extent of the threat, you can understand what happened, you can also get a sense of who may have done what, even if someone's credentials were stolen and someone else was acting under their name.

Dr. Christine Izuakor:
And lastly, the fifth thing, you should be able to respond with speed, confidence, and the artifacts to pursue legal action if required. So whether you're in need of getting your HR team or law enforcement involved, whoever it is, with the right UBA solution you can have evidence ready to present immediately to mitigate risks to your company. And we've seen so many cases where breaches ended in lawsuits or other legal action, and when you have hard evidence you can confidently and quickly take that action against threats you discover. Otherwise, no evidence, no case.

Dr. Christine Izuakor:
Now this is definitely not an all inclusive breach detection guide, but it's a good starting point. I always say a smart and layered defense is the best defense. There are so many other elements to consider and things that you can do to detect these threats and protect your company from an attack, and so if you want more detailed content on these topics and more or you can check out the resources page on Veriato.com.

Dr. Christine Izuakor:
And finally, a rundown on quick trending cyber topics that you insiders should know. We have three for you today, the first being GDPR. So according to reports from several news outlets, GDPR fines have hit 114 million euros since enactment less than two years ago. That's about $126 million in US dollars. And to give you an idea of the magnitude, about 160,000 breach notifications have been reported by European Union members in that timeframe.

Dr. Christine Izuakor:
Google made history with the largest fine so far, at $57 million. And they received that fine, according to regulators, because the company failed to clearly convey what consumer data it collected, why it was processed, for how long it was processed, and also getting sufficient customer consent. And so GDPR is still a huge topic of discussion and something we all have to pay attention to.

Dr. Christine Izuakor:
The second trending topic, cybersecurity state leaders. So according to InfoSec magazine and other news outlets, the United States is considering new legislation that would protect local governments by requiring the appointment of a cybersecurity leader for each state. This is pretty interesting here. Called the Cybersecurity State Coordinator Act of 2020, backers are saying that the proposed law will improve intelligence sharing between state and federal governments, and speed up incident response times in the event of a cyber attack. So right on par with our topic for today's podcast, everyone is trying to figure out how to speed up breach detection and incident response times.
Dr. Christine Izuakor:
And our third trending topic, tax season is scheme season. So 'tis the season when attackers are posing as the IRS, as employer W2 distributors, or tax filing companies to trick users into doing things that put your company at risk. These trends are always a good reminder to educate your users on avoiding these attacks, and also ensure that you have a way to defend against insider threats in your company, even for the non-malicious unsuspecting employees.

Dr. Christine Izuakor:
So those are our three trending cyber topics that we wanted to cover. And that concludes the Veriato Insider podcast for this week. This podcast, again, is brought to you by Veriato, an award-winning cybersecurity company recently recognized by Gartner. Their solutions are anchored around four areas of cybersecurity protection, and those include employee monitoring and web filtering, insider threat detection, employee investigations, and ransomware support. To learn more about how Veriato can help protect your company, or if there are questions you want answered during the next podcast, visit Veriato.com and send the team a quick note.

Dr. Christine Izuakor:
Thanks for tuning in. I'm Dr. Christine Izuakor, the CEO of Cyber Popup, and it's been my pleasure to share these insights with you. Until next time, stay safe and secure, insiders.


Listen To Podcast