- Use Cases
Dr. Christine Izuakor:
Welcome to the Veriato Insider, a biweekly podcast covering some of the latest trends and things to know in cybersecurity. This podcast is sponsored by Veriato, an award-winning, employee monitoring and insider that detection software provider. To learn more about how Veriato can help protect your company, check out Veriato.com.
I'm Dr. Christine Izuakor, your host for today's segment, and our topic is about the impacts of the pandemic on insider threats, and we have a special guest with us today to cover this. Latecia is joining us from out in California.
Latecia Lamkin is an experienced cybersecurity expert who has worked across numerous cybersecurity functions, everywhere from Deloitte and Booz Allen Hamilton to Google. She earned a master's degree in cyber and information security and is CISSP CISM certified.
She also has years of experience focusing on the Insider Thread space, so an abundance of experience and expertise here with us. Welcome, Latecia, and thanks for joining us.
Thank you very much for having me. I'm very excited to discuss this with you.
Dr. Christine Izuakor:
Then we're glad to have you. So to jump right in, can you tell us more about your background and experience with Insider Threats?
My journey started in the federal government as- as a civilian. I spend, you know, six years managing a variety of military programs. Then after that, I moved into consulting, on the systems engineering side. And, while I was there, I worked on projects that supported incident response and global security efforts. And it was during that time that I began to take an interest in big tech and cybersecurity.
But at that time, I really didn't know how to get in the field, but it just so happened that one of those projects led me to a role in an organization, uh, that was just the victim of- of a major data breach on the day that I walked in the door. And that ended up that accommodating into, um, a very large scale insider threat project. It spanned over three years and included many high visibility projects. To sum it up, it was just that- that Insider Threat experience that pretty much started and- and shaped my- my journey in cybersecurity and I fell in love with, you know, studying the insider.
Dr. Christine Izuakor:
Nice. And you have a very impressive resume and lineup of experience, so from your view how are insider threats shifting amidst the ongoing pandemic and everything happening today? What do you think is causing this shift?
Well, you know, the insider, the attack on insider threats are already extremely difficult in general, before the pandemic. But with this pandemic, what we're seeing is a major spike in phishing attacks. Attackers are using, uh, email scams to get, you know, unaware victims to either download attachments or documents, which then results in, you know, some malware, like, a locket barter agent, Tesla, Keylogger to infect their devices. And what that does is it steals user information and credentials from that device.
Another thing we're seeing is a lot of fake websites are more rampant at this point, and they are specifically designed to look just like the ones that many are familiar with. And, they've also created new ones with the goal of luring attack users to... users to malware affected types, and those equipped with social engineering tricks.
I think that the attacker, they change the way that they... their- their method, because, you know, a lot of people working from home, users have fears about themselves, and so these fake websites are typically websites that are designed to, you know, give information about the pandemic or the virus and people wanna learn about. And/or possibly donate to certain efforts, and that causes, you know, attackers to set up some- some kind of method where they can steal their payment information.
So basically, in general, the attack surface has increased dramatically because organizations have to extend their security controls beyond the environment that they were mostly using, prior to the pandemic.
So, organizations may just not have been able to quickly implement solutions before sheltering in place, which means that particularly when I say that, VPN solution. Also, the users are more likely to be using insecure home wi- wifi. You know, often wifi at home is something that we just... we talk about and we don't monitor it, we don't say, "Hmm, maybe I should make that password stronger or more secure." And when you're... when you're introducing company devices into that, with that, or you're- you're mingling that with your insecure home wifi, you know, that introduces extra risks that weren't there pre-pandemic.
So it definitely has changed the way that organizations do business due to shelter in place restrictions. Users are adding another layer because people have to... they have to balance their work duties with other things that they may not have had to before, such as, providing homeschooling, or daycare for their children, which then increases the likelihood of them being distracted and more apt to make careless mistakes with... you know, while working with company data or company devices.
And, you know, then they become an insider threat because we know insider threats are... it could be either malicious or it could be indirect, just based on negligence, or mistakes, or a lack of awareness.
And so in general while working from home, users may not be as vigilant in their home environments about protect- protecting confidential information because they're more relaxed in their homes, and, again, there's that lack of oversight.
And so then you add to the additional stress... the stressors and stress users are more at high risk for becoming insiders. And, you know, there's stressors these days, such as financial hardship, fear, again, which I mentioned earlier, you know, anger. Just- just the feeling of being constrained and locked down, it can cause people to be... or users to be motivated to partake in malicious activities for personal reasons and they could just... again, they could just be so distracted that they're not protecting or safeguarding the way that they should.
Also, the other part is not having the usual emotional and physical interactions with teammates. Again, that kind of causes a disconnect for some people and it... those are the types of things that organizations have to keep track of or to stay on top of. So, I think- I think that's pretty much it, in a nutshell.
Dr. Christine Izuakor:
Yeah. Tons of good points there. You know, as you were talking about the unintentional user and negligence, or just not being aware of the risks, I remember a conversation that I had with my, uh, little sister the other day. She- she told me her wifi password, and I was like, "Gosh, you gotta do better than that." And she was like, "Well, what's the worst that somebody can do? Like, my neighbors can log in and- and, like, use my wife and that's it. Like, it's gonna be the same bill." and I'm like, "Sweetie, that's not the only thing (laughing) people can do." Uh, so yeah, definitely some opportunities for education out there.
And now shifting gears towards solutions. What can businesses do to address these threats in the context of the pandemic especially, and just like people working more remotely and social distancing?
So the one thing I can... to start off, I think emotional intelligence is more important now than ever. I think the organizations should have a strategy that somehow outlines or, you know, involves them working to keep the lines of communication open. You know, with periodic 101's or group check-ins. You know, to- to let employees know, like, "We're here for you. We support you."
And also it's a way to be able to pick up on things that are not being said. You know, being able to see if somebody's may be stressed out. Maybe it's something that deserves a deeper look, or maybe that person may need some support that they're just not asking for.
And second, definitely revamp the training and awareness program. One of the things that I've seen is that the training that... you know, training programs for security and awareness are... they don't really include insider threats as much. And I've seen this a lot across the board, and so that needs... that's something that, you know, because again, you know, you have a lack of awareness. You have the f... or users that are, um... they aren't even aware that they're inside. They're not aware... they're not aware that they're doing something that can make them an insider threat.
And so, yeah, I feel like there should be an insider threat, work-from-home edition added to their- to their current training, program, and that should be distributed as soon as possible. Like, you know, as soon as they can get it.
Also, maintain oversight. You know, be able to implement a solution that will give you oversight of the users when they are working from home. And my thought is that you know, a solution that has some auditing and user behavior analytics capabilities, which, you know, would help them to detect abnormal behavior by users. It'd be able to pick up on extraction of data or other, you know, processes that are a little questionable riding on those servers.
Also, another thing they should definitely do if they haven't already is quickly implement some multifactor identification for all actions, anything that requires, asks us, to use a portal that you know, holds sensitive information.
So my next point, the bring your own device, BYOD. It is more likely to be in play these days. You know, because... you know, again, organizations didn't' really, have time to implement certain things, put certain, things in place before the shelter in place restrictions, happened. And so, they should not be... required that all personal devices that anyone had access to company data or, you know, systems. They should have the latest version of security and software updates, before any kind of access is granted.
Another thing is to review and update your current security controls and, you know, try to figure out what... you know, how they can extend those to, you know, working from home, in-home environment. Larger [inaudible 00:11:22] definitely say to distribute instructions and reminders periodically to users about securing their own home network because they're using their home network to access the sensitive information and proprietary data, but, back to the VPN's is what I mentioned before is that, you know, the VPN's, uh, definitely should be in place to help improve that network connection, just in the- in the instance, their wifi is not secure.
Dr. Christine Izuakor:
Yeah, and I like the- the point that you made on the role of emotional intelligence in all of this. I think that's something that a lot of people don't talk about in this context, and I think it's interesting that today especially, just from a technology standpoint, there are solutions that can help, you know, like, in addition to having those conversations and really, not just, um, you know, the most important part, caring about, you know, employees and having those conversations, but also getting kind of insight into, you know, where people are and if anybody is on the verge of them slipping to becoming, uh, a greater insider threat. And I think there is a lot of really cool technology out there leveraging article intelligence, and user behavior analytics and things like that can really help in that space as well. So a lot of really good points on solutions. so for kicks, what's the craziest insider threat situation you've come across in your career?
Oh, let me think about that. Well, that's easy, I guess. So I would have to say that the craziest insider threat situation I have come across is, you know, working somewhere and finding out that there's a user among us that has utilized various social engineering methods, and, [inaudible 00:13:10] escalation with stolen credentials to gain access to massive amounts of highly sensitive data. they ended up, unfortunately, giving that to a competitor, and as a result of the organization [inaudible 00:13:24] position and, you know, it had take... it- it... you know, that damaged their financial position. And when the story was reported in the press, their, obviously... their reputation took a serious hit, and they're still trying to recover from that. So at the end of the day, lack of controls that could've detected that unauthorized access that was going on for so long is what led to this. And a key reason, you know, why... for why it was able... why it was undetected, you know, why none of us knew what was going on was that the lack of proper controls in place.
Dr. Christine Izuakor:
Got it. Yeah. I think that's one of a company's worst nightmares, is just having your sensitive IP or your sensitive information getting into the hands of a competitor or someone who may not have your best interests at heart. Yeah, really scary situation that companies find themselves in for sure.
Now as we come to the end here, do you have any, um, visions or predictions on the role that insider threat will continue to play in cybersecurity, uh, strategies post-pandemic?
Well, um, I think it's unlikely that we would go back to pre-pandemic times, so five years from now, I predict that the pandemic will have a major impact on the way we do business, uh, how we govern, and the way we collaborate together. I see insider threats as having more of an internal role in organizations, security strategy, and plans. particularly with the introduction or emergence of, artificial intelligence and machine learning solutions that will help them tackle those large amounts of data that will help optimize their user behavior analytics efforts.
You know, users are human, and so there's always a chance that they will make mistakes that make... you know, that will make them an insider threat. But I see more comprehensive security and awareness training programs that will help combat. So, those two programs will have, you know, a specific section for working from home, or working environments that don't have somebody looking over your shoulder. You don't have to worry about, "Oh, I can't do this here. I need to be in a secret environment." You're at home, you're relaxed, and so the programs need to- to really capture that. Or I see them capturing that. Let's put it that way.
To sum it up, my vision is that insider threats, overall, it will become more embraced as a necessity rather than a luxury as it was pre-pandemic. And just from my experience, insider threat is one of those nice to have things, but it's not a top priority unless there's been a breach, and that's when it becomes dangerous and goes to the forefront. And so my vision includes being more proactive about insider threats.
Dr. Christine Izuakor:
Yeah. Tons of great points and a lot of good insight there. Latecia, thanks so much for joining us today. That concludes the Veriato Insider podcast for this week. Again, this has been brought to you by Veriato, an award-winning cybersecurity company recently recognized with the Gold Award for the best insider threat solution for 2020. Their solutions are anchored around four core pillars of cybersecurity protection, including insider threat detection, employee monitoring, and web filtering, workplace investigations, and ransomware support, all solutions that can definitely help address some of the concerns that we've talked about today and more. So to learn more about how Veriato can help protect your company, check out Veriato.com. Thanks for tuning in, and a special thanks to Letitia for joining us today. I'm Dr. Christine Izuakor, the CEO of Cyber Pop-Up, and it's been my pleasure to share these insights with you. Until next time, stay safe and secure, Insiders.