managing insider risk
TRANSCRIPT
4
Stroz Friedberg offers it’s clients trusted advice on understanding, improving and maintaining the cyber security of their organisations
Stroz Friedberg brings:
A distinctive blend of technology, legal and regulatory, investigative and advisory skills
An exceptional reputation for ethics and neutrality
Global reach capacity to handle multi-national projects
Unmatched experience in handling the most important, high profile situations
Credibility with regulators and boards
Cyber Security
LeadershipIdentification ProtectionEvolution
SECURITY SCIENCE
World class response to digital trouble – and advice on how to prepare for cyber attacks
INCIDENT RESPONSE
DetectionResponseRecovery
Leading experts on cyber defence - pragmatic, evidence-driven, strategies and tactics that work
6
Insider Risks
InsiderRisks
WorkplaceViolence
Espionage or IP Theft
Sabotage
Conspiracy
Attrition & Bad Leavers
Sexual Misconduct
Substance Abuse
Suicide & Mental Health
8
Path to Insider Risk
Personal Predispositions
Stressors
InterpersonalTechnicalSecurityFinancialPersonnelMental Health/AddictionSocial NetworkTravel
PersonalProfessionalFinancial
Medical/Psychiatric Conditions
Personality or Social Skills Issues
Previous Rule Violations
Social Network Risks
Suspicious Travel
Concerning Behaviors
Maladaptive Organization Response
Plans Recruitment Insider Attack Op Sec Action
EconomicStress
MilitaryConflict
PoliticalConflict
9
Example insiders
Chelsea Elizabeth Manning (born Bradley Edward Manning) is a trans woman and former US Army soldier convicted in July 2013 after releasing one of the largest set of classified documents ever leaked to the public
PFC Manning Bruce IvinsFormer senior biodefense researcher at the US Army Medical Research Institute of Infectious Diseases and the key suspect in the 2001 anthrax attacks
Corporate IP Thief
Corporate insider discovered stealing intellectual property during a client investigation
Aldrich AmesFormer Central Intelligence Agency analyst and counterintelligence officer. Convicted in 1994 after admitting espionage leading to the deaths of US sources and the compromise of many intelligence operations.
Online StalkerAnonymous online blackmailer outed and identified as a former employee during a client investigation
Hassan Abu-Jihaad Born Paul R. Hall, former US Navy officer convicted of supporting terrorism in 2001 after disclosing the location of Navy ships and their weaknesses to an online Al-Qaeda forum while serving as a signalman on board the USS Benfold
Greg SmithIn his March 2012 resignation letter, printed as an op-ed in The New York Times, the former head of Goldman Sachs US equity derivatives business in Europe, the Middle East and Africa attacked GS and its leadership
10
Risk and the Critical Pathway
CRITICAL PATHWAY MANNING AMES IVINS CORPORATE IP THIEF
Psychiatric disorders Gender identity Alcoholism Multiple psych issues including Dissociative Identity Disorder
Signs of depression
Personality/social skills issues
Yes Yes Yes Signs of narcissistic personality disorder
Previous violations Juvenile delinquency Juvenile delinquency College vandalism, theft Unknown
Social Network Risks Hackers N/A Family history of crime Family connection interferes with work loyalty
STRESSORS Personal, professional, financial
Personal, professional, financial
Personal, professional, financial
Marital, family, supervisor conflict, bad review, conflict with HR
Concerning Behaviors Multiple Multiple Multiple Tardiness, missed meetings, circumventing supervisors, resigns
Maladaptive Organizational Response
Multiple Multiple No comment HR inquiry escalates risk
Observed Insider Activity Hacker & press contacts
Travel, spending Lab violations Lies about resignation, downloads during “vacation”
12
Controls and Mitigations
Identify High-Risk RolesPre-Employment ScreeningNon-Disclosure AgreementsClear Published Policies
Leadership BehavioursConfidential Staff Personal SupportRegular Awareness TrainingPrompt & Consistent HR ResponsesData ClassificationData LabellingSensitive Project / Client Code Names
Physical Security (Badge Access)
Minimisation & Encryption of Data StoresPassword Quality StandardsLogin BannersFolder-level PermissionsComprehensive Identity & Access ManagementPrivileged User Access ManagementRegular audits of permissions and access rightsMinimised VPN AccessData Leakage Prevention Tools
On-Going ScreeningExit InterviewsWhistle Blower SupportAccounting Procedures
Security Cameras
Extensive LoggingNetwork Security MonitoringBehavioural AnalyticsPsycho-Linguistic Analytics
Recruitment Continuous Controls Monitoring
13
Technical Behavioural Indicators
New Job Searches
Addictive Usage
Unusual Pattern of
Life
AUP Breaches
Impossible Journeys
Failed Logons
Failed Badge Access
Large Volume Uploads
History Deletion