loader from loading.io

Welcome! Insider Threats and Clues to Watch for and more on Tech Talk with Craig Peterson on WGAN

Craig Peterson - America's Leading CyberSecurity Coach

Release Date: 06/13/2020

App Tracking Traps a Catholic Priest. How It Can Affect You, Too show art App Tracking Traps a Catholic Priest. How It Can Affect You, Too

Craig Peterson - America's Leading CyberSecurity Coach

App Tracking Traps a Catholic Priest. How It Can Affect You, Too Craig Peterson: I've got two hot topics for you this morning. One about this Catholic priest that ended up resigning and how that happened to tie into this Grindr account. And how it affects you because this type of technology used to convict him in the court of public opinion is something that. It could also easily be used against you. [00:00:25] And, by the way, it probably is. Now the next thing is this chip shortage. I've got a quote here from the Intel CEO. When is the chip shortage going to go away? When can we get...

info_outline
Intel Tells Us How Long the Shortage Will Last & Explosive Spyware Report show art Intel Tells Us How Long the Shortage Will Last & Explosive Spyware Report

Craig Peterson - America's Leading CyberSecurity Coach

Intel Tells Us How Long the Shortage Will Last [automated transcript] We're looking at a big chip shortage. You probably heard a little bit about it, but how long is it going to last? And we've got this explosive report out right now about spyware and some of the cyber hacking and what's happening with Android versus iOS. What should you be using, 50% of Americans are using Android, and the rest is split up mostly with Apple. iOS. So what's going on there? This is a research group that says, my goodness. The media outlets just aren't reporting the truth. So here we go with Mr. Chris Ryan....

info_outline
Google's Being Sued by the States -- And it doesn't look good for them show art Google's Being Sued by the States -- And it doesn't look good for them

Craig Peterson - America's Leading CyberSecurity Coach

Google's Being Sued by the States -- And it doesn't look good for them Craig Peterson: We talked earlier about Amazon and how much trouble they're in right now, Google apparently is in a similar boat. We had just this week, dozens of state attorneys, general suing Google on antitrust grounds. [00:00:16] You can reach me online. Just me. M E Craig peterson.com or what most people do is they just hit reply to my newsletter. [00:00:25] Hopefully you're on my newsletter, right? That goes out every week. If you're on that newsletter you can just hit reply and ask me questions. Any questions you...

info_outline
Recommendations to Turn Off Your Printers - eCar Fire Warning show art Recommendations to Turn Off Your Printers - eCar Fire Warning

Craig Peterson - America's Leading CyberSecurity Coach

Recommendations to Turn Off Your Printers - eCar Fire Warning Craig Peterson: Hey, we got another emergency patch out from our friends at Microsoft. And in this case, it has to do with printers and remote printer access. Do you have employees working from home? Microsoft has their big monthly patches that they release. They also have weekly patches that they released that are for slightly more critical vulnerabilities. And then they have. Patches that are released because there is a severe problem going on right now while that's what we are staring down. There is a vulnerability called print...

info_outline
COVID's Biggest Victim? The Traditional Workplace show art COVID's Biggest Victim? The Traditional Workplace

Craig Peterson - America's Leading CyberSecurity Coach

COVID's Biggest Victim? The Traditional Workplace Craig Peterson: Work from home is a huge deal, especially for a couple of segments of our society. And I want to talk a little bit about that now, as employees are returning to work, should they be returning to the office? There is a great article here this last week in Forbes magazine by Dana Brownley. And it was one of their editors' picks, and Forbes picked it, I think, for excellent reason. And that is so many of us have been working from home. And for many of us, it's been a godsend. I've worked from home now for over 20 years. And for me,...

info_outline
The FBI Weaponized Google Pixel Phones! show art The FBI Weaponized Google Pixel Phones!

Craig Peterson - America's Leading CyberSecurity Coach

The FBI Weaponized Google Pixel 4a Phones! If you look into buying a used Google Pixel 2a, I've got some news for you. The FBI has been very busy, and they've conned the con man. I love this story.  The FBI has been trying to track bad guys for a very long time, and there've been several ways they've done it. We know obviously about phone taps. We've seen those before the old days. I don't know if you've ever been to one of the original. Telephone switching stations were all not even original, but the types they had in the late sixties and early seventies. I remember going to see one, and...

info_outline
How Could Facebook Do a Better Job at Controlling Disinformation? show art How Could Facebook Do a Better Job at Controlling Disinformation?

Craig Peterson - America's Leading CyberSecurity Coach

How Could Facebook Do a Better Job at Controlling Disinformation? Hello, everybody. Great discussion this morning about Facebook and what is going on with their monitoring and controlling some of the topics. Should they have something in place that really stops false information? How could they do that? And what's their real motivation behind all of this. With Mr. Christopher Ryan, we also got into how the general services administration has completely messed up. Again, it's authorization, this FedRAMP authorization. Why are our federal agencies using some tools like zoom that have been proven...

info_outline
Amazon Is In For a Rough Ride show art Amazon Is In For a Rough Ride

Craig Peterson - America's Leading CyberSecurity Coach

Amazon Is In For a Rough Ride Did you know that Amazon has a new CEO? I remember back in the nineties; I pledge that I would never use Amazon again because they filed and were awarded a patent on technology everybody was using.  Jeff Bezos is out of a job. [00:00:19] This is a guy that grew a company that all they did initially really was book sales, and they had a warehouse the size of the Amazon, right? Because they wanted to represent everybody. They had every book ever published, and to a large degree. They did. They had a whole lot of bucks, and then I've expanded, of course, beyond...

info_outline
Kaseya and the Problem with Managed Service Providers show art Kaseya and the Problem with Managed Service Providers

Craig Peterson - America's Leading CyberSecurity Coach

Kaseya and the Problem with Managed Service Providers We have really in front of us, a critical warning. We're trying to figure out what should we do or to stop people from attacking us. That's a problem. What should we do? Many of us have gone out to managed services providers, and now they have let us down.  Did you hear about the Kaseya hack? It has had a huge impact on people. It's absolutely crazy. Or you heard about a thousand companies that got together and they have hired a negotiator in order to negotiate the ransom with the bad guys that have ransom there. It is huge. It's huge....

info_outline
Predictions About Olympic Cyberattacks show art Predictions About Olympic Cyberattacks

Craig Peterson - America's Leading CyberSecurity Coach

Predictions About Olympic Cyberattacks We're all excited about the upcoming Olympic games. And so are the hackers. Oh my goodness. I just finished reading a report by the cyber threat Alliance about what they're expecting to happen at these Olympic Games in Tokyo.  The Olympics have always been a huge target when it comes to the bad guys. [00:00:23] You might remember there have been abductions at the Olympics before where some of the Olympic competitors were held at gunpoint. Of course, we're not going to forget that one anytime soon. And looking back through the last few Olympics, there...

info_outline
 
More Episodes

Welcome!

Craig discusses the danger of insider threats by those employees who are planning on leaving and behaviors that might indicate trouble. 

For more tech tips, news, and updates visit - CraigPeterson.com

---

Read More:

60% of Insider Threats Involve Employees Planning to Leave

---

Automated Machine Generated Transcript:

Insider threats are real and it's not like what they're showing in the movies. Hey, not at all. And especially in this post-COVID-19 world, everything has changed. So let's talk about insiders, people in your business, and the types of threats they're presenting.

[00:00:25] Hey, you're listening to Craig Peterson. You can find me [email protected]eterson.com and of course podcasts pretty much everywhere out there. Just search for my name, Craig Peterson. Well, we've been talking about some of the threats that are facing us right now. We talked about DNS already today. We've talked in the past about just dozens of different types of threats.

[00:00:50]insiders are a big threat to businesses. So what does a threat look like? Well, Securonix just. Did a report, their researchers analyzed more than 300 confirmed incidents as part of their 20, 20 Securonix insider threat report. Now what they found was very disturbing, frankly. And the most disturbing part of it, at least to me was that 62% of the threats have to do with employees, exfiltrating data.

[00:01:29] In other words, employees taking data. Out of the business. Think about where we have been with the whole Wu Han virus and the concerns about the COVID-19. We have taken our employees. Who've been coming into the office maybe since your business was founded? And said, Hey, stay home. But if you want to get paid, you still have to do some work for us.

[00:01:56] And so we're allowing them to use their computers at home, maybe to bring a business, computer home, and then we hastily set up VPNs and other equipment in order to allow them access to the servers and the information they needed to use at home. How many of us put up. Monitors on those systems to make sure they weren't downloading stuff that they shouldn't have access to.

[00:02:26] Do you have all of the permission set up properly on your file server? Do you have it set up so that if all of a sudden they're downloading all of the schematics for all of your systems, all of your designs, do you have it set up? So it's going to automatically shut them off and notify you. About what just happened?

[00:02:47] Well, if you're like most businesses, the answer to that is no, because frankly, most businesses are not taking care of security. And that's what was pointed out here in this Securonix insider threat report because we've also allowed our employees to put documents on two thumb drives and take those thumb drives home, take them on the plane with them, maybe where they get lost.

[00:03:15] But the number that is concerning about the data being at home is an 80% number. Now, this is where we get into something called a flight risk. These are employees that are within two months of leaving your organization because what they've found is that employees that are planning on leaving the business tend to start stealing data between two and eight weeks before they go.

[00:03:47] And more than 80% of the employees that are planning to leave, bring. The business's data with them. That is very, very concerning. So think about that sales guy. How many times I mentioned this before, who's planning on walking out with all your customer lists that happened to me. I had a sales guy who was calling and trying to build a business and was keeping track.

[00:04:16] Of course of everybody he had contacted. Right. Doesn't that make sense? So it's all in our database of all of the contacts that he had made and the discussions they had had, the types of needs that they had, and he downloaded all of them. And then he went to one of my competitors and he started calling all these people up again and continued on the sales process.

[00:04:46] Just like he was still working for me. So here I was, I had paid for all of this Goodwill to be developed with these leads. I had paid for his training. He was going to training two to three days a week for a few hours back before we were doing it all live on a, on WebEx. Right. So he was going to all of these pieces of training.

[00:05:10] He was taking people out to lunch. He was going to meet with them. And these prospects that were still in that sales funnel were called up by him. When he went to his new employer now, I kind of thought that I was the lone ranger here. Right. It really disappointed me. I thought I knew the guy. I thought everything would be fine.

[00:05:35] And I eventually did talk to him cause I was. Too upset to talk to him initially. And I called him up and said, so how are things going? I said, Hey, I just heard from company X. And you know, they were working with us, we're moving along. And he said that you called him and suggested that they don't work with mainstream, that they work with your new employer.

[00:06:01] And I stopped right there. Right? I didn't say another word. And he ended up responding. Yeah. Well, you know, they're my contact. I know them. I have a relationship with them. So I took them with me. Now we've seen similar things recently in the news when it comes to Tesla and Volkswagen, where Oh, they worked for me, and then he took all of this data with him.

[00:06:28] Right. You've heard about that story. I'm sure. But apparently this happens all of the time, these flight risk employees and these individuals, according to this study were involved in about 60% of the insider threats. There were analyzed in this study and insider threats, makeup in case you didn't know the majority.

[00:06:55] Of problems when it comes to data loss for the business. So what are you doing about it? Most people who are exfiltrating, the sensitive information are doing it over email. So are you monitoring their email? This was a pattern that they found in nearly 44% of the cases. Do you have special filters that are looking for this stuff?

[00:07:18] You know, when we go into a business, we put filters in place on the email, looking for things like client numbers, looking for things like employer, identification, numbers, bank, account numbers. Driver's license numbers, everything for, you know, a GDPR standpoint, the Massachusetts standpoint, the California standpoint, the new federal guidelines that are in place, right.

[00:07:42] We're looking for all of this data, but it also protects the company. Because they are trying to exfiltrate your data and take it with them to their next employer. So number one was they try and send it out by email and they'll often send it to a Gmail account or something else that they have the next most popular method is uploading it to cloud storage websites.

[00:08:11] And that's why we put a limit. On where people can go, right? We oftentimes will have the Dropbox enterprise installed or the Microsoft three 65 enterprise versions installed where they can upload files, but it is tightly controlled and we know what they're uploading. We know what they're downloading. Do you have those controls Impella in place?

[00:08:37] There are other ways that they're doing it, but we've got to pull up our socks. Now we have to, as businesses protect our investment, which for many of us is our retirement money. Right. And we have to watch our employees. I'm afraid to say. Particularly with the high rate of turnover in some industries and in the security industry, we're seeing the turnover rate that is in the sixth-month timeframe.

[00:09:05] So think about that. All of the training you did for that new insecurity employee, all of the systems that were set up. What's going to happen when they leave and take that data with them, that salesperson, the accounting people and on and on. So keep that in mind. We're seeing insider threats, being a very, very big threat to all of us out there.

[00:09:29] They'll all. When we come back, we're going to be talking about looters and the eye iPhones. We'll talk a little bit about how does Apple protects the devices that you have paid for? Because. Man, they do want a pretty penny. You're listening to Craig Peterson, stick around because we'll be right back after this and make sure you get my email.

[00:09:54] Craig peterson.com/subscribe.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553