GenY insider threat - CSIAC

GenY insider threat - CSIAC

Next Generation Insider Threat Presenter: Richard Cook Assistant Engineer [email protected] 315.336.3306 x445 Assured Information Security (AIS) 153 Brooks Road Rome, NY 13441 www.ainfosec.com Copyright 2013 Assured Information Security, Inc. 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Before we get started Disclaimers: AIS employs many Gen Ys Perceptions outlined within this presentation are not fact and are by no means meant to be interpreted as negative Every generation has its own perceptions Gen Ys are often tech savvy, collaborative, teamoriented individuals who can help your organization in many ways, including more effectively leveraging outlets such as social media 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306

315.336.3306 || http://ainfosec.com http://ainfosec.com AIS Sometimes Sometimes referred referred to to as as Assured Assured Information Information Security Security Established Established in in 2001, 2001, headquarters headquarters in in Rome, Rome, NY NY Offices Offices in in MD, MD, OH, OH, CO, CO, TX TX and and OR OR Approx. Approx. 180 180 employees employees Work Work closely

closely with with government, government, regional regional businesses businesses and and academic academic institutions institutions Pursue Pursue development development of of next next generation generation cyber cyber security security capabilities capabilities Recruiting Recruiting and and hiring hiring Provide Provide government government and and commercial commercial customers customers with with cyber cyber security security technologies technologies and and services services The The Air

Air Force Force Research Research Laboratory Laboratory (AFRL) (AFRL) in in Rome, Rome, NY NY is is AISs AISs largest largest customer customer AIS AIS develops develops capabilities, capabilities, analyzes analyzes data data and and breaks breaks lots lots of of things, things, all all focused focused on on advancing advancing the the state state of of cyber cyber security security 153 153 Brooks Brooks Road, Road, Rome,

Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Bio Richard Richard Cook Cook Research Analyst Responsibilities Responsibilities include: include: Research Research and and assessment assessment of of emerging emerging cyber cyber security security trends trends and and threats threats Testing Testing and and validation validation Training Training Education: Education: Bachelors Bachelors degree degree in in Cyber-Security,

Cyber-Security, concentration concentration in in Computer Computer Forensics Forensics Utica Utica College College Military Military Prior-service Prior-service Army Army veteran, veteran, serving serving as as Communications Communications Chief Chief and and Electronics Electronics Warfare Warfare Officer Officer (EWO) (EWO) 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Who is Generation Y? Generation Y, or Millennials, most commonly refers to persons born from 1982 through 2004

The first generation to grow up with the internet Note: The assumptions about Generation Y have been taken from societal views and do not reflect everyone born during this period 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Who is Generation Y? Continued Continued Society often characterizes Gen Y as being: Entitled Entitled Tech Tech savvy savvy Prone Prone to to information information sharing sharing Team Team oriented oriented Connected

Connected Resourceful Resourceful Peer Peer dependent dependent Multi-taskers Multi-taskers Problem Problem solvers solvers Most loved generation* Note: The assumptions about Generation Y have been taken from societal views and do not reflect everyone born in this generation Can Can you you tell tell we we are are nervous nervous about about making making Gen Gen Ys Ys upset?!!! upset?!!! 153 153 Brooks Brooks Road, Road, Rome, Rome, NY

NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Values, Attitudes and Motivation Many members of Generation Y grew up with their base needs met. Their participation in organizations is more likely to be driven by the top three areas of needs. (1) Copyright 2013 Assured Information Security, Inc. 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Values, Attitudes and Motivation Conditioned to a world of instant gratification Examples include: Smart Smart phones phones Transportation Transportation Credit Credit cards cards

Internet Internet Online Online Shopping Shopping Amazon Amazon one-click one-click Piracy Piracy Workplaces are not always as accommodating; Generation Y may look for shortcuts or they may selforganize to meet their needs 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com What is an insider threat? Insider threat: trusted and privileged individuals within an organization that have the opportunity for malicious action Examples include: IT IT personnel personnel Finance Finance and and accounting accounting Human

Human resources resources Any Any privileged privileged users users 14% of all data breaches were perpetrated by insiders a more than 10% increase from 2012 (2) 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com What is an insider threat? Continued Continued Insider threats can effect an organization either while employed or after employment An insider threat may not have malicious intentions Innocent Innocent acts acts designed designed to to promote promote productivity productivity may may actually actually result result in in the the bypassing bypassing of of critical

critical security security mechanisms mechanisms Bringing Bringing work work home home Third Third party party email email (such (such as as webmail) webmail) File File sharing sharing (such (such as as Dropbox) Dropbox) Installing Installing unapproved unapproved software software on on work work computers computers or or cell cell phones phones This This may may appear

appear to to deviate deviate from from the the definition definition of of insider insider threat threat but but none none the the less, less, itit can can still still be be aa threat threat on on the the inside inside 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com What is an insider threat? Continued Continued Threats may include: Theft: Theft:

Intellectual Intellectual property property Customer Customer records records Unique Unique operations operations procedures procedures Employee Employee information information Sensitive Sensitive information information Destruction: Destruction: Physical Physical property property Digital Digital records records Disruption: Disruption: Interruption Interruption of of data data or

or services services Critical Critical communications communications 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Generation Y in the Workforce Fastest growing segment of the workforce today Estimated 70 million entering the workforce 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Generation Y in the workforce (3) (3) 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com

http://ainfosec.com Generation Y and security Generation Generation Y Y as as insider insider threats threats Observations Information should be shared and in the open Utilize technologies and social media to instantly share information Willingness to disregard security concerns Ignorance to security as a whole 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Information sharing And And here's here's why why Generation Ys are connected through:

Twitter Twitter Facebook Facebook Instant Instant messaging messaging Texting Texting Google Google plus plus Email Email Instagram Instagram Vine Vine Youtube Youtube Pintrest Pintrest Tumblr Tumblr 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com

Generation Y Security Security averse averse (4) 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Security averse 71% of Generation Y polled said that they are not careful when posting or accessing online information Poll also showed that Generation Y regularly engages in risky activity at home and work, such as: File File sharing sharing Not Not logging logging out out of of computers, computers, email, email, and and social social media

media Downloading Downloading warez warez from from illegal illegal sites sites Responding Responding to to pop-up pop-up ads ads Enter Enter online online contests/promotions contests/promotions Most also post their personal information (phone number, address, place of work . . . ) on publicly available sites (5) 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Security ignorance 71% of Generation Ys reported that they dont obey IT security policies (6) Generation Y undervalues personal data including personally identifiable information (PII) (7) A study performed by ZoneAlarm showed that Generation Y is the most at risk group prone to online security threats (8) 153

153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Smartphones in the workplace The popularity of smartphones as an extension of the office is growing across all generations, but none so much as generation Y But what else is on that smartphone? Android app malware is up 40 % in 2013 (9) 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Recent examples in the News PFC PFC Manning Manning Leaked classified information to the site Wikileaks believed to be the largest disclosure of classified material in US history. Convicted on 5 accounts of espionage. Prior to the Wikileaks disclosure, PFC Manning was disciplined for disclosing a video of his training on YouTube. 153 153 Brooks Brooks Road, Road, Rome,

Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Real world examples WikiLeaks WikiLeaks Wikileaks founder Julian Assanges fame stems from publicly posting countless leaked documents provided by insiders 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Real world examples Edward Edward Snowden Snowden Allegedly leaked classified information gathered from the NSA including a surveillance program (PRISM) that intercepted communication information of US and European civilians 153

153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Real world examples US US Army Army Soldiers have historically put themselves and others at risk by communicating their location and activities online (10) Enemy combatants have historically leveraged this activity 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com What can be done? Mitigating Mitigating the the insider insider threat threat

Generation Y is a tech-savvy, fast moving, intelligent group with unlimited potential Avoidance Avoidance is is not not an an option option Blocking access to applications and websites is also not a good option Recently, Recently, the the US US Army Army embraced embraced social social media media use use on on the the NIPRNet. NIPRNet. Announcement Announcement was was made made via via aa tweet tweet 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com

What can be done? Mitigating Mitigating the the insider insider threat threat Educate them and work with them Their Their knowledge knowledge of of information information outlets outlets can can be be aa valuable valuable asset asset ifif utilized utilized correctly correctly Ensure security policies are briefed upon hiring and briefed again on a scheduled basis Consider limiting the use of email as a means to communicate security policies Emails Emails often often get get ignored ignored Ensure all user accounts are disabled upon separation of employment Prior Prior employees employees can can access access an

an organizations organizations internal internal network network and and sensitive sensitive information information after after separation separation 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com What can be done? Mitigating Mitigating the the insider insider threat threat Mold security practices to apply to Generation Y Some Some ways ways this this can can be be accomplished accomplished include include creating creating an an interactive interactive method

method of of briefing briefing such such as as aa game game or or video video Consider in-person training sessions or work with Gen Ys to help prepare delivery methods that will appeal to their senses Create a policy, or add to an existing one, that includes proper use of smartphones, tablets, and other personally owned technology 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com References 1. 1. 2. 2. 3. 3. 4. 4. https://en.wikipedia.org/wiki/File:Maslow%27s_Hierarchy_of_Needs.svg https://en.wikipedia.org/wiki/File:Maslow%27s_Hierarchy_of_Needs.svg http://www.verizonenterprise.com/DBIR/2013/

http://www.verizonenterprise.com/DBIR/2013/ http://blog.firefishsoftware.com/bid/76655/Generation-Y-Who-Are-They http://blog.firefishsoftware.com/bid/76655/Generation-Y-Who-Are-They http http ://www.informationweek.com/byte/why-security-does-not-concern-generation/232301503 ://www.informationweek.com/byte/why-security-does-not-concern-generation/232301503 5. 5. http://www.rsa.com/maintainmyprivacy/Gen_Y_Int_Sec_Surv_Res_TRU_RSA.pdf http://www.rsa.com/maintainmyprivacy/Gen_Y_Int_Sec_Surv_Res_TRU_RSA.pdf 6. 6. http://www.itworldcanada.com/news/gen-y-online-habits-endanger-corporate-nets-cisco/ http://www.itworldcanada.com/news/gen-y-online-habits-endanger-corporate-nets-cisco/ 146689-pg3 146689-pg3 7. 7. http://www.zdnet.com/blog/igeneration/10-things-gen-y-do-online-and-shouldnt/14979 http://www.zdnet.com/blog/igeneration/10-things-gen-y-do-online-and-shouldnt/14979 8. 8. http:// http:// www.checkpoint.com/press/2012/062012-check-point-survey-gen-gap-in-security.html www.checkpoint.com/press/2012/062012-check-point-survey-gen-gap-in-security.html 9. 9. http:// http:// www.slideshare.net/USArmySocialMedia/social-media-roundup-opsec-and-safe-social-n www.slideshare.net/USArmySocialMedia/social-media-roundup-opsec-and-safe-social-n etworking etworking 10. 10. http http ://www.zdnet.com/android-app-malware-rates-jump-40-percent-7000019093/?s_cid=e036 ://www.zdnet.com/android-app-malware-rates-jump-40-percent-7000019093/?s_cid=e036 &ttag=e036 &ttag=e036 11. 11. http://articles.latimes.com/2011/jul/20/business/la-fi-hacker-arrests-20110720

http://articles.latimes.com/2011/jul/20/business/la-fi-hacker-arrests-20110720 12. 153 12. http://faculty.mwsu.edu/psychology/dave.carlston/Writing%20in%20Psychology/Academi http://faculty.mwsu.edu/psychology/dave.carlston/Writing%20in%20Psychology/Academi 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com Questions Recap Recap Generation Y is quickly filling the ranks of corporate America Their connected nature and technical prowess make them both an asset and a liability Understanding their motivations and tailoring security education to Generation Y will help ensure adherence to security practices Educate them and let them educate you Your Your business business can can benefit benefit greatly greatly 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com

http://ainfosec.com Thank you for your time Presenter: Richard Cook Assistant Engineer [email protected] 315.336.3306 x445 Assured Information Security (AIS) 153 Brooks Road Rome, NY 13441 www.ainfosec.com Copyright 2013 Assured Information Security, Inc. 153 153 Brooks Brooks Road, Road, Rome, Rome, NY NY || 315.336.3306 315.336.3306 || http://ainfosec.com http://ainfosec.com

Recently Viewed Presentations

  • Chapter 22 Assistive Technology by by Debra Debra

    Chapter 22 Assistive Technology by by Debra Debra

    Human/Technology Interface (cont.) Cook and Miller Polgar (2014)—three elements of human/technology interface: Control interface. Hardware person uses to control a device. Selection set. Items from which choices are made. ... PowerPoint Presentation Company:
  • Understanding Dual Diagnosis and Motivational Interviewing in ...

    Understanding Dual Diagnosis and Motivational Interviewing in ...

    Preparatory Language (DARN) Desire "I want" Ability I'm able" Reasons (for change) "Here's why" Need (disadvantages of status quo) "If I don't" Change Talk Implementing Language (ACT) Activation (prepared, willing) Commitment "I'm going to" "I will" "I plan to" Taking...
  • Addressing Tobacco Use in Behavioral Health Treatment Settings

    Addressing Tobacco Use in Behavioral Health Treatment Settings

    Addressing Tobacco Use in Behavioral Health Treatment SettingsPolicy and Practical Approaches. March 30, 2017. Sponsored by Maryland Behavioral Health Administration. Presented . by. MDQuit Resource Center. The Legal Resource Center for Public Health Policy
  • Hidden Markov Model - Brandeis University

    Hidden Markov Model - Brandeis University

    Hidden Markov Model Ed Anderson and Sasha Tkachev Who Was Markov? Graduate of Saint Petersburg University (1878), where he began a professor in 1886 Applied the method of continued fractions, pioneered by his teacher Pafnuty Chebyshev, to probability theory He...
  • What is the Future of Respite in Aged

    What is the Future of Respite in Aged

    Aged Care Gateway. My Aged Care website and national call centre. New regional assessment services for home support services. Tender expected shortly. ACATs remain for access to Home Care Packages or residential care. Electronic client record from mid 2015. Initially...
  • Six Sigma In Healthcare Panel Workshop For The

    Six Sigma In Healthcare Panel Workshop For The

    Don L Redinius - Agillist Group Inc - 602-617-7337 Six Sigma Healthcare Projects Sample of Healthcare Improvement Areas Some of the many healthcare improvement areas Administrative Errors In admission In the patient record In discharge In any financial statements In...
  • www.gdmorewood.com

    www.gdmorewood.com

    Ensure you know 'absolute' information: Irwin Mitchell Factsheets & Template letters IPSEA - on-line training Douglas Silas Brown Jacobson Always be absolutely open and transparent - engage parents/carers positively and pro-actively Keep the young person central to everything Remain resolute...
  • Developing a Thematic Statement

    Developing a Thematic Statement

    Step 3: Check that your thematic statement is universal. Could this thematic statement apply to everyone (in the world? In this classroom?) Where have you seen this theme in your life? If you can't relate, come up with a situation...