Welcome back! This is episode 29 of The Insider Threat podcast, for the week of December 18th, 2017.
- I’m moving (almost didn’t have an episode)
- This is the last episode before the new year.
- T-shirt designs are still on. Send them to steve@theinsiderthreatpodcast.com or tweet them to @stevehigdon. Winning design gets the very first t-shirt made absolutely free (and a heartfelt thanks from me)
- SANS Holiday Hack Challenge has started. Go to https://holidayhackchallenge.com for more information. This is something I’ve always wanted to do, but never had the time during the holiday season. Hopefully that will change this year. Ed Skoudis puts quite a bit of time and effort into these and I’ve heard great things about the experience.
Infosec Question of the Week
It’s time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!
The question last week was “In the movie “Hackers”, one of the characters posed as a maintenance worker and crawled under a desk in order to install a telephone bug. What was the handle of this character?”
The answer was “Cereal Killer”.
The “real name” of the character in the movie was Emanuel Goldstein. This was a nod to the person who was a resource for the movie, a founder of the hacker magazine 2600, and a key organizer of the “Free Kevin” movement.
Congratulations to: Joshua from Chicago, Koby from Orlando, Emily from Louisiana, and Toby from British Columbia for getting the correct answer.
Here’s your question for this week: “A key method for stealing information in databases that are accessible from the web is to input a string of characters in certain fields in order to trick the database into doing something unintended. What is the name of this technique?”
Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag “X”.
Discussion Topic for the Week
This week’s discussion topic is giving the gift of understanding
- Understanding really is a gift
- Could be the only thing that protects your organization and the people you care about
- When you frame it as a gift, that tells the listener that it is important
- Understanding for yourself
- If you are here, you get it
- Stay up to date on phishing techniques
- Stay up to date on vulnerabilities
- Continuously learn
- Understanding for your management
- Find ways to translate information security risk to business risk
- Talk numbers (that’s what managers understand)
- Use competitor breaches and information in the headlines to gain traction
- Monetize the breaches, as well as the costs for improvement (technology, training, etc.)
- If all else fails, talk about headlines and CEOs having to testify before congress
- Understanding for your organization
- Refresh them on organizational policy
- Talk about key indicators of insider threats and breaches
- Make sure that reporting procedures are understood AND available
- Get personal (take it home)
- Understanding for your family
- Tell the about the devices they might get and how to secure them
- Mention the ways to stay safe for the holidays, mentioned in last episode
- Be the CISO, security technician, and consultant for your family
- If you are in this industry, you probably hate being everyone’s helpdesk
- If you care about your family, do it anyway. You are very likely the only person who can help them.
- Don’t make your family members go to Geek Squad for support
News
Contributor and Title
https://www.infosecurity-magazine.com/news/barclays-bank-insider-sentenced/
- A former Barclays Bank employee has been sentenced to six years and four months behind bars for helping cyber-criminals launder millions of pounds of stolen funds.
- Jinal Pethad set up 105 fake bank accounts using false identity documents in a bid to trick the bank’s security processes
- Pavel Gincota and Ion Turcan, two people he was working with on this scam, were jailed in October
- According to the NCA’s National Cybercrime Unit, Jinal abused his position of trust at the bank to knowingly set up sham accounts for Gincota and Turcan, providing a vital service which enabled them to launder millions
- Of course Barclays Bank said they have a zero tolerance policy against unlawful activity. Well duh.
Thought of the Week Segment
Our thought of the week comes from Oren Arnold, an editor and freelance writer. He said, “Christmas gift suggestions: To your enemy, forgiveness. To an opponent, tolerance. To a friend, your heart. To a customer, service. To all, charity. To every child, a good example. To yourself, respect.
Outro
Thank you for listening to episode 29 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.
You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we’ve covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question. Have a good holiday season and remainder of the year, everyone!
Thanks again and I’ll see you folks next time!
Contact information:
Call in number: (443) 292-2287
Email - steve@theinsiderthreatpodcast.com
Blog - http://www.stephenhigdon.com
Twitter -
LinkedIn -
Links