SlideShare ist ein Scribd-Unternehmen logo

Cyber Summit 2016: Insider Threat Indicators: Human Behaviour

Als PPT, PDF herunterladen
Cybera Inc.
Cybera Inc.

Serious threats to private and governmental organizations do not only come from the outside world, but also come from within. Some employees and contractors with legitimate access to buildings, networks, assets and information deliberately misuse their priviledged access to cause harm to their organization. What are the reasons behind their actions? Is it debts, greed, ideology, disgruntlement, or divided loyalty? Regardless of their motivations or vulnerabilities, traitors have very similar types of personality and display a certain pattern of behaviours before committing an insider incident. As a prevention measure, it is vital that organizations and employees understand, recognize and detect the common indicators of insider threat. Would you recognize the signs? Mario Vachon is an Insider Threat Security Specialist with the RCMP Departmental Security Branch.

Technologie
1 von 13
Insider ThreatInsider Threat «HUMAN«HUMAN BEHAVIOUR»BEHAVIOUR»Sgt. Mario Vachon, M.Sc. Insider Threat Security Specialist RCMP Departmental Security Branch Cybera Cyber Summit Using Technology Responsibly Banff, Alberta October 27, 2016
A National Strategy Built Upon Four PillarsA National Strategy Built Upon Four Pillars «Building a Culture of Security»«Building a Culture of Security» Protected B
“The thief who is the hardest to detect and who can cause the most damage is the insider. It is the employee with legitimate access” US Federal Bureau of Investigation (FBI) “Who has the most knowledge about your organization, its vulnerabilities and the value of its information? Those inside or outside? Clearly employees are well placed to compromise your data” Dr. S. Kabilan, Conf. Board of Canada A Trusted EmployeeA Trusted Employee
Percentage by User Group 55 46 43 35 28 Figure 1: The Largest Risk to an Organization Insider Threat Who Poses the Biggest Threat? 55 46 43 28 35 25 2015 Vormetric Insider Threat Report Privileged Users Contractors / Service Providers Business Partners Ordinary Employees Executive Management Other IT Staff From Left: Edward Snowden, Chelsea Manning & Jeffrey Delisle
Insider Threat Understanding the Traitor / Mole / Spy • They changed over time • Almost all were trustworthy and loyal when first given a security clearance (security screened, interviewed, polygraphed) • Majority volunteered their services to a foreign government. They were not enticed, persuaded, manipulated or coerced 70%70% •Mostly male, 30 to 50 years old •Middle management •Emotional, personal crisis •Unhappy  •Work frustrations 30%30% •Mostly male, 20 to 26 years old •Entry to low management •Immature, impulsive, •Unhappy  •Ideological view, whistle-blower The usual suspects are …
Insider Threat The Usual Suspects … with access to facilities and networks … with access to sensitive information and ideological views, marital, financial difficulties and/or substance abuse … with privileged access 80% vs 20%
Detection of Risk Indicators 2016 - Sgt. Mario Vachon, M.Sc. RCMP Insider Threat Security Specialist Insider Threat Pathway to Commit an Insider Attack 1. Personality Disorders 2. Stressors 3. Concerning Behaviours Intention Volition
Insider Threat Antisocials Psychopaths Opportunists 1. Personality Disorders / Predispositions Narcissists
2. Stressors • Financial Pressure / Poor Financial Responsibility /Greed • Life Crisis Personal / Marital / Family / Death / Illness • Work Issues Frustration / Cynicism / Vengeance / Grudge / Injustice Spite / Disgruntlement / Conflict / Disappointment • Legal Issues Administrative / Civil / Criminal Insider Threat
3. Concerning Behaviours • Personal Conduct Immature / Violence / Immoral / Bias / Retaliatory / Deviant / Dishonest / Lack of Integrity / Manipulative / Impulsive / Poor Judgment / Security & IT Policy Violations • Divided Loyalty Political / Country / Association / Social Network / Employer • Ideological Radicalization / Religion / Terrorism / Beliefs • Egotistical / Entitlement • Exploitable / Vulnerable Lifestyle Alcohol / Drug / Gambling / Sexual Paraphilia Insider Threat
UK Insider Threat Study 5 Types of Insider Activities5 Types of Insider Activities Insider Threat 2013 CPNI Insider Data Collection Study Centre for the Protection of National Infrastructure Unauthorized Disclosures Corruption Facilitation of Third Party Access Physical Sabotage IT Sabotage / HackingIT Sabotage / Hacking Male Age 60% committed by employees with less than xx years of service 82% 31 - 45 Permanent Employees 88% > 5 years Primary MotivationPrimary Motivation 20% 47% 14% 14% Financial Ideology Recognition / Ego Loyalty Self-Initiated 76% Female 18%
Insider Threat Can you find the Insider? Photo by: Don Tudd Topsy Farms, Ontario
Sgt. Mario Vachon, M.Sc. Insider Threat Security Specialist Departmental Security Branch Royal Canadian Mounted Police (613) 843-5557 mario.vachon@rcmp-grc.gc.ca «Detection of Risk is useless without Resolution of Doubt»«Detection of Risk is useless without Resolution of Doubt»

Empfohlen

Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
David Mai, MBA
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat Program
ObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
ObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric Cole
David Mai, MBA
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and Protection
ObserveIT
 

Empfohlen

Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
David Mai, MBA
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat Program
ObserveIT
 
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsPhish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
Phish, Spoof, Scam: Insider Threats, the GDPR & Other Regulations
ObserveIT
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
ObserveIT
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric Cole
David Mai, MBA
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
ObserveIT
 
Insider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and ProtectionInsider Threat Law: Balancing Privacy and Protection
Insider Threat Law: Balancing Privacy and Protection
ObserveIT
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
Eric Schiowitz
 
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
ObserveIT
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
Mike Saunders
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
Lancope, Inc.
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
KAMRAN KHALID
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider Threat
Imperva
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
Insider threat
Insider threatInsider threat
Insider threat
ARCON TECHSOLUTIONS
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
Tarun Gupta,CRISC CISSP CISM CISA BCCE
 
Integrated cyber defense
Integrated cyber defenseIntegrated cyber defense
Integrated cyber defense
kajal kumari
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
gjohansen
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
AlienVault
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
Heimdal Security
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
ObserveIT
 
Counterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxCounterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptx
ZakiAhmed70
 
2014-11-04 Fraud Risk Assessment - The Human Element
2014-11-04 Fraud Risk Assessment - The Human Element2014-11-04 Fraud Risk Assessment - The Human Element
2014-11-04 Fraud Risk Assessment - The Human Element
Raffa Learning Community
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
Mike Saunders
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
Zivaro Inc
 

Was ist angesagt? (20)

Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
 
ObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity ManagementObserveIT Webinar: Privileged Identity Management
ObserveIT Webinar: Privileged Identity Management
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider Threat
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
Insider threat
Insider threatInsider threat
Insider threat
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Integrated cyber defense
Integrated cyber defenseIntegrated cyber defense
Integrated cyber defense
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection Recommendations
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
 

Ähnlich wie Cyber Summit 2016: Insider Threat Indicators: Human Behaviour

Counterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxCounterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptx
ZakiAhmed70
 
2014-11-04 Fraud Risk Assessment - The Human Element
2014-11-04 Fraud Risk Assessment - The Human Element2014-11-04 Fraud Risk Assessment - The Human Element
2014-11-04 Fraud Risk Assessment - The Human Element
Raffa Learning Community
 
Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0
Jason Smith
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
Journal+Feature-InsiderThreat
Journal+Feature-InsiderThreatJournal+Feature-InsiderThreat
Journal+Feature-InsiderThreat
Anthony Buenger
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT Presentation
Daniel McGarvey
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
Russell Publishing
 
Threat Finance – How financial institutions and governments can choke off fin...
Threat Finance – How financial institutions and governments can choke off fin...Threat Finance – How financial institutions and governments can choke off fin...
Threat Finance – How financial institutions and governments can choke off fin...
emermell
 
Workplace Violence - Your Recieved a Threat, Should You Worry
Workplace Violence - Your Recieved a Threat, Should You WorryWorkplace Violence - Your Recieved a Threat, Should You Worry
Workplace Violence - Your Recieved a Threat, Should You Worry
Michael Julian, CPI PPS CSP
 

Ähnlich wie Cyber Summit 2016: Insider Threat Indicators: Human Behaviour (20)

Counterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxCounterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptx
 
2014-11-04 Fraud Risk Assessment - The Human Element
2014-11-04 Fraud Risk Assessment - The Human Element2014-11-04 Fraud Risk Assessment - The Human Element
2014-11-04 Fraud Risk Assessment - The Human Element
 
Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0
 
Cybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and CommunicationCybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and Communication
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishing
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
 
Radicalization in the Workplace
Radicalization in the WorkplaceRadicalization in the Workplace
Radicalization in the Workplace
 
Journal+Feature-InsiderThreat
Journal+Feature-InsiderThreatJournal+Feature-InsiderThreat
Journal+Feature-InsiderThreat
 
ASIS NYC InT Presentation
ASIS NYC InT PresentationASIS NYC InT Presentation
ASIS NYC InT Presentation
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Navigating Workplace Violence - A Managers Guide
Navigating Workplace Violence - A Managers GuideNavigating Workplace Violence - A Managers Guide
Navigating Workplace Violence - A Managers Guide
 
The Insider Threat January.pptx
The Insider Threat January.pptxThe Insider Threat January.pptx
The Insider Threat January.pptx
 
Cyber Security Briefing Asis Nyc 10 18 12
Cyber Security Briefing Asis Nyc 10 18 12Cyber Security Briefing Asis Nyc 10 18 12
Cyber Security Briefing Asis Nyc 10 18 12
 
SANSFIRE - Elections, Deceptions and Political Breaches
SANSFIRE - Elections, Deceptions and Political BreachesSANSFIRE - Elections, Deceptions and Political Breaches
SANSFIRE - Elections, Deceptions and Political Breaches
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist
 
Insider threats
Insider threatsInsider threats
Insider threats
 
Threat Finance – How financial institutions and governments can choke off fin...
Threat Finance – How financial institutions and governments can choke off fin...Threat Finance – How financial institutions and governments can choke off fin...
Threat Finance – How financial institutions and governments can choke off fin...
 
Workplace Violence - Your Recieved a Threat, Should You Worry
Workplace Violence - Your Recieved a Threat, Should You WorryWorkplace Violence - Your Recieved a Threat, Should You Worry
Workplace Violence - Your Recieved a Threat, Should You Worry
 
Managing Social Media Risks
Managing Social Media RisksManaging Social Media Risks
Managing Social Media Risks
 

Mehr von Cybera Inc.

Cyber Summit 2016: Technology, Education, and Democracy
Cyber Summit 2016: Technology, Education, and DemocracyCyber Summit 2016: Technology, Education, and Democracy
Cyber Summit 2016: Technology, Education, and Democracy
Cybera Inc.
 
Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Understanding Users' (In)Secure BehaviourCyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cybera Inc.
 
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Research Data and the Canadian Innovation ChallengeCyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cybera Inc.
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cybera Inc.
 
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cybera Inc.
 
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cybera Inc.
 
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing DataCyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cybera Inc.
 
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cybera Inc.
 
Do Universities Dream of Big Data
Do Universities Dream of Big DataDo Universities Dream of Big Data
Do Universities Dream of Big Data
Cybera Inc.
 
Predicting the Future With Microsoft Bing
Predicting the Future With Microsoft BingPredicting the Future With Microsoft Bing
Predicting the Future With Microsoft Bing
Cybera Inc.
 
Opening the doors of the laboratory
Opening the doors of the laboratoryOpening the doors of the laboratory
Opening the doors of the laboratory
Cybera Inc.
 

Mehr von Cybera Inc. (20)

Cyber Summit 2016: Technology, Education, and Democracy
Cyber Summit 2016: Technology, Education, and DemocracyCyber Summit 2016: Technology, Education, and Democracy
Cyber Summit 2016: Technology, Education, and Democracy
 
Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Understanding Users' (In)Secure BehaviourCyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
 
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Research Data and the Canadian Innovation ChallengeCyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
 
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big DataCyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
 
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and ReuseCyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
 
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
 
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
 
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing DataCyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
 
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
 
Privacy, Security & Access to Data
Privacy, Security & Access to DataPrivacy, Security & Access to Data
Privacy, Security & Access to Data
 
Do Universities Dream of Big Data
Do Universities Dream of Big DataDo Universities Dream of Big Data
Do Universities Dream of Big Data
 
Predicting the Future With Microsoft Bing
Predicting the Future With Microsoft BingPredicting the Future With Microsoft Bing
Predicting the Future With Microsoft Bing
 
Analytics 101: How to not fail at analytics
Analytics 101: How to not fail at analyticsAnalytics 101: How to not fail at analytics
Analytics 101: How to not fail at analytics
 
Are MOOC's past their peak?
Are MOOC's past their peak?Are MOOC's past their peak?
Are MOOC's past their peak?
 
Opening the doors of the laboratory
Opening the doors of the laboratoryOpening the doors of the laboratory
Opening the doors of the laboratory
 
Open City - Edmonton
Open City - EdmontonOpen City - Edmonton
Open City - Edmonton
 
Unlocking the power of healthcare data
Unlocking the power of healthcare dataUnlocking the power of healthcare data
Unlocking the power of healthcare data
 
Checking in on Healthcare Data Analytics
Checking in on Healthcare Data AnalyticsChecking in on Healthcare Data Analytics
Checking in on Healthcare Data Analytics
 
Open access and open data: international trends and strategic context
Open access and open data: international trends and strategic contextOpen access and open data: international trends and strategic context
Open access and open data: international trends and strategic context
 
I didn't know i was a geomatics company
I didn't know i was a geomatics companyI didn't know i was a geomatics company
I didn't know i was a geomatics company
 

Kürzlich hochgeladen

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Kürzlich hochgeladen (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Cyber Summit 2016: Insider Threat Indicators: Human Behaviour

  • 1. Insider ThreatInsider Threat «HUMAN«HUMAN BEHAVIOUR»BEHAVIOUR»Sgt. Mario Vachon, M.Sc. Insider Threat Security Specialist RCMP Departmental Security Branch Cybera Cyber Summit Using Technology Responsibly Banff, Alberta October 27, 2016
  • 2. A National Strategy Built Upon Four PillarsA National Strategy Built Upon Four Pillars «Building a Culture of Security»«Building a Culture of Security» Protected B
  • 3. “The thief who is the hardest to detect and who can cause the most damage is the insider. It is the employee with legitimate access” US Federal Bureau of Investigation (FBI) “Who has the most knowledge about your organization, its vulnerabilities and the value of its information? Those inside or outside? Clearly employees are well placed to compromise your data” Dr. S. Kabilan, Conf. Board of Canada A Trusted EmployeeA Trusted Employee
  • 4. Percentage by User Group 55 46 43 35 28 Figure 1: The Largest Risk to an Organization Insider Threat Who Poses the Biggest Threat? 55 46 43 28 35 25 2015 Vormetric Insider Threat Report Privileged Users Contractors / Service Providers Business Partners Ordinary Employees Executive Management Other IT Staff From Left: Edward Snowden, Chelsea Manning & Jeffrey Delisle
  • 5. Insider Threat Understanding the Traitor / Mole / Spy • They changed over time • Almost all were trustworthy and loyal when first given a security clearance (security screened, interviewed, polygraphed) • Majority volunteered their services to a foreign government. They were not enticed, persuaded, manipulated or coerced 70%70% •Mostly male, 30 to 50 years old •Middle management •Emotional, personal crisis •Unhappy  •Work frustrations 30%30% •Mostly male, 20 to 26 years old •Entry to low management •Immature, impulsive, •Unhappy  •Ideological view, whistle-blower The usual suspects are …
  • 6. Insider Threat The Usual Suspects … with access to facilities and networks … with access to sensitive information and ideological views, marital, financial difficulties and/or substance abuse … with privileged access 80% vs 20%
  • 7. Detection of Risk Indicators 2016 - Sgt. Mario Vachon, M.Sc. RCMP Insider Threat Security Specialist Insider Threat Pathway to Commit an Insider Attack 1. Personality Disorders 2. Stressors 3. Concerning Behaviours Intention Volition
  • 9. 2. Stressors • Financial Pressure / Poor Financial Responsibility /Greed • Life Crisis Personal / Marital / Family / Death / Illness • Work Issues Frustration / Cynicism / Vengeance / Grudge / Injustice Spite / Disgruntlement / Conflict / Disappointment • Legal Issues Administrative / Civil / Criminal Insider Threat
  • 10. 3. Concerning Behaviours • Personal Conduct Immature / Violence / Immoral / Bias / Retaliatory / Deviant / Dishonest / Lack of Integrity / Manipulative / Impulsive / Poor Judgment / Security & IT Policy Violations • Divided Loyalty Political / Country / Association / Social Network / Employer • Ideological Radicalization / Religion / Terrorism / Beliefs • Egotistical / Entitlement • Exploitable / Vulnerable Lifestyle Alcohol / Drug / Gambling / Sexual Paraphilia Insider Threat
  • 11. UK Insider Threat Study 5 Types of Insider Activities5 Types of Insider Activities Insider Threat 2013 CPNI Insider Data Collection Study Centre for the Protection of National Infrastructure Unauthorized Disclosures Corruption Facilitation of Third Party Access Physical Sabotage IT Sabotage / HackingIT Sabotage / Hacking Male Age 60% committed by employees with less than xx years of service 82% 31 - 45 Permanent Employees 88% > 5 years Primary MotivationPrimary Motivation 20% 47% 14% 14% Financial Ideology Recognition / Ego Loyalty Self-Initiated 76% Female 18%
  • 12. Insider Threat Can you find the Insider? Photo by: Don Tudd Topsy Farms, Ontario
  • 13. Sgt. Mario Vachon, M.Sc. Insider Threat Security Specialist Departmental Security Branch Royal Canadian Mounted Police (613) 843-5557 mario.vachon@rcmp-grc.gc.ca «Detection of Risk is useless without Resolution of Doubt»«Detection of Risk is useless without Resolution of Doubt»