The Eternal Learner: Tackling Insider Threats and AI-enhanced Phishing

In episode 94 of The New CISO Podcast, Steve Moore is joined by Jeff Schilling, Global CISO for Teleperformance. This marks Jeff’s third appearance on the show, where he emphasizes clear communication, the fundamental issue of insider threats, and the importance of being an “eternal learner.”

At Teleperformance, Jeff oversees hundreds of security and compliance staff spread across 20 countries. He argues that often his biggest challenge as a CISO is making messages simple.

“We’ve got to hit [our team] with more bite-sized training,” he says. “We have to take into account ‘How does the language translation affect the understanding of the content that we send out?’ We typically communicate in 14 different languages.”

Collapsing the pyramid

Jeff’s role at Teleperformance marks his third formal CISO post, cementing his reputation as a builder of robust security programs.

“The first thing a CISO comes in with is a three-year roadmap,” he explains. “And on that three-year roadmap, incrementally every year, you want to improve and add more capabilities to go after more and more sophisticated threats.”

However, over his career, Jeff has seen threat actors evolve and innovate, flattening that incremental model, and forcing new CISOs to think of insider threats every step of the way. “That’s why I say that the pyramid has collapsed,” Jeff goes on. “The techniques have changed and now insider and end-user behavior anomaly detection is one of the key things that you have to focus on very early on in your security roadmap.”

Remote work risk

Jeff has also seen remote work complicate the security landscape. As a response to the COVID-19 pandemic, many companies rushed their operations into a remote work model, leaving themselves (and their sensitive information) vulnerable. This is especially true when bad actors are able to hijack multifactor authentication (MFA) processes and compromise authentic employee credentials. 

“That’s what the threat actors have taken advantage of and that’s how they’ve shifted their tactics,” he explains. “The multifactor capabilities are working exactly the way that they are designed to work. The problem is that humans are being socially engineered either through a social engineering call or an SMS text to their phone, giving that threat actor that first initial access into your environment as an insider.”

AI-enhanced phishing 

Indeed, as a modern CISO, Jeff is always eying how threats change and how new technologies are being leveraged. For example, text and email phishing have been in the threat actor’s arsenal for some time, but Jeff theorizes that the technique is being rapidly sophisticated by artificial intelligence (AI). Specifically, he notes how these messages can target executives talking about acquisition activity, getting them to speak to a “lawyer” or give up their MFA credentials. 

Jeff notes, “When you read what’s actually in the [phishing] messages, they are getting more believable. I don’t have any evidence of it, but I think it is because they are using AI to help them generate better phishing emails. And I think we see that in all the forms of phishing emails that we get, that they are becoming better and more believable.”

Quick, preventative steps  

While fending off security threats is a full-time job, Jeff shares some quick, preventative techniques that can refine any CISO’s strategy. First and foremost, MFA “is a very difficult thing for people to get through, but what we’ve discovered is that the new threat has figured out ways around that,” Jeff says. He goes on to say that adding a number-matching component to your MFA process can make a big difference. “That requires you to get the number off of your screen of the screen that’s logging in and then put it into your mobile device. That is a much harder TTP (tactics, techniques, and procedures) for threat actors to use to socially engineer their way through multifactor authentication. And the second piece is you’ve got to positively identify the machine that is remote trying to access you remotely.”

Conclusion

Jeff ends his time on The New CISO Podcast by emphasizing the importance of having “your finger on the pulse” of innovation, going to seminars, talking to smart people, and “just being a sponge for knowledge.”

He says, “If you’re that CISO that is sitting there thinking, ‘I’ve got this handled, I know everything there is to know,’ you may not know everything.… You’ve got to constantly be learning and be an eternal learner.”

To hear all of Jeff’s thoughts listen to the episode or read the transcript.