The New CISO Podcast Episode 94: The ABCs of Threat Actors – How to Stop Attackers From Becoming Insiders
Podcast Transcript | Air Date June 26, 2023
Listen to Steve and Jeff discuss which strategies are being employed to comprise employees’ credentials:
The Return Of Jeff
Host Steve Moore introduces our returning guest today, Jeff Schilling of Teleperformance.
Steve reveals this is Jeff’s third time on the podcast. Unlike other episodes, where guests discuss their career journeys, Jeff is here to share necessary research regarding insider threats.
Jeff explores the fundamental issue of insider threats. He reveals the different levels of the skill pyramid that threat actors can be evaluated at.
The “A” actors become insiders to exploit specific targets, which should be considered when creating a security system.
Steve presses Jeff on what he means by “flattening techniques” that have led to our current state of attacks. Jeff explains how malware software and targeted phishing scams have been used to access their mark, an issue exasperated by remote work.
Adversaries and Targets
Jeff explains how to communicate threat issues across departments, especially when there are language barriers. The biggest challenge is making messaging as simple as possible.
Depending on the job functions of others, there are different responses and success results. This is why Jeff’s team focuses on training and additional monitoring and security control.
There are many strategies that threat actors use to breach one’s security. Bad actors target companies through social media, such as Linkedin.
Threat actors also learn about their target countries and reach out to them through more region-specific platforms. Jeff then asserted that insider threats must be part of every CISO’s security plan.
Jeff assures us that there are things we can do to detect threats and explains those actions. Identifying the machine where phishing emails come from and implementing new technologies is key.
The New CISO
To Jeff, being a new CISO is constantly learning and having your finger on the pulse. If you think you know everything, it is likely you do not.