Transcripts › Podcast – The New CISO Podcast Episode 94: The ABCs of Threat Actors – How to Stop Attackers From Becoming Insiders

The New CISO Podcast Episode 94: The ABCs of Threat Actors – How to Stop Attackers From Becoming Insiders

Podcast Transcript | Air Date June 26, 2023

Listen to the Podcast

Listen to Steve and Jeff discuss which strategies are being employed to comprise employees’ credentials:

The Return Of Jeff

Host Steve Moore introduces our returning guest today, Jeff Schilling of Teleperformance.

Steve reveals this is Jeff’s third time on the podcast. Unlike other episodes, where guests discuss their career journeys, Jeff is here to share necessary research regarding insider threats.

The Problem

Jeff explores the fundamental issue of insider threats. He reveals the different levels of the skill pyramid that threat actors can be evaluated at.

The “A” actors become insiders to exploit specific targets, which should be considered when creating a security system.

The Flattening

Steve presses Jeff on what he means by “flattening techniques” that have led to our current state of attacks. Jeff explains how malware software and targeted phishing scams have been used to access their mark, an issue exasperated by remote work.

Adversaries and Targets

Jeff explains how to communicate threat issues across departments, especially when there are language barriers. The biggest challenge is making messaging as simple as possible.

Depending on the job functions of others, there are different responses and success results. This is why Jeff’s team focuses on training and additional monitoring and security control.

More Tactics

There are many strategies that threat actors use to breach one’s security. Bad actors target companies through social media, such as Linkedin.

Threat actors also learn about their target countries and reach out to them through more region-specific platforms. Jeff then asserted that insider threats must be part of every CISO’s security plan.

Preventative Steps

Jeff assures us that there are things we can do to detect threats and explains those actions. Identifying the machine where phishing emails come from and implementing new technologies is key.

The New CISO

To Jeff, being a new CISO is constantly learning and having your finger on the pulse. If you think you know everything, it is likely you do not.

Links mentioned:

Listen to the Podcast

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

r-tec DE

Featured Data Sheet

Exabeam Fusion

Featured Solution Brief

Exabeam Fusion on Google Cloud

Featured Resource

4 Ways the Microsoft Sentinel Collector from Exabeam Can Improve Your SOC

r-tec DE

r-tec DE

Featured Data Sheet

Exabeam Fusion

Featured Solution Brief

Exabeam Fusion on Google Cloud

Featured Resource

4 Ways the Microsoft Sentinel Collector from Exabeam Can Improve Your SOC

r-tec DE

The New CISO Podcast Episode 94: The ABCs of Threat Actors – How to Stop Attackers From Becoming Insiders