Podcast - The New CISO Podcast Episode 94: The ABCs of Threat Actors - How to Stop Attackers From Becoming Insiders - Exabeam

The New CISO Podcast Episode 94: The ABCs of Threat Actors – How to Stop Attackers From Becoming Insiders

Podcast Transcript | Air Date June 26, 2023

Listen to the Podcast

Listen to Steve and Jeff discuss which strategies are being employed to comprise employees’ credentials:

The Return Of Jeff

Host Steve Moore introduces our returning guest today, Jeff Schilling of Teleperformance.

Steve reveals this is Jeff’s third time on the podcast. Unlike other episodes, where guests discuss their career journeys, Jeff is here to share necessary research regarding insider threats.

The Problem 

Jeff explores the fundamental issue of insider threats. He reveals the different levels of the skill pyramid that threat actors can be evaluated at. 

The “A” actors become insiders to exploit specific targets, which should be considered when creating a security system.

The Flattening

Steve presses Jeff on what he means by “flattening techniques” that have led to our current state of attacks. Jeff explains how malware software and targeted phishing scams have been used to access their mark, an issue exasperated by remote work.

Adversaries and Targets

Jeff explains how to communicate threat issues across departments, especially when there are language barriers. The biggest challenge is making messaging as simple as possible.

Depending on the job functions of others, there are different responses and success results. This is why Jeff’s team focuses on training and additional monitoring and security control.

More Tactics

There are many strategies that threat actors use to breach one’s security. Bad actors target companies through social media, such as Linkedin.

Threat actors also learn about their target countries and reach out to them through more region-specific platforms. Jeff then asserted that insider threats must be part of every CISO’s security plan. 

Preventative Steps 

Jeff assures us that there are things we can do to detect threats and explains those actions. Identifying the machine where phishing emails come from and implementing new technologies is key.

The New CISO

To Jeff, being a new CISO is constantly learning and having your finger on the pulse. If you think you know everything, it is likely you do not.

Links mentioned:

Listen to the Podcast