Speakers
Synopsis
John Le Carre's 1974 spy thriller 'Tinker Tailor Soldier Spy' was also released under the French name 'Le Taupe': The Mole. This title perfectly reflects the book's central storyline and its relevance to insider threats. In Tinker Tailor, the central character, George Smiley, grapples with the complex task of unmasking a British agent who had been turned by an opposing government. Whilst the book may be five decades (and many generations of technology!) old, the challenges it describes continue to be relevant for cyber professionals trying to manage insider risk to this day.
The term 'insider threat' describes a cybersecurity risk originating from within an organisation, and manifests when a current or former employee, contractor, vendor, or partner with legitimate user credentials misuses their access to the detriment of the organisation’s networks, systems, and/or data. Insiders can intentionally or unintentionally harm the organisation through actions such as data theft, sabotage or unauthorised access, and often pose complex detection challenges for security teams.
Insider threat incidents have increased in frequency by double digit percentages each year since 2021. In 2023 research, the Ponemon Institute found that 71 percent of companies experience between 21 and 40 such incidents each year. They also found that malicious insider attacks, on average, cost victims an average of $USD701,500 per incident.
Some recent examples of insider attacks that we'll discuss in our talk include an Incident Responder who tried to 'divert' a ransom payment from a real cyber-attacker's wallet to his personal account, an AI researcher who siphoned 15 years of his employer's research to a competitor, and a slew of cases of employees selling access to their company's systems, stealing trade secrets and deliberately downloading malware on behalf of an attacker.
On the face of it these examples are all strikingly different. But beneath the surface, they each have one element in common: despite being insider attacks, they all originated outside of the victim organisation. This category of threat, despite its prevalence, is not widely understood and is therefore often even more difficult to detect and respond to than other insider attacks.
In this talk, we propose a model to address insider threats that originate from without by combining the above case studies with insights gleaned from structured stakeholder interviews across multiple industries (including government, law enforcement and critical infrastructure) and the Shaw and Sellers (2015) 'critical path' framework. To demonstrate the proposed model's effectiveness, we'll test it against a detailed real world cybersecurity case study that was not detected by the victim until it was too late.
Tinker Tailor Soldier Spy ends when George Smiley inevitably identifies the mole and sees them arrested. We won't spoil the book's ending by naming the culprit here, but we're confident that, in the modern cyber threat environment, our proposed framework can help you to prevent and detect any such risks to your organisation into the future!
