IT Faces Specter of Insider Threats

@Earthlings: Be good, be safe, don't panic, and see you next time. 

Thanks for hosting today, @Mary. 

And remember.  Don't panic.

At this point my plan is to get a sailing ship and try to survive sailing the seas during the madness, ye internet evolutionars can be me pirate crew

And stay out of the streets.

Everybody: I must bolt to attend to some things. Thank you all for  joining us. Of course, you are most welcome to continue the chat.

As they say: Get ready for YOU DON'T KNOW THE TIME it will happen!

0-$10 I'd say, Paul.

@Nicole: any info on the size of your inheritance?

@Paul: Alan R. blogs about how useful the Internet becomes in these situations. 

The pole shift is coming!

@Kim: a frog? 

So far, things are peaceful in the Maritimes.

The aftershocks will be very moderate, if there were any

@Nicole:LOL

A frog just landed on my keyboard.

A locust just appeared on my patio.

@Nicole: Lol

@Mary.  I have never seen an office less likely to be evacuated.  Very chill.

@Nicole.  You are right to be suspicious.  "There are aftershocks coming.  Rush into the street!"

so it looks like the end is near, expect volcanos too

@Nicole: Maybe the NYC office will be evacuated?

Of course, all the rapture sites are being updated right now.

No worries, Kim. I wish I had that excuse.

@Nicole: I kea will hold u resposnbile for turning their beloved Anna to an object of public ridicule

My brother just called to warn me about aftershocks and told me to go work from home. I'm onto him, though, he knows I live in a basement... he wants my inheritance.

Washington Post: No reported injuries. In some places, products were pushed off shelves.

@Mary.  Sorry, I am suffering from aftershock.

CNN: "parts of Manhattan have been evacuated"  Hard to believe.

@Kim: Actually, I understood. I was being Anna: "Sorry. I didn't get that."

Anna: Nicole's roomie at the Uppsala U.

From Twitter: The epicenter was near the town of Mineral, Va.

@Mary.  I was asking Anna, IKEA's automatic assistant, about the earthquake evacuation.  She didn't help much.

@Paul: Alan Reiter, our mobile expert here at IE, is based in Washington. So he has been emailing updates to me.

@Anna: I'm sorry, I didn't get that.

@Susan: Why Alan?

I told her she was very cold.

hello

Anna says: "I think you're confused or trying to ask me a question, but I need more than that to give you a proper answer. Please try again."

lol @Nicole. 

@bolingbroke.  The key question!  I will ask her.

My mom's office was evacuated in Flushing.

@Bolingbroke, hopefully not!

Alan is probably blogging about this as we speak.  

It knocked my nametag upside down. that's kind of funny

Is Anna ok?

@Susan: Virginia, apparently.

@Mary: Where was the epicentre? 

Update: The quake was 6.0, Alan R. says

A New York Ikea has been evacuated.  Not sure which one.  Twitter is so useful.

@HH: Did you feel it, too? Are you on that part of the world?

But he says the Pentagon and the Capitol have been evacuated.

Alan Reiter, located in Washington, DC, reports that he is okay.

It was a moderate earthquake

I know that was biszaro timing

Are you all you guys on that side of the planet Okay? 

So Mary your msg

Ha, SMK! I believe I can feel the earth vibrating even now.

How did you know?

@SMK: lol :( Poor you.

Just crawling out from under the wreckage, Mary.

Yes, yes, we live to tell the tale of the earthquake!

Twitter is full of it. 

Nicole? Kim?

I didn't feel a thing and am dissapointed.

No problems here, just a lot of people being like ohhh earthquake

I've just heard the news

@Mary: Yep. Cybercrime can move around the globe finding the best spot depending on the local laws. 

Are you fellows all okay?

Magnitude 5.8 earthquake shakes Virginia, D.C. and New York

CNN has the news.

Wow. That must be a widespread one.

Yeah we all just felt the ground move and the lights were swinging side to side.

Shock waves heading north, Mary, hold on.

The internet tells me it was in virgina.

@Mary -- London Ontario, Canada.  It's north o' Detroit.

Yes here in W'chester County, my first ever.

Are you having a real Earthquake moment?

Is this happening in NYC?

Yep I felt it.

Wow. Where are you fellows located?

I felt it too.  I almost asked Nicole if she felt it, but decided I was imagining it.

@Susan: That's actually a great point. Laws differ from country to country,  making security even tougher. Perhaps in some areas it's not legal to monitor employee activity, while elsewhere it might be the law of the land to do so.

We felt it here

Would you believe we just had a minor earthquake here?    Guess you're right Mary, I'd better cool it.

Virtually lying around here, that is.

At least that's what I interpret to be our data. Maybe we have other stuff that's more valuable, but I haven't seen it lying around here.

@Kim: from a different country with different laws. She might be innocent and everything. 

@Kim: LOL. Lots of Cape Bretoners need unedited blogs.

@Susan: On a network where most "clouds" are secured, how would that work? Who would manage it? ICANN is already embroiled in problems over its lack of internationalism, or governance, or whatever.

I am concerned that Mary has access to our data from a different country.

Gee! that's scary.

Not a need for Internet police, there's a need for firms to take their security more seriously.

@Susan: Good. I will keep an eye out.

Maybe there is a need for an Internet police?

He logged in, and manipulated virtual servers that held corporate operations apps. Everything crashed. For days.

Ahh, Mary! I just rememebered something I have to send you. 

Seriously, to Kim's point: The person who brought down Shionogi did so remotely.

Ha, SMK! I believe I can feel the earth vibrating even now.

@Awilliams: I have to check that out. 

Whenever I have a brainstorm, somewhere out there a computer gets a blue screen of death.  They're that powerful.

In other words, no one could see me betraying the firm if I'm 1K miles away, right?

That's why we consider you a great threat.

@MJ.  Who doesn't work off-site these days?  As I said earlier, you don't need to go to the office to steal things.  Just need a log in.

Hmmmmm. I'd say yes, Mary.

Haha.

My thought was, is it tougher to avoid insider threats when you have folk working offsite?

Oh leave me alone everyone.

I just had a thought. Can you tell?

@Mary: To LOL or not to LOL, that is the question. <-- LOL

Kim, I'll ask you flat out: Does your lack of shaving, etc., as noted by Bolingbroke, indicate that you're betraying the firm??? And where are you going with those hard drives? If you don't tell Nicole, I will!

Good point, smk. I'm sure it's fine then!

@Nicole -- how good a mask could it be if you still recognize him?

Perhaps there is a syndrome, in which workers get so caught up in wanting to be part of the team that they are willing to follow a boss into wrongdoing.

Hmm I just saw Kim walk out of the room wearing a mask, with seven or eight hard drives under his arm. Should I be concerned?

Kim, we have to let you go. I haven't liked the cut of your jib lately, your shaves leave a lot to be desired, and your shirts and trousers are wrinkled. Here's security, please leave with then quietly.

You all are sounding like we don't already have thought sensors. We do, just check out fMRI. Crazy stuff right there. It'll soon be everywhere

@Kim: Good one. Someone had to cover for some of the more flagrant problems at big firms. (Madoff comes to mind. Also, dare I say it, the Murdochs!!)

@Susan: Keith has no remorse, I don't think. He couldn't stand the guy and figures the world is better off. LOL (or NOT LOL, really). Pretty grim

@Mary.  I would speak to the employee if I was concerned and if the responses didn't satisfy me I would speak to a manager.  You can only start covering up for them if you don't plan to stay in your own job.

Am I the only one thinking that I'd overload the thought sensors?  c'mon, show some ego, people. ;)

But I keep returning to the fact that at least some -- maybe a lot -- of recent breaches at big outfits could have been avoided if common sense had reigned.

@Mary: can you believe? Then you feel remourse for the rest of your life. No, than you. (to the revolver issue)

Thought sensors? Heaven take me before that comes.

lol @Susan, good plan!

I don't even have access to my own data sometimes.

That way one isn't fingering anyone without evidence.

Thought sensors?! lol That day I stop thinking.

@Nicole: And being remote, I promise I don't have any access to any company info. Sometimes I can't even get on the wiki!

@Mary, how uplifting!

@Nicole -- LOL, exactly.  Given the gloomy news, I wouldn't be reporting foul moods.  If anything, I think if you suspect there's an insider issue go to I.T. and just tell them to do a security check just in case.

@Kim: I am reminded that in Keith Richards'  autobiography, he talks about a producer he could not stand (also English) to whom he suggested the only decent thing was to do that. Two years later, "he took my advice," Keith writes. Scary!

Thought sensors? Yuck. I hope I'm retired by then.

You can only do so much until the thought sensors become perfected.

Just FYI everyone: I'm not out for the company's data. I'm just moody.

@Kim: LOL!

That is, what would others on this board do if an employee was acting very strangely?

@Mary.  Leave a loaded revolver on the person's desk and expect them to do the decent thing.  That's how we handle it in England.

Tough one, Bolingbroke. What would you do? Others?

Of course, insider threats are not essentially IT threats.  If anything, I should think IT was easier to lock down than other stealable items (paper files, overheard conversations, the fruit in the refrigerator).

I meant to say, I was in the person's office when they answered a call and did their cheating while I was there to see.

It's just that often that will be the only sign you will get that someone is about to go over to the darkside.

@SF: I see!

*dislike 

@hounhosp: No, I wasn't being kind. The revelation happened because i was in the office, a phone call came through, I asked a few questions, and bingo

I lislike it when people take advantage of someone's kindness. 

@Bolingbroke: I would not unless they answered to me AND it was affecting their work.

@Boilingbroke -- considering the current economy, no. 

@MJ: You didn't feel that they took advantage of your "kindness"?

@Kim, yes, I think admitting they oculd happen is a first step. Then, not going haywire to prevent it with paranoid activity is important.

If you see a fellow employee who suddenly becomes removed, moody, taciturn. Do you let someone know?

On the other hand, I would never spy on a colleague, ie go into their desk, etc. That's not right either. That's despicable.

Unfortunately, @Kim. 

Thanks, SMK. Actually, I had no qualms at all, because the person admitted the wrongdoing to me. I caught them doing it and they admitted it.

Are insider threats just something we have to manage?  There is surely no way to eradicate them altogether.

Righto, smk. Keeping someone's secrets when that someone is committing a crime or putting the company in danger doesn't make you a hero.

I can understand the mentality that someone is operating like a spy and disliking that... but it's another thing if people do what Mary did and confront the person face-to-face.

I hate the "You're a snitch" mentality.  You catch someone doing wrong, you do the right thing, and people get annoyed because heaven forbid they behave themselves?

But I gave the perp the benefit of going first to the boss.

@Nicole: I have a couple of old laptops myself.

This clown was undermining all of our hard work. Basically, you could say, undermining our livelihoods

And was I a snitch? All of us were working flat out, overtime, and in continual effort to beat out others. I didn't care if I "snitched."

There is a UBM ballpoint that I will return by mail, I promise.

In other words, the perp was kind of making it obvious. Maybe proud of it.

@Nicole -- :) Thanks!  I'm a little late as I made a chance contact over lunch.

@Bolingbroke: I had the wrongdoing confirmed.

Don't mess with Jander.

@Susan: That is a good obsevation. Important to keep that in mind.

@Mary Sounds good but to actually go and snitch to a higher up because of suspicions is one thing, if you actually know of a wrongdoing is something entirely different.

Whee smkinoshita arrives. The gang's all here.

Well, I was not in a position to fire them. What I did was get a head of steam up about the fact that the person was interfering with the hard work we were all doing.  Then I told the person, "I know what you are doing. Either you go to the boss, or I will."

@Mary: Amazing. Sometimes I am really convinced that this part of the world belongs to a different world. You wouldn't believe how much you can trust people. You even get things back if you lose stuff. Once a friend forgot a new laptop in a train and she got it back. Another time I knew about someone who found a wallet in the library (with almost 200euros in cash and credit cards) and gave it to a librarian who later on called the owner.  

@Mary-- Spy?

In other words, the person was finding info from his work with us and then going back to former employer to deliver it.

@MJ: Did you have them fired?

@Bloingbroke: I recall places I've worked (NOT HERE) where I found out a colleague was basically selling or giving ideas to our chief competitor.

Punks.

Wow, Mary!

@Nicole: Well, I went into a cell phone provider's store at a big NJ mall to get a new phone. Awhile later, when I went to use the phone, I discovered the number had been hijacked and my account had racked up $2K in calls. Turns out the workers in the store, both young guys, had committed the fraud.

Seems like a lot of people think they can get away with things digitally because there is no internet police... like the kind patroling the streets

Usually, at least in my experience, a problem employee shares his thoughts with his colleagues.

@Mary, what do you mean? What happened with the kids?

Hello, all.

@Bolingbroke: I think one deterrent could be fellow workers who spot a problem employee.

Bolingbroke, exactly. So how do we prevent that from happening unless companies start monitoring every little thing?

Thanks Susan!

Hi there Bolingbroke!

@Mary: I can send you the link.

I had a bad experience at a cellphone store, where my phone number was pilfered by the kids I dealt with in the store.

Often a employee will beocme disgruntled before anyone else knows about it. If he/she decides to take action. What can anyone do?

@Paul: Thank you very much. That is beautiful. It's touchy to know that you can actually touch people. Thanks. I'll check it out later and get back to you. I haven't been updating that site for some time. 

@Susan: Actually, in the case where restaurante employees are scanning credit card info, that's insider threat.

@MJ: "One reason may be that IT needs more protection than firewalls, authentication mechanisms, and encryption afford." I think this perfectly sums up the grande challenge and until we are able to go beyond these peripheral secuirty measures, there is no edn in sight.

@Kim: I'm not sure. In the case I mentioned, the firm had an integrator they relied on to manage the cloud service.

Mary, don't use lose some advantages of scaleability if you provide the staff for your bit of the cloud?

@Susan; Yes, sadly, I've heard of the restauarnt premises problem. And then there's the WiFi threat as well. But those aren't insider threats, technically anyway.

@Mary, that's an important question re: cloud services... I have no answer, though... I hope someone else does!

Why aren't people deterred by prosecution.  Surely in the types of case we're discussing, the perpetrator is easily identified.

@MJ: Agreed!

One thing: I have heard of cloud service clients demanding that their cloud servers be hosted in their home country and accessible only to their own internal staff. In other words, access to the cloud service would be restricted.

@Awilliams: Gee! I've never heard anything like that before. 

@Yes: Agreed!

I must read that blog or post of yours, Susan.

@hounhosp: the fellow at the local store should have been kept off the premises with a restraining order. Just my opinion.

@Susan: I read your amazing story about how u finally get to stay in Finland. I enjoyed reading it that much. I admire your perseverance and self-belief to achieve your vision in life. It taught me a great lesson.

A big question I have is how IT can keep security going when it's using cloud services.

Yes Nicole. They thought she would play nice

Well, I think in that quote, he meant access to data.

@AW: agreed that firms should be looking for long-term loyalty. They should pinpoint what builds that.

@Mary: "...................

A lot of times you'll find that some of these malicious attacks that occur from within an organization are due to the fact that people have too many privileges". What privledges is he refering to here?

@Paul: Hmm. I'll check that and will get back to you. 

@hounhosp, 30 days?

@AW: Good observation.

Here's another somewhat IT example of an insider threat, most credit cards are stolen by people at resturants who run your bill but also run it through a swiper that copies the data down.. you trust the restruant with your data but you can't trust the individual?

I recall the story of a Woman who was given a 30 days notice to leave the company, and she had enough time to compromise all the company's data 

Hi, @Paul. Good. And you? Just getting paralized with what Mary said about the local store.

@Susan; I went to your private website sometime ago and commented on your story about stay in Finland. I never got a response.

Oy, yeah, going back to your computer after being fired is a big no no, or should be.

Back ups should make it difficult for any departing employee to do much damage.

Hello Susan. How are you. 

Hi Mary J, That guy should have been fired at once!

@Mary: with the pace at which tech is moving, a security solution can only be as good until the next tech invention that will make it completely redundant.

@Paul I guess it all depends on a companies attitude. I find one of the big problem today is that actors are so focused on short term profit (maybe thinking in terms of quarters) that no one focuses on the long term growth (10+ years down the road). A company should be looking for the kind of people that can help them get there

He basically destroyed the computer, and the evidence with it.

@Mary: that's horrible. 

@Mary: The availability of secuirty resources have little bearing to these kind of threats

In a local shop, it was discovered that the manager was robbing the till by cooking the online books. The board allowed him back onto his computer to retrieve personal data there. And guess what happened?

Hi SF, Nicole. Nice to be here!

@Awilliams, that's a good suggestion.

I've worked at places where, if you are fired, you are walked instantly to the door.

@AW: Loyalty? Do we really have anything like that again in the workplace?

Welcome everyone who is joining us.

@Kim: That client should have a valid reason, donèt you thinkÉ

@HH, hi! so long! 

Hey hounhosp, welcome.

But really, some common sense seems to have been missing when you review some of the recent breaches and attacks.

Hi, Nicole & Kim

That's a good point, MJ.

Another strand to the story is that rogue employees no longer need to sneak files out of the office.  They can access them from home anyway.

In many ways, actually training cameras and keystroke monitors on employees probably encourages more bad behavior.

I worked for a company with a paranoid client.  All the client's data was kept on a system managed by the client which didn't permit downloading or printing.  Pain in the neck.

Hi, Mary!

Hi Awilliams, hi Susan!

Hounhosp! hello!

Is the audio on?

Hi, Everyone!

Hellow to AW and Susan!

@Nicole: Employee surveillance -- ug. But maybe more vetting up front.

Hello, Earthlings.

Hi all. Perhaps one way to deal with insider threats is to play towards primary loyalities. If companies are willing to hire/fire employees all willy-nilly then they are not going to have a lot of loyality to the insitution..

@Paul, no definitely not, but what other choices are there?

@Kim: That just tells us the depth of the problem. 

@Kim: Apt!

@Nicole: and that's a very tricky area for employers. U don't want to be seen overtly snooping on each and every activity of employees

@Paul: The fellow who perpetrated the attack on Shionogi had already had a fight with management and been dismissed. Why on earth was he called back, when IT knew he had a beef with the company?

Also, recently, Citiigroup was cited in court for allowing an insider to pinch over $700K from its coffers.

This links to the rumor I reported that the White House is drafting an executive order to prevent Wikileaks-type situations.  The rumor, of course, was leaked.

@Mary: in what way then it should not have happen?

I think it will require more employee surveillance.

How can we really control the insider threat, though?

@Paul: And it seems we continue to see more IT insider problems. In many cases, like the one involving Shionogi, the attack shouldn't have happened.

@Mary: I really don't think we can entirely blame it on security

Thanks, Nicole!

We're talking about IT threat, naturally, but hey, we can expand the discussion to include any kind of corporate insider threat.

"All of this may lead some to question why, in an age when security products and services are readily available, we're still seeing so much IT-based malfeasance."

So who thinks they've got insider threat under control?

Hi Mary

Thanks for the intro, Mary.

Hi Paul! Hi Nicole!

With the level of people's understaidng of technology increasing, it is going to be a really big headache trying to stem inside threats

It is a very big concern now for any enterprise. 

Are you afraid of the insider threat?

Hello Nicole

Hey Paul

Hello