Next month, the world will be talking security at the annual RSA Conference, which will be held in San Francisco on February 13th to the 17th. When it comes to discussing security matters, experts often tell us to take stock of our risks or to complete a risk assessment. However, perhaps before understanding where we might be vulnerable, it might be more important to consider exactly what threats we’re really faced with.
In this episode of the Inside Out Security Show, I asked our panelists – Mike Thompson, Kilian Englert, and Mike Buckbee about four #realthreats – disgruntled employees, passwords on sticky notes, hijacked accounts and ransomware.
Here’s what they had to say about each of these distinct categories:
Thompson: I think this is a psychological and human resources question. Part of it is…interoffice communication. People, when they become disgruntled employee, take disruptive action, or try to steal data, or vandalize the company’s network in some way. That’s usually a last resort. They feel boxed in. They feel they have no other outlets. No one is listening to them. Whatever it might be, it feels like them against the world.
Passwords on sticky notes
Buckbee: It’s a bad idea, but I don’t think it’s actually the worst idea…It’s really easy to beat up on users for doing this…What I think should be happening is that organizations are doing better policy and procedure wise. Some of that is giving out password managers. It’s a very cheap and cost effective way of dealing with this.
Buckbee: Something that’s very scary, but I haven’t seen happen yet is a lot of the technology for marketing automation hasn’t been yet applied to these black hat techniques yet…to A/B test what works what doesn’t work.
Englert: Have offline backups and you have to back them up regularly. Have multiple copies offline.
Thompson: The downside of that is that if you catch the infection too late, you’ve been backing up encrypted files for a month
For your free RSA expo hall pass, click here!
- Follow the Inside Out Security Show panel on Twitter @infosec_podcast
- Add us to your favorite podcasting app: