The ABCs of Threat Actors: How to Stop Attackers From Becoming Insiders
In this episode of The New CISO, Steve is joined by guest Jeff Schilling, Global CISO for Teleperformance.Jeff returns to discuss a pressing issue for CISOs: Insider threats. With credentialed attacks on the rise, Jeff shares his take on the “flattening” of this evolving threat. Tune into today’s episode to learn more about the ABCs of bad actors, how Covid has contributed to the problem and complex recruiting scams.Listen to Steve and Jeff discuss which strategies are being employed to comprise employees’ credentials:The Return Of Jeff (1:42)Host Steve Moore introduces our returning guest today, Jeff Schilling of Teleperformance.Steve reveals this is Jeff's third time on the podcast. Unlike other episodes, where guests discuss their career journeys, Jeff is here to share necessary research regarding insider threats.The Problem (4:24)Jeff explores the fundamental issue of insider threats. He reveals the different levels of the skill pyramid that threat actors can be evaluated at. The “A” actors become insiders to exploit specific targets, which should be considered when creating a security system.The Flattening (12:46)Steve presses Jeff on what he means by “flattening techniques” that have led to our current state of attacks. Jeff explains how malware software and targeted phishing scams have been used to access their mark, an issue exasperated by remote work.Adversaries and Targets (19:54)Jeff explains how to communicate threat issues across departments, especially when there are language barriers. The biggest challenge is making messaging as simple as possible.Depending on the job functions of others, there are different responses and success results. This is why Jeff’s team focuses on training and additional monitoring and security control.More Tactics (23:28)There are many strategies that threat actors use to breach one’s security. Bad actors target companies through social media, such as Linkedin.Threat actors also learn about their target countries and reach out to them through more region-specific platforms. Jeff then asserted that insider threats must be part of every CISO’s security plan. Preventative Steps (31:42)Jeff assures us that there are things we can do to detect threats and explains those actions. Identifying the machine where phishing emails come from and implementing new technologies is key.The Near Future (35:50)With the evolving functions of AI, it may be easier for threat actors to be more convincing in their scams. Their messaging is getting more believable, which is why Jeff believes they are taking advantage of new technologies, despite there being safeguards.However, Jeff is not convinced that certain aspects of AI, like voice mimicking, will get more sophisticated. The New CISO (39:42)To Jeff, being a new CISO is constantly learning and having your finger on the pulse. If you think you know everything, it is likely you do not.Links mentioned:LinkedInQuote:“I used to say multifactor authentication at the edge was a big barrier for the threat actor to get over. That's no longer, I can't say that anymore. It's more like a small fence. And now, you got to look at how do you manage your privileges and how do you conduct IT operations inside of your wire, and how would a threat do it if they were an insider? And then what controls do you have to be able to detect that activity because they're going to be using IT tools, and they're going to look like they're coming in with a legitimate account.”