This transcript has been auto-generated
0:00:01.760,0:00:07.240
ever wonder what is going on behind the scenes as
the government investigates criminal cases are you
0:00:07.240,0:00:12.200
interested in the strategies the government
employs when bringing prosecutions I'm your
0:00:12.200,0:00:17.040
host Gregg Sofer along with my colleagues in Husch
Blackwell's White Collar Internal Investigations
0:00:17.040,0:00:23.040
and Compliance Team we will bring to bear over
200 years of experience inside the government to
0:00:23.040,0:00:29.320
provide you and your business thought-provoking
and topical legal analysis as we discuss some of
0:00:29.320,0:00:35.080
the country's most interesting criminal cases
and issues related to compliance and internal
0:00:35.080,0:00:43.240
investigations welcome to the latest edition of
The Justice Insiders I'm your host Gregg Sofer and
0:00:43.240,0:00:49.720
lucky enough again to be joined by my colleague
and partner here at Husch Blackwell Eric Dullea who
0:00:49.720,0:00:55.120
is the leader of our cyber security practice
group and a partner in our Denver office you
0:00:55.120,0:01:03.320
can find his bio and background and in the show
notes we L to those uh in the show notes Erik
0:01:03.320,0:01:09.400
thanks for joining us youat I'm glad to have
moved into the repeat offender status to join
0:01:09.400,0:01:15.440
we're happy to have you here so uh you'll recall
that the last time you were on we had an episode
0:01:15.440,0:01:22.640
which I would recommend to our listeners about
the sec's regulations uh that they had put out a
0:01:22.640,0:01:30.800
fairly significant robust and strict requirement
for prompt notifications for public companies
0:01:30.800,0:01:37.480
regarding cyber attacks and on the heels of
that edict to the world something happened to
0:01:37.480,0:01:44.360
the secc itself and in in what I would describe as
something that's highly embarrassing to the agency
0:01:44.360,0:01:52.160
early this year a hacker was able to hijack an
SEC staffer phone and apparently get access to the
0:01:52.160,0:02:00.840
agency's X formerly Twitter account and posted a
tweet regarding approval of Bitcoin exch CH traded
0:02:00.840,0:02:08.320
products and my understanding is it actually moved
the market so this was not some unknown un no one
0:02:08.320,0:02:13.760
paid attention to WR a problem in other words the
SEC although may not have been their own mainframe
0:02:13.760,0:02:19.360
computers if you will got hacked after having
told everybody that you'll get in trouble if
0:02:19.360,0:02:23.600
you don't tell us right away when you get hacked
so I wanted to talk a little bit about that and
0:02:23.600,0:02:31.360
the fact that and today's episode really is about
this that these uh these data reaches and hacks
0:02:31.360,0:02:37.320
of companies and turns out the government often
have a human element and so that's what that's
0:02:37.320,0:02:42.400
what I'm hoping to discuss with you today you
bet no and I think it is a good example of it
0:02:42.400,0:02:50.440
because there is a lot of inward Focus that we see
from The Regulators and from um consultants and
0:02:50.440,0:02:57.440
Private Industry on protecting the network having
defense in depth making sure nobody gets in and
0:02:57.440,0:03:03.120
unfortunately for the SEC they've moved from the
those that will category to the those that have
0:03:03.120,0:03:08.120
category when it comes to dealing with an incident
that they didn't want to have in a little bit of
0:03:08.120,0:03:13.560
egg on their face and in this case it's a question
that criminals are Innovative and they are always
0:03:13.560,0:03:19.160
looking for ways to penetrate a network and
to get in through a form or a method that we
0:03:19.160,0:03:25.280
didn't anticipate otherwise we would have had
a control in place yeah so some there's various
0:03:25.280,0:03:31.760
different statistics about this but at least one
organization has reported that 8 2% of successful
0:03:31.760,0:03:38.040
uh data breaches or can be attributed to some
sort of human error and I think humans probably
0:03:38.040,0:03:43.120
constitute a vulnerability in most organizations
for a variety of different reasons but the more
0:03:43.120,0:03:49.320
sophisticated uh the hackers are the easier it is
to manipulate human beings and we'll get into some
0:03:49.320,0:03:55.280
of the ways that that's going on these days but
the bottom line is it is very interesting that all
0:03:55.280,0:04:03.400
this money gets spent on sophisticated programs
and and software and ways of hardening your system
0:04:03.400,0:04:09.440
Hardware even but if your human beings aren't
properly trained and properly looking out for
0:04:09.440,0:04:14.440
trouble you might as well not waste your money
on the rest of it right yeah I think that's a
0:04:14.440,0:04:20.360
good way to think about it and I'd Echo those
statistics as far as the anywhere between three
0:04:20.360,0:04:29.080
quarters up to 80 80 plus percent involving a
human being involved in the exploitation and once
0:04:29.080,0:04:35.040
they're in generally what we see are the more
common types of threats that are exploded are
0:04:35.040,0:04:40.280
credential theft which is going to give that
criminal the keys to unlock all the doors so
0:04:40.280,0:04:44.720
that they aren't having to break in they're
just strolling and if it's beyond that it's
0:04:44.720,0:04:50.600
also fishing attacks or ironically even though it
gets a lot of the attention especially for recent
0:04:50.600,0:04:56.760
cyber events vulnerabilities and exploitations of
those because they those generally take a bit more
0:04:56.760,0:05:02.960
technical sophistication by the threat actor
in order to take advantage of those once they
0:05:02.960,0:05:07.280
become a bit more common then those are moved
to the ransomware as a service or malware as a
0:05:07.280,0:05:14.320
surface Market where they will sell or lease that
code to a less sophisticated criminal for them to
0:05:14.320,0:05:19.880
put to use for a couple hours to see what they
can gain as far as quick exploitations and then
0:05:19.880,0:05:25.400
they move on to the next Target yeah and we can
start with the credential hacks or the credential
0:05:25.400,0:05:31.720
Acquisitions um because I think what happened at
the SEC here s of falls into that category right
0:05:31.720,0:05:37.720
yeah my understanding for it's you know was a
SIM card swap or a subscriber identity module
0:05:37.720,0:05:44.360
swap of the employes phone but that was done
through a you know by an email account being
0:05:44.360,0:05:49.920
compromised that allowed the criminal to then get
over to the wireless carrier to ask for the Swap
0:05:49.920,0:05:55.800
and that puts the criminal into the shoes where
they are able to bypass or see the multiactor
0:05:55.800,0:06:02.960
authentication which we generally see as being the
BL and nend all and best most common additional
0:06:02.960,0:06:09.000
security control that's being used nowadays and
with that they're able to simulate the employee
0:06:09.000,0:06:13.760
and step in as if they were the authorized user
and I think something our listeners uh should
0:06:13.760,0:06:19.800
know also and this something that I regularly
saw when I was in the government and still see
0:06:19.800,0:06:27.240
is that once your credentials or information
has been stolen not only do the hackers often
0:06:27.240,0:06:32.320
do everything they can to exploit it but as you
point out they then sell it and make it available
0:06:32.320,0:06:38.080
on the dark web for anybody else to try to either
do what they're doing or do something new and and
0:06:38.080,0:06:44.280
it it's amazing the community out there of people
who are engaged in the regular course of business
0:06:44.280,0:06:49.640
of trying to steal people's money and information
yeah you're absolutely right it is becoming a
0:06:49.640,0:06:57.600
mature economic model or industry of criminal
activity so let's talk a little bit about this
0:06:57.600,0:07:03.600
business email compromise concept and what the
threat picture looks like what should companies
0:07:03.600,0:07:09.560
be and individuals be looking for and how might
you train your folks to make sure that that
0:07:09.560,0:07:16.520
vulnerability is controlled again the human aspect
of this I think probably the the most important
0:07:16.520,0:07:23.200
tool for organizations to use would be rather than
focusing exclusively on training which we think
0:07:23.200,0:07:31.000
of as far as sort of a once a year make everybody
watch a video and we're taking time away from the
0:07:31.000,0:07:37.760
revenue of the company because we're losing you
know Workforce hours and to focus on awareness
0:07:37.760,0:07:46.120
and to have the infosec teams the cios HR all of
the folks that are interacting with the workforce
0:07:46.120,0:07:52.680
trying to find periodic ways to just keep the
threats of fraud whether it comes through the
0:07:52.680,0:07:57.800
telephone whether it comes through the email
whether it comes through a video screen top of
0:07:57.800,0:08:04.320
mind for the workforce so posters in the elevator
Signs by the coffee machines ways that folks are
0:08:04.320,0:08:10.160
going to be able to see it and just remember to
be on the lookout for suspicious activity and
0:08:10.160,0:08:16.320
you know and here at our firm I had this in the
government also um one way to do that is to sort
0:08:16.320,0:08:21.320
of I don't want to say scare people but there's
nothing that reminds me more of the threat that
0:08:21.320,0:08:26.640
when I get caught by our internal testing process
and it's it did happen to me once I I was telling
0:08:26.640,0:08:31.480
I was telling you before we started recording
today that that I thought you'd never catch me
0:08:31.480,0:08:37.880
in in a fishing attempt paranoid I for 30 years
I spent looking at the worst of human beings I'm
0:08:37.880,0:08:44.520
very careful about my internet practice but I got
caught our firm's own internal sort of testing
0:08:44.520,0:08:49.880
process because I was in a hurry one day and you
know I'm aware of it but I wasn't disciplined
0:08:49.880,0:08:54.520
enough to be thinking about it at that moment and
I click on a link that I shouldn't have clicked
0:08:54.520,0:08:59.160
on and and right then and there I you know you
can expose your entire Enterprise to the kind of
0:08:59.160,0:09:04.160
trouble that the SEC had you're you're absolutely
right and that it's a good example in the sense
0:09:04.160,0:09:11.360
that you can have a fabulous winning streak going
until you until the misstep and it only takes one
0:09:11.360,0:09:17.120
and that's true across the workforce we see with
the fishing testing metrics they are a very good
0:09:17.120,0:09:23.960
tool and I'm not trying to disparage or downplay
the value of them but there are you know they're
0:09:23.960,0:09:29.360
oftentimes companies and Regulators will think
about it from a check in the block compliant
0:09:30.160,0:09:35.560
mindset are you doing it and if you are okay
great but if you really wanted to be Innovative
0:09:35.560,0:09:40.880
sometimes the people setting up those testing
tools can be a little too sneaky or they get
0:09:40.880,0:09:46.640
blowback it used to be a popular one that I would
talk about using out here in Colorado to say on
0:09:46.640,0:09:51.920
a Friday afternoon you send the email out saying
that I've got Broncos tickets for Sunday you know
0:09:51.920,0:09:57.000
right now that may not be as popular or as hot of
a topic as it would have been in years gone by but
0:09:57.000,0:10:02.080
for somebody that's in the Kansas City office then
yeah if you've got make that email advertisement
0:10:02.080,0:10:07.360
out there you will see people because it's a first
come first serve they're going to jump on it the
0:10:07.360,0:10:13.240
other aspect on recognizing those fishing emails
is for a mobile Workforce do they come across and
0:10:13.240,0:10:18.720
do they look the same on your phone as they do
on your desktop monitor sometimes that can be
0:10:18.720,0:10:24.920
another way that people bite on it and are the
controls in place for an iOS you know piece of
0:10:24.920,0:10:29.480
Hardware as opposed to a Windows platform and do
they come across and do you recognizeing the the
0:10:29.480,0:10:34.040
same way that's where I tend to see that I'm
falling victim to it is when I'm looking on
0:10:34.040,0:10:39.320
my phone I tend to not have the same level of
skepticism as I do when I'm sitting at my desk
0:10:39.320,0:10:45.320
yeah the other thing I think that is concerning
and and particularly in the more sophisticated
0:10:45.320,0:10:55.640
against larger hacks and breaches is once in the
hackers and the bad guys they don't necessarily
0:10:55.640,0:11:01.320
do anything for a while right they're sitting
there off in watching that's correct you could
0:11:01.320,0:11:07.400
think about it either as reconnaissance or pattern
of Life monitoring to put it in DOD terminology
0:11:07.400,0:11:14.600
but looking to see how the organization behaves
who is involved in what types of transactions or
0:11:14.600,0:11:21.320
projects meanwhile the threat actor is looking
to map out the network find out where important
0:11:21.320,0:11:26.400
information is what are typically referred
to as the crown jewels and then figure out
0:11:26.400,0:11:34.160
which Communications threads they might be able to
intercept and then use to exploit what typically
0:11:34.160,0:11:41.960
happens once those actions begin is rules will be
added to employees inboxes to try and redirect or
0:11:41.960,0:11:49.000
delete and obfuscate alerts or other tips that
the employees would receive and then I've seen
0:11:49.000,0:11:55.520
one example for a company that over the course of
four months there was back and forth between the
0:11:55.520,0:12:02.440
thread actor and a procurement official and they
built up the aspect of the conversations and the
0:12:02.440,0:12:07.640
discussions seated the ground with an aspect of
uh we're probably going to be changing banks in a
0:12:07.640,0:12:13.320
month or two and then a month or two later hey
here's the new wiring instructions and then a
0:12:13.320,0:12:18.840
month after that hey we haven't seen this invoice
can you help get it taken care of for us and once
0:12:18.840,0:12:25.600
that money goes out the door and the criminal act
activities discovered the organization says okay
0:12:25.600,0:12:30.600
let's look at our insurance policies the Cyber
insurance policy that they had may have been
0:12:30.600,0:12:36.480
phenomenal they may have $5 million of coverage
but the problem is there was no damage to the
0:12:36.480,0:12:43.200
network or activity that was defined as a Cyber
attack the becc or that business email compromise
0:12:43.200,0:12:48.960
activity generally falls under typical fraud and
in that case their criminal liability coverage
0:12:48.960,0:12:55.480
was only $10,000 so you have a mismatch between
what's the value of the harm that can occur and
0:12:55.480,0:13:00.240
through what method and the levels of protection
that the company has bought for itself yeah and
0:13:00.240,0:13:07.320
that sort of goes to another level of diligence
which is you you almost these days have to assume
0:13:07.320,0:13:12.800
for some of these kinds of movements of money or
movements of information that somebody else from
0:13:12.800,0:13:17.640
the outside is watching in other words they could
have gotten in through a lower level staffer like
0:13:17.640,0:13:22.400
what happened to the SEC they're going to quickly
turn their attention to the actions of the people
0:13:22.400,0:13:27.320
who actually are moving money or information
or whatever else it is watch them wait for
0:13:27.320,0:13:32.640
that moment that you're describing but those
folks have got to be diligent about the conduct
0:13:32.640,0:13:38.400
of their business as if somebody is watching
particularly for these last minute changes to
0:13:38.400,0:13:44.160
the movement of whether it be data information
or or cash that's where the rubber often meets
0:13:44.160,0:13:50.440
the road here right yes uh if you are dealing
with scenarios where there are times sensitive
0:13:50.440,0:13:56.080
Financial transition so whether it's m&a activity
whether it's closing on real real estate and other
0:13:56.080,0:14:02.720
large events everybody feels under the gun and you
know if it's anything like you know when I've when
0:14:02.720,0:14:06.920
I've purchased homes or sold homes in the past
there's a flurry of activity right around the
0:14:06.920,0:14:13.520
closing date and people are looking to get the
job done so they're looking to be team players
0:14:13.520,0:14:21.200
but that's an opportunity that is right for a
criminal to step in and ABCA with the money so
0:14:21.200,0:14:27.920
what kind of advice do you give to organizations
and individuals to to deal with that part of it
0:14:27.920,0:14:36.480
in other words it's not just you're looking for
the fishing but you're also protecting your own
0:14:36.480,0:14:42.040
activities and the movement of money during these
High Press times or times when somebody would take
0:14:42.040,0:14:47.360
advantage of it at the last minute I think some
of the practice activities that senior leaders
0:14:47.360,0:14:52.600
have to endure and hopefully they do endure it I
mean they should look at this as a way to assist
0:14:52.600,0:15:00.480
with their risk management processes and controls
would be to schedule tabletop exercises where you
0:15:00.480,0:15:08.880
get the senior leader group in and the general
counsel or the CIO or the CTO have come up with
0:15:08.880,0:15:15.680
a scenario and I've run these exercises in some
cases with clients where I mean you can game
0:15:15.680,0:15:20.240
it out to a certain extent you buy them lunch so
everybody's at least getting food while you make
0:15:20.240,0:15:26.960
them suffer for 90 minutes or two hours and tell
you know pick a card any card and out of that deck
0:15:26.960,0:15:32.840
there will be a typical Ransom scenario which a
lot of companies are familiar with now but another
0:15:32.840,0:15:40.320
one can be a business email compromise event or
I think where we'll probably see activities shift
0:15:40.320,0:15:47.760
to in 2024 25 is for larger companies where
they have the risk of moving the market a an
0:15:47.760,0:15:54.960
AI deep fake on video you imagine if you have a
Fortune 100 company and suddenly onto social media
0:15:54.960,0:16:01.960
there is a fake video of the CEO talking about the
company headed toward chapter 11 utterly fake and
0:16:01.960,0:16:07.840
not affecting that company's networks or its data
but how would you get your Communications team in
0:16:07.840,0:16:13.760
place to deal with this and what would they do
in response to try and remediate the problem so
0:16:13.760,0:16:19.200
those exercises are not intended to give you a
perfect answer to a given situation but it's to
0:16:19.200,0:16:24.320
allow the organization to get used to having to
communicate across stakeholder lines and across
0:16:24.320,0:16:30.280
business units so that when the real event happens
that will be a completely different fact pattern
0:16:30.280,0:16:35.680
from what is practiced they're used to getting
the process going and talking and know the Deep
0:16:35.680,0:16:43.080
fake issue I think is particularly challenging
because let's take the business email compromise
0:16:43.080,0:16:50.400
situation I know for instance law firms and real
estate brokers and title companies have all moved
0:16:50.400,0:16:57.720
towards a system with where for instance uh you
get on the telephone and confirm a wire transfer
0:16:57.720,0:17:04.240
before anything leads for because so many of those
transactions were targeted by scammers and hackers
0:17:04.240,0:17:08.880
who were getting in between those transactions and
having the last minute again change to their own
0:17:08.880,0:17:15.360
accounts but if the telephone call you make can
go to somebody or you get a telephone call from
0:17:15.360,0:17:24.200
someone whose voice has been deep faked or even
get on a zoom and you're staring at the CEO who's
0:17:24.200,0:17:29.520
pounding on the table saying you need to get this
check out the door or transfer this money why are
0:17:29.520,0:17:33.840
this money tomorrow or our companies in trouble
you know this is going to be make things much
0:17:33.840,0:17:39.000
more difficult right right no I think you're
correct and that's one of those aspects where
0:17:39.000,0:17:45.680
brainstorming about it in a tabletop can allow a
company to think about what processes or controls
0:17:45.680,0:17:51.080
would they want to put in place before they're
dealing with the time sensitive project so if they
0:17:51.080,0:17:57.120
get to an aspect of and I like your approach and
the recommendations on if you get the email about
0:17:57.120,0:18:03.200
a financial transaction switch over to a different
communication platform and call the reminder or
0:18:03.200,0:18:07.760
the nuan piece of it as the criminals get more
sophisticated is don't call the phone number
0:18:07.760,0:18:11.680
that's in that same email because that's the one
that the criminal put in there that they're going
0:18:11.680,0:18:18.240
to pick up and answer you know jump onto the web
find the main office and number for the company
0:18:18.240,0:18:23.680
that you're involved with and drill down to get
to the person through an independent means so that
0:18:23.680,0:18:29.920
can help to reduce the risk there another protocol
or thought to consider and again this will be
0:18:29.920,0:18:36.400
company specific and risk tolerance specific for
each organ organization is if you've got Financial
0:18:36.400,0:18:41.520
transactions that hit certain thresholds how many
approvals do you need to have in the process to
0:18:41.520,0:18:47.480
make it happen you know for some companies a
$1,000 wire transfer might be a rounding error
0:18:47.480,0:18:51.800
and that may not require three or four people
to stop what they're doing to approve it but for
0:18:51.800,0:18:58.240
a small business it could be significant and on
the flip side if you've got $100,000 or $250,000
0:18:58.240,0:19:05.040
transaction maybe that needs three signatures
and involvements and the cfo's always got to be
0:19:05.040,0:19:10.960
involved with his digital signature on the email
you know companies can gain that out and figure
0:19:10.960,0:19:15.480
out what's going to work for them but it's far
better to run that scenario in advance rather than
0:19:15.480,0:19:21.000
after the fact yeah you know this the idea again
we're talking about vulnerability through human
0:19:21.000,0:19:27.760
beings and how do you change human beings Behavior
to me I think one of the things that's deficient
0:19:27.760,0:19:32.880
in a lot of the training is to tell people you
need to do this this this and this but not give
0:19:32.880,0:19:39.320
them the background of how the Bad actors have
succeeded in the past and how people have been
0:19:39.320,0:19:45.680
actually scammed and tricked and how how they're
able to circumnavigate that is the Bad actors the
0:19:45.680,0:19:51.200
various protections that are put in place because
I think unless you can almost see it from the the
0:19:51.200,0:19:57.480
other side it's not real and it makes you think
that you know here I am like you said I've got to
0:19:57.480,0:20:05.600
take this class I got to check this box but you
don't realize that even a relatively lowlevel or
0:20:05.600,0:20:13.200
you know certainly not someone sitting in the SE
Suite can do something which drastically affects
0:20:13.200,0:20:18.840
the the company's bottom line could actually
be a bet the company disaster and if you give
0:20:18.840,0:20:25.760
real world scenarios like the Deep fake like what
happened here with the SEC it brings it home a lot
0:20:25.760,0:20:30.960
more and I a lot of the trainings I see don't do
that they speak about about the what you should do
0:20:30.960,0:20:36.520
not why you should do it or how other people have
been able to defeat it and building on that point
0:20:36.520,0:20:42.760
companies that do try to tailor their training and
their awareness programs to tangible examples not
0:20:42.760,0:20:48.160
only does it resonate with the employees I have
had conversations with Regulators as we have
0:20:48.160,0:20:54.680
been discussing a data breach disclosure for that
company and we have walk through how the Intruder
0:20:54.680,0:21:00.320
got in how we discovered it what we did in
response and then what we did afterwards you know
0:21:00.320,0:21:07.640
I was pleased to have clients that have been able
to say we took this scenario from June of 20123
0:21:07.640,0:21:14.920
and put it into our October 2023 new fiscal year
training schedule and for some of the Regulators
0:21:14.920,0:21:20.640
for that industry sector they're amazed I think
that's fabulous I grew up in the military Aviation
0:21:20.640,0:21:26.960
Community we were always talking about accidents
and mishaps that had happened recently what the
0:21:26.960,0:21:33.280
root causes were and what we could do to prevent
them that has for the aviation industry been a
0:21:33.280,0:21:38.480
Bedrock of how to develop a safety culture and
I think it works well for developing a security
0:21:38.480,0:21:47.160
culture as well great Point how about the other
human problem which is an Insider who's actually
0:21:47.160,0:21:51.760
decided so you can have all the training in the
world but if you have someone in your organization
0:21:51.760,0:21:58.920
who's got a malign sort of mindset here how much
of a factor is that and what kind of thoughts have
0:21:58.920,0:22:04.720
about dealing with that problem Insider threats
continue to be a significant problem or in a risk
0:22:04.720,0:22:12.120
that companies need to think about and managing
and in part because there are a variety of types
0:22:12.120,0:22:17.720
of Insider threats that you need to account
for you have the malicious Insider which is a
0:22:17.720,0:22:23.520
disgruntled employee that has a bone to pick
with the organization or is they're getting
0:22:23.520,0:22:27.400
ready to leave and they're going to go somewhere
else and they want to take advantage of things
0:22:27.400,0:22:35.240
for competitive reason you're going to have the
negligent Insider that literally just didn't pay
0:22:35.240,0:22:39.200
attention to the training doesn't believe in
any of this stuff has no idea why these things
0:22:39.200,0:22:46.720
are a concern is disengaged from work and is just
careless and then you can have compromised users
0:22:46.720,0:22:51.480
and under the compromised user I would encourage
organizations to think about that as one of your
0:22:51.480,0:22:56.720
employees that you have a duty of care to help and
protect they may be compromised because they're
0:22:56.720,0:23:02.320
under Financial stress they may be exploited
or leveraged you know without even knowing it
0:23:02.320,0:23:07.960
perhaps they had an innocent mistake of using
the same passwords on three different accounts
0:23:07.960,0:23:12.800
one of which is personal that's the one that gets
compromised but the attacker then looks at their
0:23:12.800,0:23:17.160
social media accounts and then says let me try the
same username and password for the work account
0:23:17.160,0:23:23.680
and they get in that way so trying to protect
or encourage people to take those steps can go
0:23:23.680,0:23:31.000
a long way toward addressing the problem there
are technological steps such as user Behavior
0:23:31.000,0:23:37.000
analytics that can be done to figure out and this
sounds conspiratorial or you know Cloak and Dagger
0:23:37.000,0:23:42.880
but the steps do work of as far as figuring
out when are people logging in are they doing
0:23:42.880,0:23:47.640
it during normal business hours or do we have a
couple of employees that are always logging in
0:23:47.640,0:23:53.320
at 10 o'clock at night and downloading a lot of
material those can be some of the cues updating
0:23:53.320,0:23:58.680
privilege and access rights based on a person's
job responsibility not that they're and and think
0:23:58.680,0:24:04.880
about it both ways promotions and demotions as a
person moves up the corporate ladder and gets into
0:24:04.880,0:24:10.800
bigger roles they may not need that admin access
right that they used to have and you can take
0:24:10.800,0:24:16.240
and reduce your attack surface with some of those
administrative and procedural steps I mean from my
0:24:16.240,0:24:20.880
perspective I look at it sort of the same way that
companies should be dealing with whistleblowers
0:24:20.880,0:24:27.480
is if you know your Workforce if you are providing
them with the right sort of cultural opportunities
0:24:27.480,0:24:33.160
to let you know when there's a problem this notion
of signs and you if you're go around government
0:24:33.160,0:24:38.280
buildings all the signs talk about Insider threats
you know it's the rest of the workforce that's
0:24:38.280,0:24:43.600
going to tell you that Jim's a problem he's
disgruntled and I saw him in the office last
0:24:43.600,0:24:48.680
night on he was Green at at 2:00 in the morning
when I couldn't sleep and checked my emails that
0:24:48.680,0:24:54.600
culture of reporting things and having an open way
of communicating with your even your disgruntled
0:24:54.600,0:24:58.880
employees so that they have an opportunity to
talk to you I think is extremely important in
0:24:58.880,0:25:06.000
this context as well no you know you're absolutely
right and coordination between the IT department
0:25:06.000,0:25:11.200
the HR departments to try and have those
protective measures in place so that people know
0:25:11.200,0:25:16.800
that they can get help and support if they need it
but also that the workforce as a whole understands
0:25:16.800,0:25:22.080
that this is not intended to be big brother
looking over the shoulder but there is a benefit
0:25:22.080,0:25:27.360
or a protection of the organization protection of
their employment because you wouldn't want to have
0:25:27.360,0:25:33.560
it bet the company or kill the company event as a
result of someone else absconding with corporate
0:25:33.560,0:25:40.200
data well Eric thank you very much as usual uh
your insight's valuable very helpful and uh we
0:25:40.200,0:25:45.240
appreciate you coming on the show and uh again for
folks who want to look at your bio uh we'll have
0:25:45.240,0:25:51.240
it in the show notes happy to do it thanks great
thanks for joining us on The Justice Insiders we
0:25:51.240,0:25:56.560
hope you enjoyed this episode please go to Apple
podcast or wherever you listen to podcast to
0:25:56.560,0:26:02.960
subscribe rate and review The Justice Insiders
I'm your host Gregg Sofer and until next time be
0:26:02.960,0:26:10.160
well