1.1 Introduction to the Insider Threat and Motivating Factors
2 hours 11 minutes
Good afternoon. My name is Ross Competent. I'm gonna be your instructor for this course entitled Insider Threat Essentials. In 75 minutes, we're gonna do exactly that delivered to you the foundational understanding of this subject. In a short amount of time, it's gonna be fast. It's gonna be furious,
but it's gonna be fun.
Let's get started.
So course objectives.
We're gonna start out with the review of what the inside of Threat is, and then we're gonna dig into module war motivating factors. And this is where we're gonna talk about
why people do what they do and then muzzle to We're gonna talk about attack methods, how they do what they do.
Module three, we're gonna talk about real world attacks and take those examples and bring these concepts into the real world and explain what kind of devastation these type of attacks can cause and that they have caused in the real world. And mounds of four. We're gonna talk about
and detection, and this is a in tools and technologies, and this is such an important area, it's gonna be a little bit longer than the others. And then also five, we're gonna talk about policy and process, which is the foundation of your insides right program. And we're also going to talk about the process
the highest level of trust for your employee base and also ensuring that we can lower risk as much as possible so that we can hopefully prevent the insider threat attack.
The insider threat
is similar to the threat
of external hackers, but the perpetrator happens to be
your co worker,
someone you trust someone you work with with in your organization. You don't know who that person is, but they are there.
That's the concept of the inside of a threat. It's elusive. Okay, While many of the cyber security concepts are the same,
the approach is different because the insider
again is on the inside. It's not somebody outside defense that you're trying to keep out. It's one of your own.
They are there with you.
So as singing
with the Edward Snowden incident. It can't be more devastating than a traditional attack,
and we're snowed in. You'll learn about him a little bit later. But he was this contractor who worked for the National Security Agency for the U. S. government and intelligence agency. And he was a like a system administrator jackknife, and he was able to steal, stuns off highly classified top secret
bits of information and take it out on a laptop computer
and get it to a foreign country. He did a devastating attack against that agency, and it shows how powerful and how dangerous these insider threat attacks can be.
It only tastes
a trusted employee who is on the inside
to change their mind,
to become the bad after Intuit execute an attack.
You know the switches on the good side when they're hired. But all I have to do is switch over to the bad, and they are there.
They are exposed to the soft underbelly
of this organization of the network of the systems of the databases. That is the threat in initial.
So let's talk about module one. The motivating factors.
So what drives someone to become the insider threat?
There must be a reason why individuals change their minds
and start to do bad things start to act against the company in the organization who they previously
I had a good relationship with
So human beings are complicated and sometimes conflicted creatures were emotionally wired
creatures. And so
in many cases we could be very volatile. And definitely when it comes to changing our mind and our changing our actions.
So let's review some of the primary reasons why, uh, the threat emerges.
so motivating factors,
some motivating factors include emotional factors, financial gain, espionage, activism. You know, you talk about whistleblowers, and then even accidents can be effect.
Okay, so let's talk about the emotional effect,
Okay? So while on employees may have had unwavering loyalty when they were higher, emotional factors could make them change their minds about anything in their life.
Uh, something that drops on someone emotionally like a ton of bricks can make them changed how they act.
Emotions like anger. Hey, fear, despair,
jealousy can drastically alter decisions that we all make. And it's You can see it in your everyday life with your teenagers, with your spouse, with people that are co workers on. Human beings
are wired to be emotional,
and so there's a lot of factors that could be involved with our emotions that can make us change how yak change our behavior and definitely change our behavior. in the scenario of the insider threat. And this, uh, can drive us to do things
that we would not normally do.
So if you are all of a sudden desperate to get money and you don't care how you do it, it is so important that you reach that goal of getting that money for whatever that desperate reason.
Um, you will do things differently
then you would have before.
That is an example of how emotions can just take control of a human being and and drive them to do things differently.
Okay, so we talked about how the emotions can be tied to the need to kid money.
So financial gain is definitely a driving factor when it comes to doing anything that we do as human beings. Most of us work to get money to be ableto live, while some people resort to doing nefarious things to get money so they can live.
Or for whatever reason, maybe it's for selfish reasons, et cetera,
but for whatever that reason is, financial gain is a definitely a very strong driving factor on So, like it says there that says they say money is the root of all evil,
and it's definitely important. An important driving factor for the insider threat,
for whatever the reason is, if maybe there's some, some outside source was trying to convince you to do something that you wouldn't normally do.
Money can be
the factor for you to change your behavior and change what you do.
Now let's talk about espionage. So espionage kind of conjures images of James Bond
or Mission Impossible things like that as far as movies go.
So there are two kinds of espionage that we're talking about here for the insider threat and their nation, state espionage and industrial espionage. Okay,
in nation state espionage,
that is a
organizing, planning and funding and effort against another country.
Okay, that is a nation state espionage and then an industrial espionage. It's essentially the same thing, except instead of a country, it is a company or an organization doing something, doing the effort against another company boring in the organization.
activism. Activism could be a driving factor on, and activists is one who is driven by an ideal, for instance, a religious or political view
and can be a very strong factor.
because the individual
that the goal
of the activism
is much more important than any ramifications that can be fall. The individual Okay, so that is activism.
Let's talk about the whistle blower.
The whistle blower concept is
an individual in an organization who observes something
that is wrong. They feel maybe they feel it's morally wrong.
Or maybe is a It's breaking the law or breaking the company policy. They are compelled
to turn that in to turn the individual in and to telling them to blow the whistle on them. Okay, so that's the concept
of the whistleblower.
whether the individual is doing the right thing can be, um uh,
and if he scenario or in So, for instance, the individual may think they're doing the right thing.
But the company may not think so, doing the right thing.
So there may be a legal battle there, so But however it works, it is an individual who believes that something wrong is happening and they want to tell the truth. They want to expose it.
So let's talk about accidents. Accidents, believe it or not, are a very big threat when it comes to the insider threat and While accidents obviously aren't done on purpose, they could still result in devastation
just like any other insider she do. So that's why it's in,
uh, in this course, because it's very important. Okay, the results the same, whether it's on purpose or whether it's not. If the result is devastating,
it's still devastating. It's still done by an insider, so you have to look at it as an insider threat. Okay, so this is an example of the American national security adviser who accidentally exposed something that some classified notes that he had put on a notebook right before the press conference.
so that is an example of a insider threat. Uh, another example, uh, can be seen was a scenario where a Sony Employees was was preparing to post a movie trailer for a multi $1,000,000 unreleased movie to YouTube.
They posted the trailer. Unfortunately, it was that acid him. They accidentally posted the real movie instead of the trailer. And so, you know, you know, countless thousands of people out there got to see the movie before it was actually released, probably costing millions and millions of dollars of damage.
And so that is also an example.
Oven acid. How an accident can be
Okay, this is a knowledge check. This kind of Ah, wait for us to try to quiz you and see how you how you're doing may be for you to observe how you're doing. So I'll read the question and I'll read the answers and then I'll show the answer.
Okay, So a blank insider is one who is driven by an ideal,
for instance, a religious or political view.
The two kinds of motivating factors related to espionage our nation, state espionage and blank espionage
the six instead of threat. Motivating factors include all of the following except
See financial gain,