{"version":1,"type":"rich","provider_name":"Libsyn","provider_url":"https:\/\/www.libsyn.com","height":90,"width":600,"title":"lynsey wolf, conducting insider threat investigations, CASB and UEBA utlization to good use.","description":"         Show Topic Summary (less than 300 words)      Insider threat still exists, Lynsey Wolf talks with us about HR\u2019s role in insider threat, how prevalent investigations are in the post-pandemic work from home environment.      &amp;nbsp;          Questions and potential sub-topics (5 minimum):       What is the difference between insider threat and insider risk?         Motivators of insider threat (not much different than espionage,IMO -bryan)&amp;nbsp; (MICE: Money, Ideology, Compromise, and Ego.)  https:\/\/thestack.technology\/pentagon-leaks-insider-threat-sysadmin\/&amp;nbsp;         75% of all insider threats are being kicked off by HR departments. In short, it's proactive.         \u201cHow did HR figure that out?\u201d How are investigations normally initiated? What tools are they implementing to check users or predicting a disgruntled employee?\u201d UEBA? CASB? Employee surveys that are \u2018anonymous\u2019? Someone who reported others and it was dismissed? What if HR \u2018gets it wrong\u2019 or \u2018it\u2019s a hunt to find people no into \u2018groupthink\u2019 or \u2018not a culture fit\u2019?  https:\/\/www.cbsnews.com\/news\/french-worker-fired-for-not-being-fun-at-work-wins-lawsuit-cubik-responds\/         How can organizations be mindful of how and what data is collected to mitigate risk without affecting employee trust? And who watches the watchers to ensure data is handled responsibly? Are there any privacy guidelines companies need to understand before they implement such a system? (GDPR? CCPA? Privacy notices? Consent to monitoring on login? https:\/\/securiti.ai\/blog\/hr-employee-data-protection\/ )         Are companies causing the thing they are protecting against? (making an insider threat because they\u2019ve become repressive?) (hoping there\u2019s an \u2018everything in moderation idea here\u2026 finding the happy medium between responsible \u2018observability\u2019 and \u2018surveillance\u2019)         Lots of \u2018insider threat\u2019 tools, including from EDR companies. Do companies do a good job of explaining to employees why you need EDR?         Quiet Quitting - latest term for companies to use to describe \u201cemployee has a side gig\u201d. How does this figure into insider threat? Is it assumed that people only have one \u2018thing\u2019 they do, or did the lack of a commute give people more time during the pandemic to diversify?         Solutions for employees? Separate their work and private\/side gig? Learn what their contract states to keep conflicts of interest or your current\/past employer from taking your cool side project\/start-up idea away from you? Solutions for companies?        &amp;nbsp;         Additional information \/ pertinent Links (would you like to know more?):      (contact info for people to reach out later):     https:\/\/www.cisa.gov\/detecting-and-identifying-insider-threats&amp;nbsp;      https:\/\/venturebeat.com\/data-infrastructure\/how-observability-has-changed-in-recent-years-and-whats-coming-next\/&amp;nbsp;      https:\/\/ccdcoe.org\/library\/publications\/insider-threat-detection-study\/&amp;nbsp;      https:\/\/resources.sei.cmu.edu\/asset_files\/TechnicalReport\/2016_005_001_454627.pdf (insider threat ontology)      https:\/\/www.intelligentcio.com\/apac\/2022\/08\/01\/survey-reveals-organizations-see-malicious-insiders-as-a-route-for-ransomware\/&amp;nbsp;      https:\/\/www.helpnetsecurity.com\/2022\/04\/08\/organizations-insider-threats-issue\/&amp;nbsp;     https:\/\/www.fortinet.com\/resources\/cyberglossary\/what-is-ueba&amp;nbsp;      https:\/\/www.gartner.com\/en\/information-technology\/glossary\/cloud-access-security-brokers-casbs&amp;nbsp;     https:\/\/thecyberwire.com\/glossary\/mice      https:\/\/qohash.com\/the-high-price-of-trust-the-true-cost-of-insider-threats\/&amp;nbsp;      https:\/\/abc7chicago.com\/classified-documents-jack-teixeira-air-national-guard-arrest\/13126206\/ (Air National Guardsman accused in military records leak makes 1st court appearance - story still developing as of 16 April 2023)      https:\/\/www.theverge.com\/2020\/8\/4\/21354906\/anthony-levandowski-waymo-uber-lawsuit-sentence-18-months-prison-lawsuit&amp;nbsp;      &amp;nbsp;         Show Points of Contact:      Amanda Berlin: @infosystir @hackershealth&amp;nbsp;      Brian Boettcher: @boettcherpwned      Bryan Brake: @bryanbrake @bryanbrake@mastodon.social      Website: https:\/\/www.brakeingsecurity.com Twitch: https:\/\/twitch.tv\/brakesec&amp;nbsp;      Youtube: https:\/\/youtube.com\/c\/BDSPodcast&amp;nbsp;      ","author_name":"BrakeSec Education Podcast","author_url":"https:\/\/www.youtube.com\/c\/BDSPodcast","html":"<iframe title=\"Libsyn Player\" style=\"border: none\" src=\"\/\/html5-player.libsyn.com\/embed\/episode\/id\/26698317\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/88AA3C\/\" height=\"90\" width=\"600\" scrolling=\"no\"  allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen><\/iframe>","thumbnail_url":"https:\/\/assets.libsyn.com\/secure\/content\/151094364"}