topic Re: A security company, even they are prone to human behaviour in Industry News

A security company, even they are prone to human behaviour

Caute_cautim — Thu, 07 Nov 2019 02:25:07 GMT

Interesting that even Trendmicro were subject of an internal human behaviour issue - potentially 12 million people within the database. Potentially another GDPR or privacy prosecution in the making.

https://www.itnews.com.au/news/trend-micro-employee-sold-user-data-to-tech-support-scammers-533573?eid=3&edate=20191107&utm_source=20191107_PM&utm_medium=newsletter&utm_campaign=daily_newsletter

Regards

Caute_cautim

Re: A security company, even they are prone to human behaviour

Steve-Wilme — Thu, 07 Nov 2019 09:09:00 GMT

There are relatively few ways to control for rogue insiders 100% effectively.

A staffer with properly authorised access to data can often take it to sell on. The case of Morrison's in the UK is a case in point, in which the employer is being judged to be vicariously liable for the breach. And for those that suggest DLP is a solution, I've come across staff taking photos of screens, printing out materials and writing details on post it notes. You can do you're background checks, ban smartphones, implement DLP, lockdown removable media, implement VDI and disable cut and paste, install CCTV, closely supervise staff and conduct random physical searches. And still they'll be a residual risk if the data can be monetised.

Re: A security company, even they are prone to human behaviour

mgorman — Thu, 07 Nov 2019 11:13:48 GMT

I agree, this is much like privileged access of all kinds. The risk is always there, and you have to use the fear of getting caught as a mitigating control. All the controls you mentioned, CCTV, etc. need to be VERY visible, and if anyone is caught, it needs to be as public as possible, within the relevant privacy laws and policies, of course. But if everyone knows that John spent 60 days in jail and was fined $10K for selling PII, they are less likely to do it. If everyone is quiet about what happened (Not just what COULD happen, but what DID), then it is far more likely to happen again.

Re: A security company, even they are prone to human behaviour

denbesten — Thu, 07 Nov 2019 16:36:28 GMT

@mgorman wrote:
...controls... need to be VERY visible,

The thing about visible controls (including public executions) is that they also enable the adversary learn how to bypass your controls.

If you ever have the chance to visit Israel, you might contrast their approach to airport security vs the TSA/USA approach. Their focus is geared towards multiple subtle control points, rather than a single "castle wall" that the adversary can surveil for weakness.

Re: A security company, even they are prone to human behaviour

rslade — Thu, 07 Nov 2019 18:33:39 GMT

> Caute_cautim (Community Champion) posted a new topic in Industry News on

> Interesting that even Trendmicro were subject of an internal human behaviour
> issue - potentially 12 million people within the database. Potentially another
> GDPR or privacy prosecution in the making.

Good point, but I wish you'd used a better example. Trend Micro has *never*
been my idea of a security exemplar: I have examples of bad behaviour from them
going back to the earliest days of AV research ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Never regret. If it's good, it's wonderful. If it's bad, it's
experience. - Victoria Holt
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Re: A security company, even they are prone to human behaviour

Caute_cautim — Thu, 07 Nov 2019 19:53:37 GMT

@rsladeI think both myself and the community would be very interested in some additional examples and links, if possible?

Thank you

Regards

Caute_cautim

Re: A security company, even they are prone to human behaviour

rslade — Fri, 08 Nov 2019 09:49:39 GMT

> Caute_cautim (Community Champion) mentioned you in a post! Join the conversation

> @rsladeI think both myself and the community would be very interested in some
> additional examples and links, if possible? Thank you Regards Caute_cautim

Well, one of my first *formal* contacts with them ...

http://victoria.tc.ca/int-grps/books/techrev/pccill2n.rvw

Of course, even at that time they were responsible for one of the first "false"
viruses ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
There is no conversation more boring than the one where everybody
agrees. - Michel de Montaigne
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Re: A security company, even they are prone to human behaviour

Caute_cautim — Sat, 09 Nov 2019 03:10:46 GMT

It appears more is coming out, with even Twitter having similar problems:

https://www.darkreading.com/attacks-breaches/twitter-and-trend-micro-fall-victim-to-malicious-insiders/d/d-id/1336301?_mc=NL_DR_EDT_DR_daily_20191108&cid=NL_DR_EDT_DR_daily_20191108&elq_mid=94014&elq_cid=23392365

Regards

Caute_cautim