Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎11-06-2019 09:25 PM
‎11-06-2019 09:25 PM

A security company, even they are prone to human behaviour

Interesting that even Trendmicro were subject of an internal human behaviour issue - potentially 12 million people within the database.   Potentially another GDPR or privacy prosecution in the making.

 

https://www.itnews.com.au/news/trend-micro-employee-sold-user-data-to-tech-support-scammers-533573?e...

 

Regards

 

Caute_cautim

Reply
7 Replies
Steve-Wilme
Advocate II
‎11-07-2019 04:09 AM
‎11-07-2019 04:09 AM

There are relatively few ways to control for rogue insiders 100% effectively.

 

A staffer with properly authorised access to data can often take it to sell on.  The case of Morrison's in the UK is a case in point, in which the employer is being judged to be vicariously liable for the breach.  And for those that suggest DLP is a solution, I've come across staff taking photos of screens, printing out materials and writing details on post it notes.  You can do you're background checks, ban smartphones, implement DLP, lockdown  removable media, implement VDI and disable cut and paste, install CCTV, closely supervise staff and conduct random physical searches.  And still they'll be a residual risk if the data can be monetised.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
mgorman
Contributor II
‎11-07-2019 06:13 AM
‎11-07-2019 06:13 AM

I agree, this is much like privileged access of all kinds.  The risk is always there, and you have to use the fear of getting caught as a mitigating control.  All the controls you mentioned, CCTV, etc. need to be VERY visible, and if anyone is caught, it needs to be as public as possible, within the relevant privacy laws and policies, of course.  But if everyone knows that John spent 60 days in jail and was fined $10K for selling PII, they are less likely to do it.  If everyone is quiet about what happened (Not just what COULD happen, but what DID), then it is far more likely to happen again.

Reply
0 Kudos
denbesten
Community Champion
‎11-07-2019 07:32 AM
‎11-07-2019 07:32 AM

@mgorman wrote:

...controls... need to be VERY visible,

The thing about visible controls (including public executions) is that they also enable the adversary learn how to bypass your controls.

 

If you ever have the chance to visit Israel, you might contrast their approach to airport security vs the TSA/USA approach.  Their focus is geared towards multiple subtle control points, rather than a single "castle wall" that the adversary can surveil for weakness.  

 

 

Reply
rslade
Influencer II
‎11-07-2019 01:33 PM
‎11-07-2019 01:33 PM

> Caute_cautim (Community Champion) posted a new topic in Industry News on

> Interesting that even Trendmicro were subject of an internal human behaviour
> issue - potentially 12 million people within the database.   Potentially another
> GDPR or privacy prosecution in the making.  

Good point, but I wish you'd used a better example. Trend Micro has *never*
been my idea of a security exemplar: I have examples of bad behaviour from them
going back to the earliest days of AV research ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Never regret. If it's good, it's wonderful. If it's bad, it's
experience. - Victoria Holt
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
Caute_cautim
Community Champion
‎11-07-2019 02:53 PM
‎11-07-2019 02:53 PM

@rsladeI think both myself and the community would be very interested in some additional examples and links, if possible?

 

Thank you

 

Regards

 

Caute_cautim

Reply
0 Kudos
rslade
Influencer II
‎11-08-2019 04:49 AM
‎11-08-2019 04:49 AM

> Caute_cautim (Community Champion) mentioned you in a post! Join the conversation

> @rsladeI think both myself and the community would be very interested in some
> additional examples and links, if possible?   Thank you   Regards   Caute_cautim

Well, one of my first *formal* contacts with them ...

http://victoria.tc.ca/int-grps/books/techrev/pccill2n.rvw

Of course, even at that time they were responsible for one of the first "false"
viruses ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
There is no conversation more boring than the one where everybody
agrees. - Michel de Montaigne
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
Caute_cautim
Community Champion
‎11-08-2019 10:10 PM
‎11-08-2019 10:10 PM

It appears more is coming out, with even Twitter having similar problems:

 

https://www.darkreading.com/attacks-breaches/twitter-and-trend-micro-fall-victim-to-malicious-inside...

 

Regards

 

Caute_cautim

Reply
0 Kudos