Sign up to save your podcasts
Or
Share Episode 361 - Insider Threats and Corporate Data exfiltration
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 361 - Insider Threats and Corporate Data exfiltration
Jane Lo, Singapore Correspondent speaks with Dagmawi Mulugeta, Threat researcher with Netskope Threat Labs.
Dagmawi has his OSCP and has previously worked at Cyrisk (a subsidiary of 4A Security), Sift Security (acquired by Netskope), and ECFMG as a researcher, security engineer, and developer. He has innate interests in public CTFs, exploit development, and abuse of cloud apps.
He has his MSc in Cybersecurity from Drexel University.
In this interview, Dagmawi shared the behavioural insights found for employees preparing to leave, and how these indicators could enable organizations to protect their data more effectively.
He noted the concern that many organisations have with “flight risk” users – that is, employees that are getting ready to leave – taking corporate data with them.
A common question to address this concern, is how to efficiently identify such risks - without sifting through hundreds of alerts and spending hundreds of man-hours.
Dagmawi shared how they approached this problem by analysing anonymized data of over 4 million users from more than 200 different organizations worldwide., and some interesting key revelations:
(i) 15% of leavers used personal cloud apps (e.g. Google drive, Gmail) to take data with them
(ii) 2% were violating corporate policy (exfiltrating sensitive corporate information)
(iii) majority of the data movement happens 50 days before leaving.
Dagmawi highlighted how they identified three key signals to filter out alerts with potential flight risks:
a) volume – identifying whether the data being moved is anomalous for the individual in the organisation
b) nature of data – whether the data being moved is sensitive
c) direction – whether the cloud application is outside of the organisation’s management (e.g. google drive).
Wrapping up, Dagmawi recommended that encoding the three signals into the detection systems could help reduce the size for reviews by 43x – that is, for every 50 alerts, the signals could help to filter out the 1 or 2 concerning ones.
Recorded 11th May 2023, 3.30pm, Black Hat Asia 2023, Singapore Marina Bay Sands.
#bhasia
#mysecuritytv
#insiderthreat
View all episodes
By MySecurity Media
3.9
1919 ratings
Jane Lo, Singapore Correspondent speaks with Dagmawi Mulugeta, Threat researcher with Netskope Threat Labs.
Dagmawi has his OSCP and has previously worked at Cyrisk (a subsidiary of 4A Security), Sift Security (acquired by Netskope), and ECFMG as a researcher, security engineer, and developer. He has innate interests in public CTFs, exploit development, and abuse of cloud apps.
He has his MSc in Cybersecurity from Drexel University.
In this interview, Dagmawi shared the behavioural insights found for employees preparing to leave, and how these indicators could enable organizations to protect their data more effectively.
He noted the concern that many organisations have with “flight risk” users – that is, employees that are getting ready to leave – taking corporate data with them.
A common question to address this concern, is how to efficiently identify such risks - without sifting through hundreds of alerts and spending hundreds of man-hours.
Dagmawi shared how they approached this problem by analysing anonymized data of over 4 million users from more than 200 different organizations worldwide., and some interesting key revelations:
(i) 15% of leavers used personal cloud apps (e.g. Google drive, Gmail) to take data with them
(ii) 2% were violating corporate policy (exfiltrating sensitive corporate information)
(iii) majority of the data movement happens 50 days before leaving.
Dagmawi highlighted how they identified three key signals to filter out alerts with potential flight risks:
a) volume – identifying whether the data being moved is anomalous for the individual in the organisation
b) nature of data – whether the data being moved is sensitive
c) direction – whether the cloud application is outside of the organisation’s management (e.g. google drive).
Wrapping up, Dagmawi recommended that encoding the three signals into the detection systems could help reduce the size for reviews by 43x – that is, for every 50 alerts, the signals could help to filter out the 1 or 2 concerning ones.
Recorded 11th May 2023, 3.30pm, Black Hat Asia 2023, Singapore Marina Bay Sands.
#bhasia
#mysecuritytv
#insiderthreat
More shows like Cyber Security Weekly Podcast
View all
Security Now (Audio)
1,983 Listeners
Risky Business
365 Listeners
Future Tense
73 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Politics Now
104 Listeners
Smashing Security
312 Listeners
Click Here
415 Listeners
Darknet Diaries
7,913 Listeners
Cybersecurity Today
166 Listeners
If You're Listening
314 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
A Bit of Optimism
2,190 Listeners
Cyber Security Headlines
127 Listeners
The TED AI Show
46 Listeners