Episode 5 - Understanding the Insider Threat

Episode 5 of the podcast focuses on understanding the nuances around insider threat scenarios and features Gabe Ramsey, Partner @ Crowell & Moring.

• Intro (00:18)
• Question 1 (00:56) – Thinking about the team that comes together in an insider threat investigation, what does that look like? Both internal and 3rd parties.
• Question 2 (01:50) - Are there any common trends that you see with companies that are successful in investigating and, from your angle, bringing litigation against an insider threat?
• Question 3 (02:39) - Insider threat, its a very multi-dimensional problem, but all of the effort leads to some kind of legal action or outcome. From your perspective, what is the main network informational gap that you face in trying to prove the actions or intent of an insider?
• Question 4 (04:21) - I've spoken with CISO's specifically on data collection surrounding insider threat, and it seems that there is a general lack of comfort with the total degree of valuable information gathering that can be done within the scope of the law, largely because it seems invasive to the individual. That said with an insider threat situation, you are often trying to prove something that falls more in the realm of human activity, than pure network activity. What are some of the tools you recommend clients use to collect the necessary information to be able to make the right assertion about an individual suspected of being an insider threat, and how do you help them navigate this often-uncomfortable situation?
• Question 5 (07:28) - I've heard people talk about larger, more sophisticated companies allowing technical threats to dwell on specific systems so they can learn more about their motives through the actions they observe on the network, and with insider threat, I can imagine that there is a range of appropriate responses, from immediate separation to levels of overt or covert observation of the individual; from your perspective what does that look like, and what triggers lead to different actions, and what are the actions that companies end up taking?
• Recap & Key Takeaways (10:19)