Guest post by Mariam Elgabry, MRes Security and Cyber Crime at University College London and Microsoft Student Partner

 .

The insider threat

As a part of the Seminar Series run by the University College London Security and Crime Science Department,

The Microsoft Student Partners invited a Microsoft Security expert to spook us a little with the reality of the “insider” Threat in the cyber space.

The common association we have when thinking of cyber security is predominantly focused on how to protect ourselves from external threat actors, heavily investing on heightening our “walls” against ”outsiders”. Rarely do we think about what threats already exist within our own “fences”. Our invited guest speaker explored how internal people, processes and technology can equally, if not more so, become a challenging threat to security given the opportunity.

Phil Winstantley, a Cyber consultant at Microsoft who works to keep their customers safe and secure, has worked across many sectors from the high threat club of Defence and National Security through to National Critical Infrastructure and into the Finance and Media space. Outside of his day job, Phil is a Special Officer with the UK National Crime Agency (NCA) where he works on disrupting serious and organized crime.

Cyber Crime

He began by making us think about examples of different types of cyber thieves and their motives, making it clear that it will be an interactive talk and that we’re quickly going to have to change our mindset: being vulnerable against a threat isn’t just possible but probable. We began to list incentives ranging from financial gain and personal data, all the way up to national critical structures and intelligence.

Phil outlined the main personas that often constitute the ideal internal threat actor: one that has some type of privileged access, one that has third party admittance or one that has been a previous employee. We chuckled to his example of IT Support being the “perfect” insider threat as it has both the opportunity and excuse to access data (any data) that can be in turn maliciously used. “Black shadow” access may be the only data that IT Support might not be able to get their hands on as it is usually constructed by third parties in forms of Facebook groups or twitter profiles. This lack of control however can also lead to the loss of admin monitoring. By far the most complex scenarios Phil admitted were the cases that involved an emotional drive, in other words the deep dark side of feelings, particularly that of revenge! A previous employee with such devise can quite rapidly cause huge damage. Described as the most challenging to fight against as it is non-technical, illogical and revolves around people, process or morale – which can be chaotic!

Paranoia

Despite the progression of a sense of paranoia in the room, Phil concluded his tech talk with a much brighter message. A set of statistics he displayed were quite surprising, revealing that most of the insider threat incidents usually originate from - simple but stinging - employee neglect. Moving closer to a less vulnerable structure, Phil and his current work with Microsoft focuses on promoting awareness through education. They aim to make people and businesses more mindful of ways to decrease the “attack surface” of internal threat actors by lessening their privelage space and minimizing access to data and systems for a strictly need-to-know basis. He mentioned the “just in time access” technique, that only momentarily allows access to employees of data outside their usual job description, is one way of preventing a large chunk of common insider threats we face today.

Q&A

Opening up to a Q&A session, Phil was bombarded with career-oriented questions. He gave excellent advise on how to pursue a career within cyber space. He spoke about how important it is to build your own profile through independent research and outreach. He explained how important it is to embrace ”your inner geek” as it is this quality that drives the best work forward and it is this quality that employers are looking for.

Overall it was great to see the gender distribution of the room, with a larger number of girls! Especially with international women’s day just celebrated a few days prior!

Resources

https://www.microsoft.com/en-gb/security/default.aspx

https://docs.microsoft.com/en-us/azure/security/azure-security-cyber-services