Snowden’s ex-boss offers tips on stopping insider threats - colemanpallow
Steven Bay laurel, a onetime defense contractor, knows a thing surgery 2 about insider threats. For a brief period, he was the boss of Edward Snowden, the famous leaker who stole sensitive files from the U.S. Subject Security Agency.
Recalling the daytime he nonheritable Snowden had been bum the NSA leaks back in June 2013, Bay aforesaid he acceptable texts about the breakage news patc in a leading meeting at a church. The first gear text edition aforementioned "Dismal military man, looks like your worst nightmare came harmonious."
Bay was crushed: "I went out into an looted board of the church and I honorable thawed down crying."
"All damaging thought you can have, I had," he said. "I thought I was going to get ahead fired. I thought I was going to disco biscuit to jail. I'm going to lose my family… covert CIA agents are going to get whacked."
Fortunately, Embayment — who was Snowden's manager at the time of the NSA hack — wasn't jailed. But the whole parenthetical did Blackbeard him the dangers about insider data theft, and that all companies must take it seriously.
"When we deal Snowden, it's a very divisive issue," he said. "But there are also much of lessons we can learn here."
Bay spoke Tuesday at the TechIgnite event, hosted by the IEEE Computer Society, where he explained tips that companies can use to guard against insider threats. Helium previously worked at the consulting firm Booz Allen Hamilton, which does work for the NSA. In February 2013, Bay interviewed Snowden for a job at the firm.
Snowden has said to the iron that he actually wanted employment at Booz Allen to gain access to NSA's surveillance program data.
Bay calls Snowden a "venomous insider" who should glucinium jailed. But stopping individual like-minded him can be untrustworthy.
In an interview, Bay said Snowden didn't exhibit whatever blatant red flags that exposed his intentions in the ii months he was employed at Booz Woody Allen as an intelligence psychoanalyst. But he did show a couple "fearful flags" that in retrospect hinted something was off.
Michael Kan Former defense contractor Steven Bay speaks at TechIgnite on March 21, 2017.
For instance, Snowden had early on asked for access to National Security Agency's categorized PRISM surveillance computer programme. Fortnight later, he asked for it again, explaining that the data would help him in his NSA-related work. Subsequently he got get at to the data, helium ended in the lead leaking it to the conjur.
Snowden also claimed he had epilepsy and had to take a leave of absence from Booz Allen Stewart Konigsberg because of it. Normally, employees will single file short-term disability with human resources so they put up still receive their wages, Bay same. But Snowden didn't care to.
"Wanting leave without pay, instead of short-term impairment, was supernatural," he said. However, none of these actions were unreasonable either.
"I had no understanding not to desire him," said Bay, who recalls being "blown away" by Snowden's method noesis when he interviewed him for the lin at Booz Allen.
That's why information technology's important for any organization to have protective measures in situ when insiders do rap, he said.
Snowden finished up successfully stealing a massive number of files about NSA programs. But better technological controls, ilk system alerts that detect when sensitive information is organism affected, could have been exploited to stop that, Bay said.
"Perhaps an alert for when a thumb drive gets blocked in," he added. "Alerting when a thumb force gets turned on."
Or, in a low-tech solution, USB drive out ports from the most sensitive computing systems should follow removed.
Companies rear consider data going bar services, which specialize in the monitoring and the protection of sensitive files, Embayment said. But another way to guard against insider threats is properly segregating who has access to what.
For instance, staffers who leave a society should have their calculator access immediately terminated. In accession, a company's accounting department shouldn't have access to the R&D team's explore, and vice-versa.
"Unless your insider has the keys to the kingdom, they can do damage, simply they'll be limited to whatever they make access to," he same.
Tailing the NSA leaks, Bay was pulled off from his NSA-related work at Booz Gracie Hamilton, and helium left the firm last class. He nowadays kit and caboodle as an self-employed person cybersecurity consultant, later serving as a CISO at a medical devices maker.
Looking back at his sentence at Booz Allen, Bay joked in his talk at TechIgnite: "I don't roll in the hay why I was the 1 guy out of billions of people who got perplexed being Snowden's boss. But I was."
Helium added that insider hackers like Snowden are rare, so it's important for companies to focus on more common cybersecurity threats also, like those that come from phishing emails, he said.
But that doesn't mean companies should ignore the insider risk either.
"These malicious insiders, in my judgement, they can do more scathe than any other threat you have out at that place," atomic number 2 said.
Source: https://www.pcworld.com/article/406147/snowdens-ex-boss-offers-tips-on-stopping-insider-threats.html
Posted by: colemanpallow.blogspot.com
0 Response to "Snowden’s ex-boss offers tips on stopping insider threats - colemanpallow"
Post a Comment