
Understanding Insider Threats in Cybersecurity with Eran Barak Join host Jim Love as he discusses the critical issue of insider threats in cybersecurity with Eran Barak, CEO of MIND, a data security firm. In this episode, they explore the various...
Loading summary
Jim Love
Welcome to Cybersecurity today on the weekend. My guest today is Iran Barak. He's the CEO of data security firm Mind. And we're going to talk about insider threats. Now we accept that most threats are insider threats if something's done by somebody or not done by somebody and it leads to an infiltration. But most of these are innocent or at least not intentional. They might be foolish or things that where people should know better but in the end they didn't think they were going to cause any damage and that's what's behind it all. But there is a more insidious intentional set of actors who represent a threat to companies and that's a wide range of different situations. And for some what they're doing may seem like an innocent act. The proverbial salesperson who takes the client list. But there are even more insidious actors. People steal company secrets all the way up to nation state actors who infiltrate a company. And that's what we want to talk about today. Your hand. Welcome first of all to the program.
Iran Barak
Thank you so much. Thank you Jim for having me. And it's very close to my this subject we are talking about. So would love to share our knowledge.
Jim Love
Why I want to join the program. I gave him a sort of a broad brush in there. What if you were describing the types of insider threats, how would you describe them?
Iran Barak
Yeah, I think you nailed it. There are many insider threats. We, we call them sometimes insider lazy and users who basically leaking I do like that quote to quote data just to make their work day to day more convenient. But they don't actually understand the risk that associate with this kind of activities. And then there are other kind of users that as you said yourself now if this guy leaving my job and moving to another company, I might want to take my Rolodex and all my contacts with me to my net job. And this also create a risk and obviously it's part of the company's ip. And the last thing which you mentioned as well, this is more the non innocent intentional kind of insider threat where you really want to leak data outside the company.
Jim Love
And so how do you watch for these insider threats?
Iran Barak
Yeah, so what we do here at mine and the reason how did mine basically to protect sensitive data there is area today called data loss prevention. It's basically tools that are deployed in order to prevent this data leak. So basically imagine that you are able to monitor each and every data who has access to that, who is downloaded, who is basically moving it inside the company, outside the company. And Then also add the protection layer where you can really block this user from doing that. There are many solutions out there that can give you this visibility. The problem with them is the after the fact. And so I can tell you this data was leaked and I can tell you by who or the move. But the data already moved.
Jim Love
But he's in North Korea now.
Iran Barak
It should not kill. Exactly. But if you are able to block it in real time, then obviously you can reduce a lot of risk.
Jim Love
So in, in doing this you've encountered a lot of different scenarios. Tell me about a couple of them. What are the ones that, that most haunt you or at least should be most worrying these days?
Iran Barak
Yeah, I think you talk about, you talked about North Korea. I think the effect post Covid that we've seen more and more especially here in the US by the way, I'm originally Israel but in the US the remote work became more dominant. Now we see maybe some more big companies are calling their employees to come back but still it's not the norm. The norm still of walking remote. And then you see these subcontractors and that are basically walking remote and they can fake their identity. You never know who is on the other side. In fact you can and we heard it by the way firsthand for some workers that interviewed for some admin kind of position where you have access to all the companies it and basically this creates a risk from these companies because if you don't have him internally in your company, you don't see the guy. Then you basically give your keys to all your crown jewels sometimes. And we heard about the North Korea scheme that you know that now just these days in the news where North Korea employees are basically being an it in many U.S. companies.
Jim Love
Yeah. And I, I don't know what the numbers are. I don't know if you have a better sense of what they are. I know anecdotally because we do stories on it that there have been significant companies that have been fooled and have hired people into it. There have been at least two farms that I know of in the US that were broken up where people were actually American citizens were actually enabling these people by providing workstations and IP addresses in the US So we know that there's been quite a few of them. I've heard people say everything from your probably your company's if you have remote work, you probably you've got one in your company already.
Iran Barak
Yeah, I don't have the actual numbers as you said. So what I read like yourself on the news, but I can Tell you that from what we've seen in mind, you can definitely see I told you, you talked about these IT workers. But sometimes you hire people, for example, to manage your salesforce as an example, it's a CRM system. And then you basically give someone all the secrets just for this platform. And basically he could do whatever he wants and have access to all your customers and basically leak data around that.
Jim Love
It's something that new that came out of this conversation. For me, there are all kinds of roles where people could have all kinds of access. Which brings us back to this whole idea of understanding who has access to what and why, which I think is probably one of the things we should always be thinking about. I was a big believer in saying if you're granting permissions, why do the people need them? What do they do with them? And when do they not need them? Because that's the other thing that happens is. And this, you could have roles that. That. Now you got me scared. But you think about it, somebody will come into a role, they'll be that person. They'll have all kinds of access. Nobody will ever check on it again. The next person we hire into that role, we duplicate their access. They may not need it anymore. It may not even be part of the job anymore. But unless somebody's actually going through and saying you need the least possible access, why do you need this? Why do you need this? That you're going to replicate that. How do I know this? I used to run a security department way back in the old days and we built model profiles. It's easier. Got this type of job you need, you get this type of access. Get out of my office.
Iran Barak
Exactly. That's true. And this is. Go back to what I mentioned, insider lazy. Right. And it can come in a different. Like you mentioned, Rick, right now, in a different shape and form. You said you wanted to make things more efficiently and you just create these profiles and in one, two clicks you basically create a new profile for a new employee. And here you go. But as you said, maybe it's not necessarily need all these access. One of the things that we are doing here at mine is, is we start with obviously what calls today the market posture with the visibility better. Basically we integrate to all these data sources that you have where sensitive data lies. And then we are able to tell you who has access to what, where the data is and what kind of data. Right. And more than that, and what I mentioned before, because we have this protection layer as well where really we really monitor and block any data Moving and. Or any data movement. Yes. So basically in the end of the day, what do you want is to be able to know where your data is and who has access to that 24, 7. And basically able to monitor it in a way that you can really restrict who has access to what in real time. And by that you reduce the risk that you just mentioned. And you know, and as you said, if you already grant access to someone, you want to make sure there is explanation around it and why it needs that, then basically give it as a temporary access. Right. Because you don't need it all the time.
Jim Love
So we have the North Korean infiltrators. There's also another story that came out this week and you think about it, and that's that the people who may have what they think is good intent. Mark Zuckerberg fired 20 people this week because he said that they had leaked information either about meetings or policies. And presumably because they thought, if I get that out into the open, then people will spot this and maybe our company will do the right thing. Hard, hard to fault them, but probably not the thing that you want happening.
Iran Barak
In your company, especially these days, where again, going back to a remote work, right. And you create these dynamics where you call a break to come back. Many of them might leave. You may cut some employees. So then as we mentioned at the beginning, you need to watch carefully about these employees because they gonna take data with them that for you as a company, as an owner of a company, it's sensitive data, right. But they won't ask permission from you, most likely. So you want to be able to first monitor that and second block that. The best way to do that is obviously if you know in advance that you're gonna cut these employees. So you already put it in your systems that protect your data and be able to monitor that and then flag it if needed.
Jim Love
Are there specific signs that people should watch for to be proactive about this?
Iran Barak
Yeah, I think if you put the right threshold, you can look about the amount of data that is being downloaded as an example or uploaded. Depends from which side of the house you look at that. This is one area where you can basically understand that something is wrong. And I would say is the one of the critical sides even, right. If you see someone uploading or downloading more than the normal amount of data, then there is lag hours of work. Right. Today we have access to our companies from everywhere, anytime advantage. But disadvantage at the same time that we talked, if somebody's now logging in in weird hours. So ask yourself why? And monitor that as well.
Jim Love
Although I'm not sure that's as good a trigger as it once was. People work long in different hours these days, but there are occasions I think that we don't. Where we don't think about it is and I don't know whether how well systems are set up to track it. And that is I know that I have access to that data. The question I'm asking is why would you want to be touching that data? That's a difficult thing for a. For an IT system to spot.
Iran Barak
Yeah, that's true, that's true. It's a more complex and hence I think you need more Titan policy around this sensitive data. So you write about that, that someone has an access to that. The fact that he's downloading or uploading not necessarily means he's doing something malicious. But again, if this is filling the company's parameter, that's fine. But if your policies around this data going outside your company, which can easily be done, imagine if you upload now yourself the data to your own poke account or Gmail account. Right. So then this is where you need to kick in some protection controls.
Jim Love
Yeah, yeah. And of course in recent news, I don't think we could escape the idea of right now there's. I don't know if they're 10 or 20 kids and they are kids, 20 to 24, crawling around the American government downloading data and having access to some of the most sensitive data in the world. I my opinion. But all of those kids are compromised by now. And you're from Israel, from a country with a highly professional security group. There's nothing. I cannot believe that North Korea, Israel maybe others, probably China, Russia, have all pounced on these kids. And if they've made, if they've made a single mistake, they're hacked. How do you deal? Now that's an extreme, but people are targeted all the time. There was a case even in my neck of the woods where someone was the girlfriend of a biker and working in the police department. This happens all the time where people are compromised. How do you. How did. What. What's your advice for people in. In trying to deal with that?
Iran Barak
Listen, this is, it's. I always say it's missiles, right? You first develop the model and then you come with a defense. Right. So you always behind as a defender. You always need to assume, as you just said, and I agree with you, you'll be knocked and things will get leaked. And I guess you need to do the best you can on the physical and Virtual side when it comes to security to, to protect that. There is no any silver bullet when it comes to that, unfortunately. Otherwise you and I won't be here on this call. If we had silver bullet.
Jim Love
Yeah. I've always said that if, if all software and all processes worked well in cybersecurity, I would not have a podcast.
Iran Barak
Yeah, exactly, exactly. Completely agree with you. Yes. So I guess it start from a good process when you scan and hire people. Right. And then even if they do have access, so you also give the minimum access possible. Meaning that as you said yourself, even if you now hire a new employee, you don't just replicate the profile you really tailor made especially to it or some high level employees with more access, they really have access to what they need. And I would argue that maybe from hiring perspective, you never want to give keys to the audio crown jewels to one person. You always want to distribute that so you can manage the risk when it comes to losing data ip.
Jim Love
Yeah. Yeah. One of the things that I've been saying and I don't know other falls into the technical piece of this is there was a time when employees were loyal. I know because I've been around long enough to have worked through it. There were times when we took care of the company's information. I don't know if that loyalty still exists anymore and probably for good reason. If you're dispensable, then why would you.
Iran Barak
If you talk with AI. Right.
Jim Love
Yeah.
Iran Barak
No, that's. That's right. I didn't think about that way. But I think you're right. And one thing we've seen and it's. It's more old news but during COVID because everyone worked remotely, I heard new were employees basically all for few companies at the same time.
Jim Love
I've actually this happened. It took me some time to figure out why this person was not reachable at certain times.
Iran Barak
Correct.
Jim Love
And was not. And it was just they. They couldn't turn around the work. And my, one of my, one of my, my cohorts at work said they have two jobs.
Iran Barak
Yeah. @ least.
Jim Love
No way. You know. Yeah. And as long as they're not working for a competitor at the same time, that'd be.
Iran Barak
Yeah. And it's hard to say, but yeah, I agree with you. I think it's a different generation these days. Everything became more globalized. So you can really walk from everywhere to go and anywhere to any company these days. And this is again advantage and disadvantage. Right. There is very. A lot of upsides to that, but a lot of downside yeah.
Jim Love
So it is a bigger threat. And I think we've gone through a number of scenarios. You know, how do CISOs get a handle on this? How can we can, how can CISOs control this threat?
Iran Barak
I think it's a combination of data and identity and it starts on the more physical side and screening and scanning. And when you hire someone, you really need to do a really good background check before you hire, especially to jobs that you mentioned before the ID and especially someone like yourself who knows a lot about what it takes to bring these IT guys and then obviously put the right program in place. Either it's a data protection program or inside the risk program. Right. And I would argue you should combine that they go hand to hand and you need to make sure that you really have a grip on your, where your data is and what is your ip, what you are winning that might be compromised. I know maybe sounds bad. At the end of the day, we can't control everything. You need to come with this very tight strategy and understand everything that that related to your data. And especially for sensitive data, obviously. Yeah.
Jim Love
And we presume, maybe I'm wrong. We presume that people have done a data analysis. We toss around these terms like crown jewels. We presume that people know what the crown jewels are. I don't know whether people think in terms of what, whether they're the disclosure of data which could be fairly innocent. In other words, you may have your top secrets of your business, but there's other data that if it was disclosed, could be embarrassing. I presume that people do. I'm not. I presume that they're doing these types of data analysis. They may not. If they haven't, I just, I would suspect that they need to. I don't know how you make cybersecurity work if you don't understand the various levels of data. Because there's all kinds of data. You, you can't, you only have so many resources. You can't spend all your time protecting data that is. Has no risk of exposure or destruction. I guess that's the first thing. What else goes into an effective program?
Iran Barak
Here in Nordic. I think you're right and I think there is also, even today you talked about yourself being in security years ago and think about how development is done today. It's all cloud based and you can really replicate sensitive data in a very easy way. So you give a database access to one of your developer, you can replicate that just for development and testing purposes, but then you forget about it. Right. Or you can basically move data around different SaaS apps. Today everything is on the cloud, right? I always say today the CISO job is very hard because years ago, 20, 30 years ago, it's almost in the perimeter, right? You added all print V shares, you had all these stuff that were more contained. Today it's not anymore you and, and in fact you have both today and. Because we all talk about moving to the cloud. Moving to the cloud. Yeah, we, we are working on the cloud, but we're still working on Prem as well. So now you need to basically protect both fronts. So what you really need to do is make sure you have the right controls and you need to really work with security controls to impose capabilities to this kind of old environment on prem and cloud and are able to protect all your crown jewels or your sensitive information on both front and do that.
Jim Love
And even the movement, and we've talked about this, the movement doesn't have to be malicious. I have been an absolute critic and I will confess to it of Amazon for the leakage of S3 buckets. And the reason I've done that is I went on and tried to because, and I'm no longer a functioning technical employee. I don't do this hands on every day. But I went on and I went and said here I'll set up the security for something. I've never been so confused in all my life. Now I might not be the smartest guy in the world, you may be able to say that, but I could see how these mistakes were made. And you look at the user interface and say if we, we have to give people the tools to protect our data if they can make mistakes so easily and by witness they happen all the time, then we should be improving that user interface as well. But what other tools could we, what other things could we do? What technically aren't we doing that we could do?
Iran Barak
First of all, you need to have a good data retention program. We at mine found that many companies where they don't have a retention program to their data, meaning they just store everything everywhere for whatever time, infinity amount of time. And this is by default not good. There is a lot of data that you don't really need and some of them are insensitive and that can be embarrassing if it's been exposed. So you need to have a good data retention in place first. Second, we talked again about the controls, right? So you need to make sure you have controls that are up to date. And as an example, your sensitive data is not necessarily just traditional sensitive data, right? You talked about customer data or we talk about the credit cards and things like that. But you have many companies out there that are, for example, manufacturer or companies coming from the healthcare, right, with lab results. This is data that you need to know how to classify. And obviously today it's a harder job because I think years ago you can still be able to put few employees in place and let them classify and label everything manually. These days are gone. The amount of data that exists today is absolutely growing exponentially and you only need machines to do that. And I would argue if you're still doing things manually, you'll be high and. And you put yourself in a risk. You need to adapt.
Jim Love
No, I think you've hit the nail on the head there. That's was. I was thinking about it and you gotta be careful in this business. There's one thing to be a commentator and I can be a critic and I can say you should be doing all these things. I was a cio. I know that sometimes you don't have the time, sometimes you don't have the resources. And when people come in and the worst thing in the world is to be a security consultant who comes in and says, I've got all these templates I need you to fill out to classify all your data. Oh, joy. And so I get that. So you're saying that one of the advantages today is that we actually can use systems to be able to classify.
Iran Barak
Our data 100% and even classify very complex data. The fact that the AI made such a progress, obviously, again talking about pros and cons, there are a lot of restrictions that comes with this AI. But when we talk about classification in particular, that is a lot of pros and many of them related to classification and the fact that you can classify much more accurate in a faster and a way and basically be able to cover huge amount of data that would take you months or years if you would do it manually. This is something that we need to take advantage of.
Jim Love
I'm with you on that one because that's one of the biggest things the people say 80% of the corporate data is dark data. People don't even know what's in it. This is where I get to the other piece of this. When you look at trying to classify your data, and I get it, you should get rid of data you don't need. But the whole point of AI was it gave us access to data that we might have thought we didn't need just because we couldn't reach it. So this is the dilemma, right? If I get rid of the data. I'm going to miss that big aha moment when I relate two pieces of data and get an insight. I'll never do that.
Iran Barak
I know that, that, that's true. Yeah. I'm sorry to interrupt you, but on that I have philosophy in life, if you didn't touch something for a year in your life, it can be close, it can be whatever, then I guess you don't need it. It's true that what you mentioned, if you want to get some insights and related to specific areas in your company, it might help you. But again, what is the risk associated with that? So you need to calculate that as well.
Jim Love
But if you can analyze it, you can come closer to making a smart decision. That's what I'm. What you set me thinking about was saying, oh, geez. Because that's always the problem, classifying the data. You can have all the meetings you want, you can get out the PowerPoint and the templates and you can walk around every department and try and figure out what's there. And you're still going to have an imperfect picture. And I guess the argument for not using it, if you, if I use AI, I might have an imperfect picture. You could have an expensive imperfect picture or a less expensive perfect picture. That's, that's pretty. So have you, when you've looked at this and you've done, you've obviously done this with your clients, have you gotten insights? Have you seen lights go on? Have you seen people go, wow, okay, I understand something better now.
Iran Barak
Yeah. Again, especially when it comes to more complex, sensitive data that they were not able to classify with traditional tools. And they were like, yeah, basically as you said, the Harmon, they didn't know this data exist even in this specific data repositories. As an example. And this was for the, okay, we did some controls on that that you didn't even know. Right. You can protect something that you don't, you are not, you don't know. So this is one, the second thing I want to say and because you mentioned, we talked about AI and I know it's a hot topic and I would say another driver for data leakage is as you said about now, looking for data with AI. So there are a lot of tools out there, what they call AI enterprise search. So for example, if you implement these tools in your company, you as an employee has access to that. You can search for any data in the company. Now get that if this data is not restricted, you as a low level employee, as an example, can have access to the most Top secrets data of your company without anyone knowing about. Because now this data is exposed to you and then all the scenarios we talked about earlier in this call you basically did can happen. So this is very. It's a huge driver today for many companies before they adopt these enterprise tools and to make sure they deploy these data controls in place. And this should be ongoing because the data is something that is very dynamic. Right. You create data every day, all day.
Jim Love
Yeah, it's going to be interesting. And I hadn't thought about it in those terms either. And that is the propensity for being able to do greater level of search. Correct. And especially when you've got that. That interim step and that is traditionally if we've got traditional file storage, that's what you've got. But if you have an AI that searches your file storage now, it's not going to store it in a classical means. It'll be vectors, it'll be different things. But you now have data that could be accessible. You didn't think or you didn't think about protecting in the same way is that. Yeah, that's going to be a struggle. So it's.
Iran Barak
Imagine it's like what you mentioned about the identities, right. If you hire a new employee profile, so you say okay, is the RD is based basically similar to this employee. So let's replicate easy access and give it to you. Same with data, right. You are now created new especially when data is created on the cloud, which is what we do most days. Right. How often you open a new document just of your device. You mostly create it in Gdoc in Office 365 but then it comes with a default kind of access that mainly and oftentimes are open to everyone in your company or maybe less restricted that you would want. So you need to make sure that you have again controls that basically enforce.
Jim Love
I haven't even thought this through in terms of Got Copilot or Gemini. You may have some tools to restrict access. I actually don't know that.
Iran Barak
So. So today these companies like talking about Copilot and Microsoft did a very good job today to apply on the Office365. But again think about any average company today, even here at mind, right? We use many different tools. You don't use just the stuff, right. You use a lot of tools. So how you make sure you align across these tools and this is something.
Jim Love
That it's hard to do especially and I've said this before and probably I'm a broken record on it. We are in for the Greatest amount of shadow it that we've ever seen in history and that it's all coming in in the name of AI, Much of it being smuggled in or used without permission because people aren't going to ask permission if they find a way to do their job and it's some neat little program, they're going to use it and correct.
Iran Barak
And again, this is. Go back to. It's not, it's an. It's innocent employees, right. They don't try to do things maliciously and they just try to do it more efficient and better.
Jim Love
Okay, so we, I don't want to, I don't want to just admire the problem. We've, we talked a little bit about this and say we have to do a better job at classification and we can use AI to do that. Are there other things that CISOs should be looking at and saying, wait a minute, we need to think this through as well?
Iran Barak
Yeah. So I think again, you're right. I look at it like you build a building or a home, right? You first put the foundation. The foundation is discover and classify all the data you have. Because you said it yourself, right? You sometimes have data you didn't know even exists. So you need, you first need to discover, once you've discovered and classify, you need to put your policy on top of this data. This is another layer. And the policy can be anything from as we talked about here, how you share the data with subcontractors or with inside the company threshold about amount of data you can download and upload and many other things around sensitive data. And once you have this policy in place, you can basically surface data risks or data issues I would call them and then you can stop cleaning them. Right. Proactively. You don't need to wait for this data to move in order to block to be leaked. You, in fact you would prefer that everything would be clean 24 7. And you won't need to block to care if data moves. Because you know when this data moves, it moves in the right direction or to the right, the right folks. But then you need to also make sure you have controls about when data moves. So you are protected there as well if sensitive data is moving to not the right direction.
Jim Love
And in the same way that we talked about using AI to classify data, the building of policies is a huge effort. Are there ways to accelerate that or make that smarter?
Iran Barak
100%. Yeah, 1%. And I would say again, not just smarter, even more efficient. Because today you can build policy with AI and you can push them back across different data storage and basically have the same exact policy across all your data stores.
Jim Love
So you're saying they're again using AI to develop the policies that would at least give you the groundwork. Because like I said, nuts and bolts work. And if we had tons of people who were working in cybersecurity, which we don't, and if we had those people who are our most, I don't want to say the most intelligent, but had the best communication skills, the best analytical skills, which we don't. So we always have these things we should do that are good for us. But you're saying right now we could make a good application of AI to be at least able to get the 80, 20 or 90, 10 rule of policy development in place correct.
Iran Barak
And then you can, and, and then you can have very high demand folks that, that you need to hire to basically focus on what matter and you can fine tune this policy. But they don't need to start it from scratch. They already have a head start and, and then they can come on top and just do this fine tuning instead of do it all day long and waste their time, as you said. And obviously you will never cover everything.
Jim Love
Anything else that CISOs should be doing.
Iran Barak
You should always think that you are exposed and your data is being exposed and just be aware and put the right controls with the right resources and always adjust to the technology that is out there. Meaning that you can protect data today with technology that has been around 20 plus years. Because what was true for 20 years ago, it's not true for today. That doesn't mean that you don't need the 20 years ago as well, because as I companies and we all is moving forward, but we still hold for some past kind of technology and you need to have both kind of technology in place.
Jim Love
20 years, 20 weeks in this environment is a lifetime. I'm, I'm talking about AI years the way we talk about dog years. I mean, you know, it's like it just, it happens so quickly.
Iran Barak
This may be a new term that you need to invent.
Jim Love
I'll have to. Yeah, I'll have to. Yeah. Everybody can send me 5 cents every time they use it. There we go. I'll fund the program. My guest today has been Iran Barak. He's from a company called Mind and has obviously put a lot of thought into this idea of being able to deal with insider threats and the control of our data. Any last words for our audience, Hira?
Iran Barak
No Gil. Thank you so much for having me, Jim here and keep doing the best you can to protect your data. It would be leaked, but try to minimize as much as possible.
Jim Love
Yeah. I'm an optimist. I believe that the data's already been leaked. I just have to find out where it went.
Iran Barak
That's good.
Jim Love
And that's our show. Thank you very much. Thank you to our audience for joining us. If you're having a cup of coffee on a Saturday morning and listening to this or wherever you are, maybe your work. Thanks for listening. And we'll catch you with the news on Monday morning. Once again, I'm your host, Jim Love. Talk to you soon.
Cybersecurity Today: Understanding Insider Threats with Eran Barak, CEO of MIND
Episode Release Date: March 8, 2025
Host: Jim Love
Guest: Eran Barak, CEO of MIND
Podcast Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
In this episode of Cybersecurity Today, host Jim Love delves into the critical topic of insider threats with Eran Barak, the CEO of renowned data security firm MIND. The conversation explores the multifaceted nature of insider threats, their evolving dynamics in the era of remote work, and effective strategies to mitigate associated risks.
Jim begins the discussion by highlighting the prevalence of insider threats, emphasizing that while many such threats stem from unintentional actions, intentional malicious activities pose a significant danger to organizations.
Key Insights:
Notable Quote:
Jim Love [00:00]: "Most of these are innocent or at least not intentional… but there is a more insidious intentional set of actors who represent a threat to companies."
Eran Barak elaborates on the various categories of insider threats, categorizing them into insider negligence, insider manipulation, and malicious insiders.
Key Insights:
Notable Quote:
Eran Barak [01:26]: "There are many insider threats. We call them sometimes insider lazy and users who basically leaking data just to make their work day to day more convenient."
Jim and Eran discuss the importance of robust detection mechanisms to identify and mitigate insider threats effectively.
Key Insights:
Notable Quote:
Eran Barak [02:22]: "We can monitor each and every data who has access to that, who is downloaded, who is basically moving it inside the company, outside the company… if you are able to block it in real time, then obviously you can reduce a lot of risk."
The transition to remote work, accelerated by the COVID-19 pandemic, has introduced new challenges in managing insider threats.
Key Insights:
Notable Quote:
Eran Barak [03:37]: "Remote work became more dominant… subcontractors that are basically working remote and they can fake their identity. You never know who is on the other side."
A significant portion of the discussion revolves around the necessity of stringent access controls to mitigate insider threats.
Key Insights:
Notable Quote:
Jim Love [06:00]: "If you're granting permissions, why do the people need them? What do they do with them? And when do they not need them?"
Eran emphasizes the critical role of data classification in managing insider threats, highlighting how artificial intelligence (AI) can enhance this process.
Key Insights:
Notable Quote:
Eran Barak [22:52]: "If you're still doing things manually, you'll be high at. And you put yourself in a risk. You need to adapt."
The conversation transitions to the formulation of comprehensive data protection policies, essential for safeguarding sensitive information.
Key Insights:
Notable Quote:
Eran Barak [32:19]: "You can build policy with AI and you can push them back across different data storage and basically have the same exact policy across all your data stores."
Eran discusses the complexities of securing data in hybrid environments where on-premises systems coexist with cloud-based solutions.
Key Insights:
Notable Quote:
Eran Barak [20:20]: "Today it's hard because years ago, 20, 30 years ago, it's almost in the perimeter… Today it's not anymore… you need to protect both fronts."
As the episode wraps up, Jim and Eran reflect on the evolving nature of insider threats and the necessity for continuous adaptation in cybersecurity strategies.
Key Insights:
Notable Quotes:
Jim Love [34:44]: "We are in for the Greatest amount of shadow IT that we've ever seen in history and that it's all coming in the name of AI."
Eran Barak [34:46]: "It's not… you always need to assume… you'll be knocked and things will get leaked."
In this insightful episode of Cybersecurity Today, Eran Barak provides a comprehensive analysis of insider threats, emphasizing the importance of proactive monitoring, strict access controls, and the integration of AI in data classification and policy enforcement. As organizations navigate the complexities of remote work and hybrid infrastructures, the strategies discussed offer a valuable roadmap for enhancing data security and mitigating insider-related risks.
Final Takeaway:
Eran Barak [35:07]: "Keep doing the best you can to protect your data. Try to minimize as much as possible."
Jim Love [35:18]: "I believe that the data's already been leaked. I just have to find out where it went."
For more insights and updates on the latest in cybersecurity, stay tuned to Cybersecurity Today with Jim Love.