Are all Insider Threats bad apples?
The “bad apples” argument for insider threats is simply too reductionist. Here is why: When an intentional insider threat manifests it is a product of a hugely complex and escalating set of circumstances. The argument that they are “just bad people...
3 easy traps your CMT could fall into and how to prevent them
Your Crisis Management Team, CMT, helps prepare your organisation for an incident and manages the strategic response to any incidents or crisis that occurs. In my experience of running cyber crisis simulations with these teams I see the same issues present themselves...
Your New Ransomware Business Partner
2020 and 2021 have seen some pretty epic ransoms being paid by companies that at one point in time you would have assumed would never pay. Ransomware groups have undertaken a rebranding of sorts. They have their business model pretty well tuned and their...
Rebuilding after a cyber attack
We talk a lot about handling the initial car crash of a breach. What to do first, the comms that need to go out and the reporting to regulators. This all happens within the first few hours or days of a breach being discovered. What about after that? Last week I ran...
Would You Fall For A $35m Voice Cloning Attack?
A high tech vishing attack utilising voice cloning has lost a UAE bank 35 Million USD. What happened? According to the court documents: the Victim Company’s branch manager received a phone call that claimed to be from the company headquarters. The caller sounded like...
Defcon Talk: Using SE to create insider threats and win all the things
Lisa Forte’s Defcon 2021 talk on social engineering and insider threat. Transcript to...
The Gold-Silver-Bronze Command Structure
The Gold-Silver-Bronze or ‘GSB’ command structure was rooted in and developed heavily by the UK emergency services. It was designed to establish a clear hierarchical framework and operational clarity for the command of major incidents or disasters. It is now used by...
Insider Theft of $119M worth of Coca Cola IP
What happened? An engineer who worked for Coca Cola and other manufacturers is alleged to have stolen valuable trade secrets in order to set up her own company in China using the stolen technology. Xiarong You has been accused of insider theft and economic espionage...