Wolf in Sheep’s Clothing a cyber security tech-talk

Originally published on the Microsoft Faculty Connection, I share my blog on guest speaker and Cyber consultant at Microsoft, Phil Winstantley, whom I invited to the Security and Crime Sciences Seminar series held at the University College London.

The insider threat

The common association we have when thinking of cyber security is predominantly focused on how to protect ourselves from external threat actors, heavily investing on heightening our “walls” against ”outsiders”. Rarely do we think about what threats already exist within our own “fences”. Our invited guest speaker explored how internal people, processes and technology can equally, if not more so, become a challenging threat to security given the opportunity.

Phil Winstantley, a Cyber consultant at Microsoft who works to keep their customers safe and secure, has worked across many sectors from the high threat club of Defence and National Security through to National Critical Infrastructure and into the Finance and Media space. Outside of his day job, Phil is a Special Officer with the UK National Crime Agency (NCA) where he works on disrupting serious and organized crime.

Cyber Crime

Phil outlined the main personas that often constitute the ideal internal threat actor: one that has some type of privileged access, one that has third party admittance or one that has been a previous employee. We chuckled to his example of IT Support being the “perfect” insider threat as it has both the opportunity and excuse to access data (any data) that can be in turn maliciously used. “Black shadow” access may be the only data that IT Support might not be able to get their hands on as it is usually constructed by third parties in forms of Facebook groups or twitter profiles. This lack of control however can also lead to the loss of admin monitoring. By far the most complex scenarios Phil admitted were the cases that involved an emotional drive, in other words the deep dark side of feelings, particularly that of revenge! A previous employee with such devise can quite rapidly cause huge damage. Described as the most challenging to fight against as it is non-technical, illogical and revolves around people, process or morale — which can be chaotic!

Paranoia

Q&A

Overall it was great to see the gender distribution of the room, with a larger number of girls! Especially with international women’s day just celebrated a few days prior!

Originally published at blogs.msdn.microsoft.com on April 20, 2018.

Futurist | PhD, Cyber-biosecurity