Joe Payne - Inside Jobs

Copyright 2020 by Code42 Software, Inc.

All rights reserved. No part of this book may be reproduced in any manner without the express written consent of the publisher, except in the case of brief excerpts in critical reviews or articles. All inquiries should be addressed to Skyhorse Publishing, 307 West 36th Street, 11th Floor, New York, NY 10018.

Skyhorse Publishing books may be purchased in bulk at special discounts for sales promotion, corporate gifts, fund-raising, or educational purposes. Special editions can also be created to specifications. For details, contact the Special Sales Department, Skyhorse Publishing, 307 West 36th Street, 11th Floor, New York, NY 10018 or .

Skyhorse and Skyhorse Publishing are registered trademarks of Skyhorse Publishing, Inc., a Delaware corporation.

Visit our website at www.skyhorsepublishing.com.

10 9 8 7 6 5 4 3 2 1

Library of Congress Cataloging-in-Publication Data is available on file.

The information provided in this book is not, nor is it intended to be, legal advice. You should consult an attorney for advice regarding your individual situation.

Jacket design by Redonk Marketing

Jacket photograph: Getty Images

Print ISBN: 978-1-5107-6448-4

Ebook ISBN: 978-1-5107-6449-1

Printed in the United States of America

Praise for Inside Jobs

In an era of sprawling cloud and consumerized IT, the challenge of security is not just to figure out who and what needs to be protected, but how to do so in the simplest way possible. This book drives this point home, and shows how to take friction out of security for users without putting data in jeopardy.

Dug Song , cybersecurity expert, cofounder and CEO of Duo Security, and cofounder of Arbor Networks

This book addresses a problem that needs focusinsider threat is a very real issue that organizations need to grapple with and understand. Its one of the greatest underserved risks in cybersecurity today.

Amit Yoran , CEO of Tenable, former president of RSA, former national cybersecurity director at DHS, and former director of US-CERT

I never thought Id read a book about cybersecurity insider threats that is actuallydare I say itengaging. By illustrating technical points with compelling stories and examples, this book becomes a productive read not only for the CISO, but also for the CIO, the CHRO and the CEO.

Chip Heath , author of best-sellers Switch , Made to Stick , Decisive , and The Power of Moments

Today, some of the most pressing problems in security revolve around insider threats and data security. Code42s new book provides new perspective on these problems and how much more important they have become in the increasingly remote and distributed workplace, suggesting major changes in how we approach data security.

Martin Roesch , cybersecurity expert, creator of Snort, and founder of Sourcefire

Ive seen too many organizations feel they have a cybersecurity program because they have a few cybersecurity products. This book really shows how the care of your data is fundamental to protecting it.

Ron Gula , cyber industry pioneer; developer of Dragon, one of the first commercial network intrusion detection systems; cofounder of Tenable Network Security

While many executives understand security threats from outside their company, most dont protect their business from insiders. Employees lose, steal, or misplace data more often than businesses realize, costing billions. Inside Jobs is packed with powerful examples and actionable advice every senior executive needs to know in a fast-paced book that can be finished in one plane ride.

David Meerman Scott , marketing strategist, entrepreneur, and best-selling author of eleven books, including Fanocracy and The New Rules of Marketing & PR

Data leaks are going to happen. Code42s approach to insider threat detection shows you exactly what you need to know when your confidential data is walking out the door and what to do about it.

Mike Wasserman, security orchestration engineer at The Pokmon Company International

Contents

by George Kurtz

Foreword

George Kurtz

Cyber threats come in many forms. CrowdStrike is best known for stopping threats coming from outside your organization: nation-state, eCrime, hacktivism, you name it.

Unlike the global bad actors we trackwhich our intelligence unit has personified with names like FANCY BEAR, GOTHIC PANDA, and MUMMY SPIDERinsider threats appear in much more benign forms. They can be the friendly network engineer, contract recruiter, or IT analyst whose office is just down the hall (at least it was before the pandemic). In many casesmaybe mosttheir unwanted actions are inadvertent, or theyre simply unaware of doing anything wrong.

When it comes to protecting data, companies need to be vigilant and proactive. And they need systems and tools that let them take immediate action when required. With employeesand outside threat actorsable to work from anywhere, at any hour, with endless options to stash data on devices or in the cloud, every second counts: Incident detection and response needs to happen in real time and without limitations from time zones or geography.

This is precisely why CrowdStrike reinvented end-point and workload protection in the cloud. The effectiveness and rapid adoption of our revolutionary approach has exceeded everyones expectationseven ours. The same thing has to happen with managing insider threats. Legacy approaches like data loss prevention (DLP) rely on signaturesjust like the cumbersome antivirus and other end-point systems that CrowdStrike is replacing at enterprises across the globe. These outdated systems are just too complex and cumbersome and cant take advantage of the clouds speed or scalability the way a cloud-native solution can.

Code42s book comes at an important inflection point for businesses and for the CISOs who keep those organizations safe from internal and external threats. Covid-19 forced companies to redeploy their workers and other resources on a massive global scale, practically overnight. They did it literally to preserve life and ensure business continuity under extreme conditions. Among the many unintended consequences, many organizations suddenly find themselves in a position to experience a huge leap forward in productivity and long-term business resilience, primarily because of moving key systems and processes to the cloud. In many cases, carefully planned business transformation strategies had to be accelerated, and accomplished in weeks instead of years. Some businesses are still reeling from these changes, but are now beginning to see the potential benefits from this forced transformation.

In security, and many other business-critical functions, moving from legacy premise-bound technologies to next-generation, cloud-native platforms has required a leap of faith from the early adopters. Once the benefits become widely known and accepted, truly disruptive cloud platforms like Salesforce, Workday, ServiceNow, CrowdStrike, and others will quickly become the rule, not the exception. As more organizations take that leapwhether from faith or simple necessitythe learning curve for transforming your business with the cloud flattens, and the adoption rate soars.

Today its easier, faster, and more affordable than ever to provide true and meaningful protection against threatsfrom outsiders and insiders. This book will provide you with the knowledge and resources you need to make the leap. See you on the other side!