CyberWire Daily - Insider Risk Excellence Awards. [CyberWire-X]
Episode Date: March 24, 2022In this CyberWire-X episode, host Dave Bittner chats with the judges of the Insider Risk Excellence Awards. The inaugural awards program, announced during last September's Insider Risk Summit, recogni...zes the best of the best in Insider Risk Management. They honor the work of individuals and organizations as they address Insider Risk in the most collaborative work environment we’ve ever seen. Judges Joe Payne, President and CEO, Code42 and Chairman, Insider Risk Summit and Wendy Overton, Director of Cyber Strategy and Insider Risk Leader, Optiv, talk about the growing Insider Risk problem, reveal the winners of each award category and pull back the curtain on how each of these Insider Risk trailblazers are making an impact. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, a series of specials where we highlight important security topics
affecting organizations worldwide.
I'm Dave Bittner.
We're taking a bit of a departure from our typical CyberWireX format this time.
In this episode, I'm speaking with our sponsor, Joe Payne, CEO of Code42 and Chairman of the
Insider Risk Summit, and Wendy Overton, Director of Cyber Strategy and Insider Risk Leader at
Optiv.
Together, we're celebrating the Insider Risk Excellence Awards, honoring the work of individuals
and organizations who've proven themselves the best of the best in insider risk management.
So stay tuned as we announce the winners and describe how they've been making a difference,
tackling insider risk with creative innovation and
taking their teams to new heights.
And now a word from our sponsor, Code42.
Did you know that there's a one in three chance that your company will lose IP when an employee
quits?
Cybersecurity teams are facing
unprecedented challenges when it comes to protecting sensitive corporate data from exposure,
leak, and theft. The annual Data Exposure Report 2022 from Code42 revealed three key trends that
are accelerating insider risk. First, the continued adoption of cloud technologies and a lack of visibility into them.
Second, the impact of the great resignation and departing employees' theft of IP and sensitive data.
And third, the challenges of the new hybrid remote workforce and uncertainty over how to address it.
As insider risk grows, Code42's insider risk management approach helps protect data without slowing down business.
Learn more at code42.com slash showme. And we thank Code42 for sponsoring our show.
All right, well, Joe Payne, always a pleasure to speak with you here. I want to start with just sort of the basics here about the Insider Risk Summit team and why you all decided to launch this award program.
Well, first of all, it's always great to see you and hear you again, Dave.
So thanks for having me on the show.
Well, the goal of the awards is simple.
It's to recognize the best of the best in insider risk management.
It's really to honor the work of individuals and organizations as they address insider risk in what
is basically the most collaborative work environment we've ever seen. We announced these awards at the
Insider Risks Summit earlier this year. That summit is an event that's laser focused on redefining data security
for sort of a hybrid remote world, which is pretty the world we're all living in today,
that's for sure. But before we jump into the awards themselves, I really feel like it might
be helpful for people who haven't maybe been paying attention that much to insider risk
to take a few minutes to reframe the problem and really talk about why it's so acute today versus in the past. So as you and I have discussed
before, there are really three main drivers to the increased focus on insiders. The first is that
digital transformation is changing how we all work together. So 90% of Orcs today are in the process of digitizing their data and their business processes.
88% of CIOs have decided employee productivity
and efficiency is a top priority.
And as such, they've rolled out cloud-based tech stacks
throughout the world to help us work better together.
So things that we're all used to, Slack, Teams, OneDrive, Box, GDrive,
these are all technologies that help us collaborate and share data.
What's interesting is those same technologies also make it really easy
for us to share data outside the organization.
So that's driver one, digital transformation.
Driver two may sound a little
silly at this point, but knowledge workers are working from anywhere. And so even pre-COVID,
people spent about a quarter of their time working outside the office. Today, one in four workers
indicate that they will never go back to an entirely in-the-office work mode. So, you know, we saw, I think if anything, COVID
has sped up the process of being able to work from anywhere. What happens when you work from
anywhere is that IT no longer controls the tools or the networks or the applications that people
use to get their work done. And that gives them a lot less visibility into what's happening.
Users tell us, a little more than a third of users tell us that they used unauthorized apps
every day to do their work. And about a quarter of them tell us that they use sync and share apps
or sharing apps every week that are not authorized to share data with their colleagues. So that work
from anywhere really affects sort of the insider risk problem.
So you've got digital transformation, you've got work from anywhere.
And then the third cause is the change in jobs.
I mean, people are changing jobs faster than ever.
The average employee tenure now is decreasing.
Gens Y and Z, they make up about 60% of the workforce,
and their average tenure is less than three years in any given job.
So it's a huge change.
In fact, this number blew me away.
4.5 million Americans voluntarily left their jobs in November of last year.
4.5 million Americans in one month.
So just a massive change.
And why does that matter? Because the biggest risk to
your data is departing employees, people that are leaving to go work other places.
And when people leave their jobs, they almost always stay in their same industry.
And so they love to take their data and their information and their source code and their
customer list with them when they change jobs. And they often don't realize that that's data
that actually belongs to the company. So those three things have really made insider risk the
biggest problem in the security world today, or at least one of the biggest problems.
And at the same time, we haven't had an approach to deal with that in this modern world. So
what we're doing with these awards is we're recognizing the people
that are sort of the pioneers of the space
and that have really adapted and adjusted to today's world
in order to allow people to continue to collaborate,
but to also protect company data.
Joe, speaking of the awards themselves,
I mean, beyond the recognition of the people
we're going to talk about in the organizations,
is there an awareness element here as well to help spread the word more generally about this?
For sure.
You know, I think it's most important that we're, you know, we're acknowledging the people who have done great work.
And those same people tend to be the ones that are out there sort of preaching the word to people about how to do this the right way. So yes,
awareness right now of this problem, but maybe as importantly, the awareness that there are solutions to this problem and there are ways to let people continue to collaborate and work together,
but still protect company data. So yeah, if it helps in awareness, I think that's fantastic.
Well, we're joined today also by Wendy Overton. She's a director of cyber strategy and an insider risk leader at Optiv.
Wendy, it's great to have you with us.
You know, one of the things that strikes me here is that I think quite often in the past,
I have heard the term insider threats, and that's been tossed around a lot and popularized.
But when we say insider risk, there's a little nuance there,
and it's an important distinction. Can you lay that out for us? What's the difference,
and why does it matter? Sure, and thanks so much for the opportunity to speak with you today.
So the reason why we really shifted to insider risk here at Optiv is because we're trying to help
companies really think through building a more holistic perspective
and thinking a little bit more forward in how they mitigate risks around insiders.
In the past, a lot of companies would think about seeing data leave or seeing people leave
or different things like that, really focusing on things as they're happening versus trying to understand what types of behaviors or other indicators might there be out there that are indicating additional risk towards, you know, the company or the business that we can identify earlier.
And through that, hopefully proactively mitigate risk around insiders before the actual, you know, threat or incident takes place.
And it really kind of speaks to a lot of the things that Joe mentioned earlier,
and how we're seeing a shifting landscape across the marketplace and how companies are having to
think about insider risk going forward, and how they're having to kind of shift the way that they
think about insiders because of the way that, you know, their business might be transforming or having to kind of adjust due to the economy or other factors, right?
We're seeing data moving to cloud solutions, remote workforce, business modernization,
different strategies around the business and around security. So the threat landscape is
continually changing. To keep up with these changing risk landscapes, organizations are starting to broaden the way that they're scoping risks, analyzing risks, and starting to really flesh out a more all-source mentality, you know, at their disposal to understand what is going on within their networks or enterprise.
All right. Well, let's jump into some of the actual awards here. Joe, I'm going to start with you.
You have selected two winners in the Insider Risk Practitioner of the Year category.
Take us through exactly what the process was for selecting these winners,
and then who won. Yeah, thanks, Dave. It was really an interesting category. We had an
overwhelming number of submissions for the insider risk practitioner of the year, and it was such a
strong group that the judges, we just decided that we need to recognize more than one person
in this situation. So we've picked two
insider risk practitioners of the year. Now, we call them superheroes because these are people
that have displayed an exemplary craftsmanship in cultivating a powerful insider risk program
for their organization. That was the official definition of the insider risk practitioner of
the year, Dave. Who are the winners? It's Tim Briggs from CrowdStrike and Ginger Cullifer from Altair. Congratulations, Tim and Ginger.
Let's talk a little bit about why they won. So under the leadership of Tim Briggs, the insider
risk team at CrowdStrike is really composed of the incident response team. Tim takes a really interesting approach. He
assigns people from incident response to four to six week sort of shifts so that everyone on his
team can get up to speed on how insider risk works and how the technology behind it works.
He's really set up probably one of the most sophisticated teams on insider risk in the country today
because he's automated so much of how they do investigations and response. Really, really
impressive implementation of an insider risk program. In fact, probably the most impressive
one that we've seen to date. But the other thing that really set Tim apart is his commitment to
the industry. Tim's at CrowdStrike and they are big believers in security in general. And Tim basically has
taken it upon himself to go out and spread the gospel about how insider risk should be done
in a modern collaborative environment. And he's talked to so many CISOs and so many security teams
that we really felt he deserved the recognition as one
of our practitioners of the year. So congratulations, Tim Briggs. The other winner was Ginger
Cullifer at Altair. Altair is another software company that does AI and it does all kinds of
sophisticated analytics. So they have a lot of important intellectual property at their company.
sophisticated analytics. So they have a lot of important intellectual property at their company.
However, if you look at their website, you'll see that they are recognized as one of Inc.'s best places to work this year. Newsweek's one of the best cultures and places to work. And so what's
interesting for Ginger is that she has to balance culture and security in her role, as do all CISOs. But they've got a very
employee-friendly culture at Altair. And so she worked hard at establishing the program and
working with all the key stakeholders around the organization. And she did that extraordinarily
well and has the program in place. And it paid immediate dividends because she found
a number of departing employees in their first year in the program taking sensitive data,
and they took immediate action to solve that. So for their two different approaches, but both
wildly successful approaches, we are excited to award the Insider Risk Practitioner of the Year to both Tim Briggs and Ginger Colfer.
All right. Well, congratulations to all of them. Well done. Wendy, we're going to go through
our company categories. Can you take us through the winners in those categories?
Yeah, I'd be happy to, Dave. So we had three categories that we assessed various companies for. It was great to see all the different innovators in the space and really tough to choose the finalists and ultimately the winners. The three categories are the Accelerator Award, the Game Changer Award, the Accelerator Award, which recognizes organizations driving notable
decreases in insider risk, focusing on most improved detection and response, the winner
is Lyft.
The core accelerator to Lyft's growth and success comes from their company culture,
enabling their employees to work the way that suits them best.
Prior to going public, one of the biggest challenges they faced was their blind spots,
having no insight into where their sensitive data was going or how it was being moved, particularly within the cloud.
Lyft decided to take a more proactive and person-centric approach using IRM in order to
get more visibility into data activity across their entire cloud footprint, including AirDrop.
Lyft's IRM approach played a crucial role in its preparations before going public and has allowed them to continue to approach data security in a more modern way.
Congratulations to Lyft.
The Game Changer Award category, which recognizes organizations that have revolutionized their insider risk program, bringing them to the cutting edge of IRM, and companies that have elevated from a traditional to a more modern program, the winner is Financial Force, a provider of customer-centric business applications built
on the Salesforce platform. Financial Force's security team conducts an annual risk assessment
to align team priorities with business objectives and identify the most pressing risks in the
organization. Through that exercise, they determined that data leaking from departing
employees, competitors, and third parties was pretty significant security risks that they
wanted to address. With employees spread across eight different locations, it was critical for
Financial Force to design a well-integrated insider risk management program to protect their
critical IP, quickly detect and respond when critical insider risk events occur, and eliminate
alert fatigue, most importantly. Through their IRM program, Financial Force can now detect file
exposure and exfiltration across endpoints, cloud, and email systems using IRM technology and API-based
integrations to take advantage of their tools in the security stack. Through their focus on a strong security ecosystem,
they developed a risk scoring engine
that brings prioritized alerts from their IRM solution
into focus with other endpoint risk factors,
user internet browsing, phishing activity,
and more to help them determine
where their biggest insider risks lie.
Congratulations to FinancialForce.
And lastly, the Collaborator Award category,
which recognizes companies that have fostered a dynamic collaboration culture while protecting
their valuable data. The winner goes to User Testing, which provides an on-demand usability
testing and research solution through its human insight platform. Unlike many companies,
user testing has always had a primarily remote
workforce and a software enforced parameter. Therefore, without the visibility into data
movement, there would be many opportunities for sensitive data and IP to walk out the door and
walk into the wrong hands. Embracing remote workforce culture, user testing understands
that most insider threats occur because employees are simply trying to get their jobs done. And unfortunately, sometimes employees engage in
some less than ideal security practices in the process. Instead of shutting down the tools and
processes that enable their employees to be effective, user testing focuses on understanding
the business reasons behind those practices, educating on more secure alternatives when
necessary, and gaining full visibility of data movement to respond quickly to insider risks.
By maintaining positive relationships with internal partners and employees,
they've built trust in an extremely effective and transparent IRM program.
Congratulations again to user testing and to all the winners for these categories.
Yeah, congratulations indeed.
Is there a common thread here among these companies in terms of the things that made them rise to the top?
You know, Dave, I'd say that across all three, kind of in line with what Joe and I were talking about earlier,
they're all moving the needle towards more proactive programs.
And through that, kind of helping their workforce to continue to do their jobs effectively and support the business without necessarily hindering anything, but still protecting and mitigating risk as well.
It's really great to see.
What I'd add to that is they all also have a people first kind of mentality, which is not a controls first mentality.
They know that most of their employees are just trying to get their jobs done.
So an employee might use Gmail while working from home one day and they might do it accidentally.
So before you hit them with a hammer, you know, you want to talk to them about why they did that and understand, et cetera.
And these organizations have been sort of out in front at taking that whole approach towards people first.
All right. Well, let's move on to our final category here, and that is the CISO of the year.
Joe, who do you have for us?
Gosh, that's the hardest one that the committee really struggled with because we have so many
good CISOs doing so many great things. And also, you know, who wants to say which CISO is
best? You don't want the other CISOs mad at you. But having said that, Mario Duarte at Snowflake
had a fantastic year with his team. They rolled out an entirely new insider risk program and
were actually in the running for a number of different awards for that program. I think one of the things that really sets Mario apart is not only his passion for implementing
that program at Snowflake, but he's been a very vocal leader in the insider risk community,
offering up his time and his experience to other CISOs when they're starting on this
journey, and also being very vocal about the fact that,
look, the old solutions that we have in security around DLP just simply don't work in today's
modern world, and that our employees deserve the opportunity to work together and collaborate
together without security getting in the way. So, for all of those reasons, I'd like to say congratulations to my friend,
Mario Duarte, for winning our first CISO of the Year award. All right. Well, congratulations
indeed. And congratulations to all of our winners this year. Joe, before we sign off today, I would
be remiss if I didn't give you the opportunity to promote this year's Insider Risk Summit.
I know details are still coming together, but give us a little preview of what people might
expect this year. Well, it's really interesting. The whole way that we work is just transforming
as we speak. And the idea that we're going to, quote unquote, return to normal has pretty much
been thrown in the trash can. Even now that the pandemic is receding
and people are feeling more comfortable in getting out,
people aren't going back to work.
So I think a major part of this year's Insider Risk Summit
is going to be about the new normal.
How do we protect our data from insider risk in the new normal?
And I think it's going to be a fantastic group of speakers
and I'm really looking forward to it.
And as soon as we get all the final dates and times, et cetera,
we'll get those out.
And apropos to that whole conversation,
I am confident that it's going to be some form of hybrid event
where you can attend in person,
but I think most people will probably attend over Zoom.
All right. Well, Joe Payne, President and CEO of Code42 and Chairman of the Insider Risk Summit,
and Wendy Overton, Director of Cyber Strategy and Insider Risk Leader at Optiv,
thank you both so much for joining us today.
Our thanks to Joe Payne, CEO of Code42, and Wendy Overton from Optiv for joining us,
and for the Insider Risk Summit for sponsoring this edition of CyberWireX.
Congratulations to all the winners.
You can learn more about the Insider Risk Summit at InsiderRiskSummit.com.
CyberWireX is a production of the CyberWire and is proudly produced in Maryland at
the startup studios of DataTribe, where they're co-building the next generation of cybersecurity
startups and technologies. Our senior producer is Jennifer Ivan. Our executive editor is Peter
Kilby. I'm Dave Bittner. Thanks for listening.