Skip to content

Tuning in on Insider Risk at Blackhat 2021

BlackHat USA trainings are already underway. Thousands of people are either in, on their way to Las Vegas, or tuning in remotely to join other cybersecurity professionals to learn, connect, and let their hair down a little. For many, it’s the first hybrid event opportunity in what feels like a lifetime – and we are so excited to reconnect with BlackHat attendees whether that’s virtually or in person at booth #1467 at Mandalay Bay.

Since we are a company focused on Insider Risk Management, and this post is hosted on our blog, we’ll wager that many of you reading this are also interested in mitigating Insider Risk/Threat within your organization. So, we did some due diligence and put together a special ‘Insider Track’* highlighting the briefings that seem most relevant to Insider Risk.

BlackHat USA 2021 Briefings relevant to Insider Risk Management

  1. A Data Protection Problem: Insider Risk
    Speakers are Rob Juncker and Mark Wojtasiak
    This one is a gimme. In this on-demand session Code42’s own will discuss what Insider Risk is, the problem that Insider Risk Management solves for organizations, and how Code42 can help solve that problem. The session is available on-demand throughout the conference so, if you’re interested in Insider Risk and have a spare 15 minutes, we’d recommend checking it out.
  2. Deepfake Social Engineering: Creating a Framework for Synthetic Media Social Engineering
    Speaker is Matthew Canham
    Social engineering (specifically vishing) leveraging deepfake technology is on the rise. In this session the presenter will lay out a framework for classifying and employing countermeasures against these attacks. Given that the attack surface with these threats is your user-base, the connection to Insider Risk seems to make itself. This session will offer you practical examples of countermeasures you can deploy and educate your users on to better protect your organization against deepfake-elicited data exfiltration.
  3. Action Bias and the Two Most Dangerous Words in Cybersecurity
    Speakers are Josiah Dykstra and Douglas Hough
    This session will focus on “action bias and when immediate action is appropriate and when it is counterproductive.” As Insider Risk managers, it’s often tempting to take action immediately and block an activity or try to put a new safeguard in place which may inadvertently prevent productivity. This session will dig into when to act with a right-sized-response and when to let things play themselves out. While not explicitly related to Insider Risk incidents, this session in the Human Factors and Community tracks should be very valuable.
  4. The Ripple Effect: Building a Diverse Security Research Team
    Speakers are Oryan De Paz and Omer Yair
    Insider Risk Management is as much a cultural shift as it is a technical one. Study after study has shown that having a more diverse and inclusive work culture results in greater profits and productivity, but also, and importantly to Insider Risk managers, leads to a more cohesive and security-aware culture. As noted in the session abstract “there <was> no… toxic culture of any kind on our core team.” The speakers will be sharing “tools for team members, leaders, and upper management alike” which have “improved our R&D team atmosphere and deliverables.” Sounds like a great way to minimize risk through a collaborative, aware culture.

That’s far from an exhaustive list of the cross-functional sessions that could apply to Insider Risk but in our browsing of the briefings, these are the ones that seemed to be the best fit for our impromptu track.

*Does this count as a pun? Let us know your opinion on twitter by commenting or posting @Code42 if you see this. Also, if you mention this post in-person at booth #1467, you’ll win some extra swag.

You might also like: