CyberWire-X 3.24.22
Ep 27 | 3.24.22

Insider Risk Excellence Awards.


Dave Bittner: Hello, everyone, and welcome to "CyberWire-X," a series of specials where we highlight important security topics affecting organizations worldwide. I'm Dave Bittner. We're taking a bit of a departure from our typical "CyberWire-X" format this time. In this episode, I'm speaking with our sponsor, Joe Payne, CEO of Code42 and chairman of the Insider Risk Summit, and Wendy Overton, director of cyber strategy and insider risk leader at Optiv. Together, we're celebrating the Insider Risk Excellence Awards, honoring the work of individuals and organizations who've proven themselves the best of the best in insider risk management. So stay tuned as we announce the winners and describe how they've been making a difference tackling insider risk with creative innovation and taking their teams to new heights.

Dave Bittner: All right. Well, Joe Payne, always a pleasure to speak with you here. I want to start with just sort of the basics here about the Insider Risk Summit team and why you all decided to launch this award program. 

Joe Payne: Well, first of all, it's always great to see you and hear you again, Dave. So thanks for having me on the show. Well, the goal of the awards is simple. It's to recognize the best of the best in insider risk management. It's really to honor the work of individuals and organizations as they address insider risk in what is basically the most collaborative work environment we've ever seen. We announced these awards at the Insider Risk Summit earlier this year. That summit is an event that's laser-focused on redefining data security for sort of a hybrid, remote world, which is pretty - the world we're all living in today, that's for sure. 

Joe Payne: But before we jump into the awards themselves, I really feel like it might be helpful for people who haven't maybe been paying attention that much to insider risk to take a few minutes to reframe the problem and really talk about why it's so acute today versus in the past. So as you and I have discussed before, there are really three main drivers to the increased focus on insiders. The first is that digital transformation is changing how we all work together. So 90% of orgs today are in the process of digitizing their data and their business processes. Eighty-eight percent of CIOs have decided employee productivity and efficiency is a top priority. And as such, they've rolled out cloud-based tech stacks throughout the world to help us work better together. So things that we're all used to - Slack, Teams, OneDrive, Box, G-Drive - these are all technologies that help us collaborate and share data. What's interesting is those same technologies also make it really easy for us to share data outside the organization. So that's driver one, digital transformation. 

Joe Payne: Driver two may sound a little silly at this point, but knowledge workers are working from anywhere. And so even pre-COVID, people spent about a quarter of their time working outside the office. Today, 1 in 4 workers indicate that they will never go back to an entirely in-the-office work mode. So, you know, we saw - I think if anything, COVID has just - has sped up the process of being able to work from anywhere. What happens when you work from anywhere is that IT no longer controls the tools or the networks or the applications that people use to get their work done. And that gives them a lot less visibility into what's happening. Users tell us - a little more than a third of users tell us that they used unauthorized apps every day to do their work. And about a quarter of them tell us that they use sync-and-share apps or sharing apps every week that are not authorized to share data with their colleagues. So that work from anywhere really affects sort of the insider risk problem. 

Joe Payne: So you got digital transformation. You got work from anywhere. And then the third cause is the change in jobs. I mean, people are changing jobs faster than ever. The average employee tenure now is decreasing. Gens Y and Z, they make up about 60% of the workforce, and they - their average tenure is less than three years in any given job. So it's a huge change. In fact, this number blew me away - 4.5 million Americans voluntarily left their jobs in November of last year - 4.5 million Americans in one month - so just a massive change. And why does that matter? Because the biggest risk to your data is departing employees, people that are leaving to go work other places. And when people leave their jobs, they almost always stay in their same industry. And so they love to take their data and their information and their source code and their customer list with them when they change jobs. 

Joe Payne: And, you know, they often don't realize that that's data that actually belongs to the company. So those three things have really made insider risk the biggest problem in the in the security world today - or at least one of the biggest problems. And at the same time, we haven't had an approach to deal with that in this modern world. So what we're doing with these awards is we're recognizing the people that are sort of the pioneers of this space and that have really adapted and adjusted to today's world in order to allow people to continue to collaborate but to also protect company data. 

Dave Bittner: Joe, speaking of the awards themselves, I mean, beyond the recognition of the people we're going to talk about in the organizations, is there an awareness element here as well to help spread the word more generally about this? 

Joe Payne: For sure. You know, I think it's most important that we're - you know, we're acknowledging the people who have done great work, and those same people tend to be the ones that are out there sort of preaching the word to people about how to do this the right way. So yes, awareness right now of this problem - but maybe as importantly, the awareness that there are solutions to this problem and there are ways to let people continue to collaborate and work together but still protect company data. So yeah, if it helps in awareness, I think that's fantastic. 

Dave Bittner: Well, we're joined today also by Wendy Overton. She's a director of cyberstrategy and an insider risk leader at Optiv. Wendy, it's great to have you with us. You know, one of the things that strikes me here is that I think quite often in the past, I have heard the term insider threats. And that's been tossed around a lot and popularized. But when we say insider risk, there's a little nuance there, and it's an important distinction. Can you lay that out for us? What's the difference? And why does it matter? 

Wendy Overton: Sure. And thanks so much for the opportunity to speak with you today. So the reason why we really shifted to insider risk here at Optiv is because we're trying to help companies really think through building a more holistic perspective and thinking, you know, a little bit more forward. And how they mitigate risks are on insiders, right? You know, a lot of - kind of in the past, a lot of companies would think about, you know, seeing data leave or seeing people leave and - or different things like that, really focusing on things as they're happening versus trying to understand what types of behaviors or other indicators might there be out there that are indicating additional risk towards, you know, the company or the business that we can identify earlier and, through that, hopefully, proactively mitigate risk around insiders before the actual, you know, threat or incident takes place. 

Wendy Overton: And that really kind of speaks to a lot of the things that Joe mentioned earlier and how we're seeing a shifting landscape across the marketplace and how companies are having to think about insider risk going forward and how they're having to kind of shift the way that they think about insiders because of the way that, you know, their business might be transforming or having to kind of adjust due to the economy or other factors, right? We're seeing data moving to cloud solutions, remote workforce, business modernization, different strategies around the business and around security, so the threat landscape is continually changing. 

Wendy Overton: To keep up with these changing risk landscapes, organizations are starting to broaden the way that they're scoping risks, analyzing risks, and starting to really flesh out a more all-source mentality we're calling it, and thinking a little bit more holistically around insiders, you know, whether that be open-source intelligence or things that they may have, you know, at their disposal to understand what is going on within their networks or enterprise. 

Dave Bittner: All right. Well, let's jump into some of the actual awards here. Joe, I'm going to start with you. You have selected two winners in the Insider Risk Practitioner of the Year category. Take us through exactly what the process was for selecting these winners. And then who won? 

Joe Payne: Yeah, thanks, Dave. It was really an interesting category. We had an overwhelming number of submissions for the Insider Risk Practitioner of the Year. And it was such a strong group that the judges - we just decided that we need to recognize more than one person in this situation. So we've picked two Insider Risk Practitioners a year. Now, we call them superheroes because these are people that have displayed an exemplary craftsmanship in cultivating a powerful insider risk program for their organization. That was the official definition of the Insider Risk Practitioner of the Year, Dave. Who are the winners? It's Tim Briggs from CrowdStrike and Ginger Cullifer from Altair. Congratulations, Tim and Ginger. 

Joe Payne: Let's talk a little bit about why they won. So under the leadership of Tim Briggs, the insider risk team at CrowdStrike is really composed of the incident response team. Tim takes a really interesting approach. He assigns people from insider response - from incident response to four- to six-week sort of shifts so that everyone on his team can get up to speed on how insider risk works and how the technology behind it works. He's really set up probably one of the most sophisticated teams on insider risk in the country today because he's automated so much of how they do investigations and response. It's - really, really impressive implementation of an insider risk program - in fact, probably the most impressive one that we've seen to date. 

Joe Payne: But the other thing that really set Tim apart is his commitment to the industry. Now, Tim's at CrowdStrike, and they're big believers in security in general. And Tim basically has taken it upon himself to go out and spread the gospel about how insider risk should be done in a modern collaborative environment. And he's talked to so many CISOs and so many security teams that we really felt he deserved the recognition as one of our practitioners of the year. So congratulations, Tim Briggs. 

Joe Payne: The other winner was Ginger Cullifer at Altair. Altair is another software company that does AI, and it does all kinds of sophisticated analytics. So they have a lot of important intellectual property at their company. However, if you look at their website, you'll see that they are recognized as one of Inc.'s best places to work this year, Newsweek's one of the best cultures and places to work. And so what's interesting for Ginger is that she has to balance culture and security in her role, as do all CISOs, but they've got a very employee friendly culture at Altair. And so she worked hard at establishing the program and working with all the key stakeholders around the organization, and she did that extraordinarily well and has a program in place. And it paid immediate dividends because she found a number of departing employees in their first year in the program taking sensitive data, and they took immediate action to solve that. So for their two different approaches but both wildly successful approaches, we are excited to award the Insider Risk Practitioner of the Year to both Tim Briggs and Ginger Cullifer. 

Dave Bittner: All right. Well, congratulations to all of them. Well done. Wendy, we're going to go through our company categories. Can you take us through the winners in those categories? 

Wendy Overton: Yeah. I'd be happy to, Dave. So we had three categories that we assess, you know, various companies for. It was great to see all the different innovators in the space and really tough to choose the finalists and ultimately the winners. The three categories are the Accelerator Award, the Game Changer Award, and the Collaborator Award. For the first category, the Accelerator Award, which recognizes organizations driving notable decreases in insider risk, focusing on most improved detection and response, the winner is Lyft. The core accelerator to Lyft's growth and success comes from their company culture, enabling their employees to work the way that suits them best. 

Wendy Overton: Prior to going public, one of the biggest challenges they faced was their blind spots - having no insight into where their sensitive data was going or how it was being moved, particularly within the cloud. Lyft decided to take a more proactive and person-centric approach using IRM in order to get more visibility into data activity across their entire cloud footprint, including AirDrop. Lyft's IRM approach played a crucial role in its preparations before going public and has allowed them to continue to approach data security in a more modern way. Congratulations to Lyft. 

Wendy Overton: The Game Changer Award category, which recognizes organizations that have revolutionized their insider risk program, bringing them to the cutting edge of IRM, and companies that have elevated from a traditional to a more modern program, the winner is FinancialForce, a provider of customer-centric business applications built on the Salesforce platform. FinancialForce's security team conducts an annual risk assessment to align team priorities with business objectives and identify the most pressing risks in the organization. Through that exercise, they've determined the data leaking from departing employees, competitors and third parties was pretty significant security risks that they wanted to address. 

Wendy Overton: With employees spread across eight different locations, it was critical for FinancialForce to design a well-integrated insider risk management program to protect their critical IP, quickly detect and respond when critical insider risk events occur and eliminate alert fatigue, most importantly. Through their IRM program, FinancialForce can now detect file exposure and exfiltration across endpoints, cloud and email systems using IRM technology and API-based integrations to take advantage of their tools in the security stack. Through their focus on a strong security ecosystem, they developed a risk scoring engine that brings prioritized alerts from their IRM solution into focus with other end point risk factors, user internet browsing, phishing activity and more to help them determine where their biggest insider risks lie. Congratulations to FinancialForce. 

Wendy Overton: And lastly, the Collaborator Award category, which recognizes companies that have fostered a dynamic collaboration culture while protecting their valuable data, the winner goes to UserTesting, which provides an on-demand usability testing and research solution through its Human Insight Platform. Unlike many companies, UserTesting has always had a primarily remote workforce and a software-enforced perimeter. Therefore, without the visibility into data movement, there would be many opportunities for sensitive data and IP to walk out the door and walk into the wrong hands. 

Wendy Overton: Embracing remote workforce culture, UserTesting understands that most insider threats occur because employees are simply trying to get their jobs done, and, unfortunately, sometimes employees engage in some less than ideal security practices in the process. Instead of shutting down the tools and processes that enable their employees to be effective, UserTesting focuses on understanding the business reasons behind those practices, educating on more secure alternatives when necessary and gaining full visibility of data movement to respond quickly to insider risks. By maintaining positive relationships with internal partners and employees, they built trust in an extremely effective and transparent IRM program. Congratulations, again, to UserTesting and to all the winners for these categories. 

Dave Bittner: Yeah, congratulations, indeed. Is there a common thread here among these companies in terms of the things that made them rise to the top? 

Wendy Overton: You know, Dave, I'd say that across all three, kind of in line with what Joe and I were talking about earlier, they're all moving the needle towards more proactive programs and through that kind of helping their workforce to continue to do their jobs effectively and support the business without necessarily, you know, hindering anything, but still protecting and mitigating risk as well. It's really great to see. 

Joe Payne: What I'd add to that is they all also - they have a people-first kind of mentality, which is not a controls-first mentality. They know that most of their employees are just trying to get their jobs done. So an employee might use Gmail while working from home one day, and they might do it accidentally. So before you hit them with a hammer, you know, you want to talk to them about why they did that and understand, etc. And these organizations have been sort of out in front at taking that whole approach towards people-first. 

Dave Bittner: All right. Well, let's move on to our final category here, and that is the CISO of the Year. Joe, who do you have for us? 

Joe Payne: Gosh, that's the hardest one that the committee really struggled with because we have so many good CISOs doing so many great things. And also, you know, who wants to say which CISO is best? You don't want the other CISOs mad at you. But having said that, Mario Duarte at Snowflake had a fantastic year with his team. They rolled out an entirely new insider risk program and were actually in the running for a number of different awards for that program. I think one of the things that really sets Mario apart is not only his passion for implementing that program at Snowflake, but he's been a very vocal leader in the insider risk community, offering up his time and his experience to other CISOs when they're starting on this journey and also being very vocal about the fact that, look; the old solutions that we have in security around DLP just simply don't work in today's modern world and that our employees deserve the opportunity to work together and collaborate together and without security getting in the way. So for all of those reasons, I'd like to say congratulations to my friend Mario Duarte for winning our first CISO of the Year Award. 

Dave Bittner: All right. Well, congratulations, indeed. And congratulations to all of our winners this year. Joe, before we sign off today, I would be remiss if I didn't give you the opportunity to promote this year's Insider Risk Summit. I know details are still coming together, but can you give us a little preview of what people might expect this year? 

Joe Payne: Well, it's really interesting. The whole way that we work is just transforming as we speak. And the idea that we're going to, quote, unquote, "return to normal" has pretty much been thrown in the trash can. Even now that the pandemic is receding and people are feeling more comfortable and getting out, people aren't going back to work. So I think a major part of this year's Insider Risk Summit is going to be about the new normal. How do we protect our data in - you know, from insider risk in the new normal? And I think it's going to be a fantastic group of speakers, and I'm really looking forward to it. And as soon as we get all the final dates and times, etc., we'll get those out. And apropos to that whole conversation, I am confident that it's going to be some form of hybrid event, where you can attend in person, but I think most people will probably attend, you know, over Zoom. 

Dave Bittner: All right. Well, Joe Payne, president and CEO, Code42, and chairman of the Insider Risk Summit, and Wendy Overton, director of cyber strategy and insider risk leader at Optiv - thank you both so much for joining us today. 

Dave Bittner: Our thanks to Joe Payne, CEO of Code42, and Wendy Overton from Optiv for joining us and for the Insider Risk Summit for sponsoring this edition of "CyberWire-X." Congratulations to all the winners. You can learn more about the Insider Risk Summit at 

Dave Bittner: "CyberWire-X" is a production of the CyberWire and is proudly produced in Maryland at the startup studios of DataTribe, where they're co-building the next generation of cybersecurity startups and technologies. Our senior producer is Jennifer Eiben. Our executive editor is Peter Kilpe. I'm Dave Bittner. Thanks for listening.