Perfect security
None of our employees have the faintest idea what we do, why we do it, who the customer is or how it works -
In this week's Kettle the topic is one that's been much in the news this week - the much-underrated insider threat issue. There are thousands of security shops willing to sell elaborate firewalls, zero-trust barriers, and AI security systems that claim to be able to spot a wrong'un easily. But time and again the most effective …
《I thought for sure you were going to talk about remote microphones glued to the back of the coffee machine or about the outsourced cleaning crew.》
Drink and snack dispensing machines have "phoned home" for more than a decade. (Many have small aerials poking above the back of the machine.) I can imagine similarly serviced coffee (espresso) machines or even water coolers might already do the same. How difficult (as in *not*) to instrument these machines, hidden in plain sight, to capture audio, video and wifi/bluetooth?
> ..How difficult (as in *not*) to instrument these machines,
Or how difficult for El Reg to post these small videos on/through a speech-to-text captioning tool? I don't do PC audio anymore. Ears are shot, and when the dogs hear strange voices in the house they go ballistic. Plain YouTube does quite well, with occasional giggle-fits, and now more ads. Is this proprietary video app better in some way??
“If you think technology can fix security, you don't understand technology and you don't understand security” Bruce Schneier
And he was right. The vast majority of security incidents are fundamentally down to sloppy management. The technical aspects are in general secondary -- only possible due to lack of adequate management, whether it be failure to patch, lack of scrutiny, absence of due process, inadequate risk assessment or a plethora of other management failings. And it's not just the front line folks at fault -- it's commonly a problem of corporate culture.
Posting anon, for reasons...
My employer makes us do compulsory cyber-security training so that we can spot external threats, but we seem to be happy to hire Chinese or Russian nationals. I've no idea if HR do any kind of background checks or, if they do, whether these would actually achieve anything.
Too many decades back worked in a security cleared environment. Many were from Eastern European (then Soviet block) countries, they accepted that depending on the wind their security clearance could be overturned. Over the few years I was engaged, the same faces appeared and disappeared, only to reappear a few months later….