Episode 20 - Interview with Kayne McGladrey on Multi-Factor Authentication

In this episode we cover Multi-factor Authentication with our guest, Kayne McGladrey, Cryptocurrency Hacks from Pyongyang, and more. Don't touch that dial!

Intro

Welcome back! This is episode 20 of The Insider Threat podcast, for the week of October 2nd, 2017.

We made it to 20 episodes! I know some people don't like it when you talk about milestones like this, but I'm doubly excited for this one because I finally get to publish my interview with Kayne McGladrey from Integral Partners. I know many of your have been scrambling to finish up the quarter or fiscal year, depending on your industry, so hopefully this will give you an opportunity to sit back, relax, and listen to the excellent information that Kayne provided. As a quick reminder, I plan on being at BSides DC and the Insider Threat Symposium later this month, so let me know if you'll be there as well and want to meet up.

Infosec Question of the Week

You know what that sound means - It's time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!

The question last week was "In 1889, Nintendo was founded by Fusajiro Yamauchi. The company went on to become a forerunner in video game console manufacturing. What did Nintendo first create?"

The answer was "Japanese Playing Cards".

Get it? Aces and 8s? I'm sure you're all bursting with laughter from my wit right now. Anyway, Nintendo's first product was playing cards for a game called Hanafuda, and Yamauchi made them by hand. Talk about meager beginnings. You have to admire the way Nintendo was able to pivot to video games in the 1970s.

Congratulations to:

Andrea from Gulfport, William from Arana Hills, Ed from Pennsylvania, and Bruce from Birmingham for getting the correct answer.

Here's your question for this week: "On Spetember 28th, 1998, Internet Explorer became the most widely used web browser, beating out this competitor."

Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Mosaic".

News

Our news this week comes from KBS World Radio and is titled North Korea Hacked South Korean Web Sites to Steal Bitcoin

http://world.kbs.co.kr/english/news/news_Dm_detail.htm?No=130509

According to the short article, North Korean hackers broke into 10 South Korean websites in July and August of this year in an effort to steal bitcoin. You can probably guess how these attacks were carried out. Malicious emails were sent to 25 individuals in this spearphishing attack, and once an employee's system was owned, it was used as a staging point to get to the rest of the organization. So now we're seeing real monetary consequences for insider threat attacks, which only furthers the discussion about the need to address the issue. So many things could have been done to prevent this type of attack, including user awareness training, email isolation, staying up to date on patches, network segmentation, and probably even more that I'm not thinking of. Without more details on the incident, I can't pin down a specific protection method.

If you're listening to this podcast, you're probably already thinking about these things, or you just like the sound of my voice, but I doubt it. In any case, keep it up. It's people like you that are making lasting and effective change to your protection posture.

Interview

Now before I get into the interview, I just have to say that it was a real pleasure to speak with Kayne and learn from his experience with different multifactor authentication implementations. I certainly learned something, and I hope you do as well. Without further adeu, here we go.

After Interview

I just want to say thank you again to Kayne for coming on the show. For more information about him or his company, look up Integral Partners LLC. I'll leave a link to their site in the show notes.

Thought of the Week Segment

Our thought of the week comes from Tena Desae, an Indian actress who happens to share the same birthday with your's truely. She said, "Stay positive and happy. Work hard and don't give up hope. Be open to criticism and keep learning. Surround yourself with happy, warm and genuine people."

Outro

Thank you for listening to episode 20 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.

You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.

Thanks again and I'll see you folks next time!

Are You Doing All You Can to Protect Your Confidential Documents?