Attending BlackHat is something that most security professionals look forward to. It’s an opportunity to meet similar folks on both sides of the security aisle, have a drink, share stories and compare notes.

FBI at Black Hat

One presentation really stood out for me at this year’s conference:  the Insider Threat presentation by FBI’s former CISO, Patrick Reidy. In the presentation, Reidy talks about the FBI’s approach to combating insider threats. What I really enjoyed was the striking similarity between the FBI’s analysis and what Imperva has been talking about for the past year. Even the FBI’s own resourceful research conclusions are in line with ours.

I used to look at all insider threat cases in more or less the same way. I always assumed that at one point, there would be an attempt to capture credentials or hack/use a system admin/privileged account in order to gain access to data. While CERT (CMU) would definitely agree with me on this point (see next paragraph), the FBI’s conclusions tell a different story. This makes me believe that there is a fundamental difference in cybercrime that occurs in government and non-government targets.

What were the interesting findings? Find out here