Leo Taddeo on the Insider Threat

Leo Taddeo
leo taddeo


Leo Taddeo, former FBI NYC Cyber

Leo Taddeo, the Chief Security Officer (CSO) of Cryptzone, joins LIFARS to answer questions from insights developed in his twenty years of experience as an elite FBI agent. Mr. Leo Taddeo worked different angles, from counter-terrorism to international operations and eventually, into the cybersecurity realm. Before retiring from the FBI in August of this year, Mr. Taddeo served as the Special Agent in Charge of the Cyber Special Operations Division in New York. His current position at the cybersecurity software company, Cryptzone, which provide secure enterprise gateway, data loss prevention products, and other compliance products of the sorts. He holds both an internal and external role that ranges from software development and physical security to working with developers and the marketing team in order to fit the needs of the cyber security industry within the executive strategy.

LIFARS: What do you personally find to be the common concerns for CISO’s, CIO’s, and other security executives?

Mr. Leo Taddeo: There are a number of challenges. One thing that everyone is facing is managing all these different security solutions that are out there. That is to say, there is a mosaic of cyber solutions that fit together and overlap. Managing all the capabilities that are on the market today to provide a comprehensive and cohesive set of solutions is a challenge.

Then, there are the individual challenges. Access management, privileged-user management, behavioral analysis, and protecting sensitive assets, is becoming more of a focus. To elaborate, the focus is isolating resources in order to exploit vulnerabilities to get to what really matters in a company. Then, there are challenges that everybody is facing in terms of complexity of the solution set and properly managing that in a way that isn’t overly expensive… the company must get value for their security dollar. I think it is a challenge to understand where promises from vendors can be turned into real value. I think with the changing landscape and challenges, it becomes more difficult.

LIFARS: It sounds similar to the problem that many IT departments and institutions have suffered for many years, the inability to translate the value of their work to non-technical personnel. I am correct in that assumption?

Mr. Taddeo: Right, but it not just about communicating the value, it is, also, about delivering. The delivery aspect to it, which is a challenge because….marketing materials promise real capabilities that don’t often materialize once they are bought and implemented.

LIFARS: What do you find to be a cybersecurity issue that does not receive the awareness it deserves in mass media or the public eye?

Mr. Leo Taddeo: One that has gotten some attention, but enough is that of the insider threat. We are going to see more insiders connecting with people who have the capability to hurt a company and they are doing it in ways that are difficult to detect. As we look at encryption and confiscation technologies, while they account for privacy, they allow [the insiders] to do things that are very hard to trace and that is going to raise levels of distrust. The second threat is blindness to the origin of the components that make up our software supply chain. As a result, there is to question the reliability and whether there are additional functionalities in software are malicious, or nearly undiscoverable because it lies deep inside the code. With more of our software being developed in places that don’t have transparency to test software for integrity, you can’t always put it through conditions that our advisories can and so we don’t know how it will behave under certain conditions. As a result, we are more vulnerable from the heart of the supply chain.

LIFARS: Could you elaborate on the insider threat?

Mr. Leo Taddeo: In the past, you had, in terms of information security, insiders who were faced with a deterrent and a lack of skill. Your average employee with a username and password, had a high probability of getting caught. In very rare cases they had the capability to navigate a complex infrastructure to do significant damage. The environment has changed since then.

Number one, insiders that do not have the technical skills to compromise the security integrity of the company. For example, if I want to hack my company…..I can go to an online forum and find somebody who does and ‘accidently’ provide my username and password or someone else’s username and password, so a hacker gets the key to the ‘front door.’ It is done in a way that is invisible to law enforcement and it is almost impossible to detect after the fact….as more and more people become aware, of these technologies and these hacker platforms, you will see more people with the intent and execution possibilities. Since it is difficult to detect, it is less of a deterrent….unless we get a confession. As a law enforcement official of many years, not being able to peel back layers of evidence to get to the truth will allow more people to succeed at hurting us.

LIFARS: What would your recommendation be for a business when it comes to threat management and intelligence?

Mr. Leo Taddeo: Emphasize on technologies that are able to spot the insider or plot behavior that is threatening, in order to find the insider. It is important because it creates a deterrent if people think you are watching. I would spend some money on that, but the real strength comes from constructing and architecting your infrastructure so that even somebody who has valid credentials or even somebody who is inside can only do a limit amount of damage…In security there is a principle of least-privileged that only gives access needed to do the individual’s job. While everybody understands that, it is very difficult to enforce that, especially, when you talk about network access. When someone has authority to get on a segment, they have visibility to everything on said segment. We have to architecturally design our systems so that people can’t see what they don’t need and people certainly cannot navigate our network for what they don’t need. There are technologies and companies that do that, including my own. In the future we have to make it harder and more complex for someone who is on inside networks and [insiders] make it easier for us to track what they are doing.

LIFARS: What are your projections of the future for the cybersecurity industry on the macro-level?

Mr. Leo Taddeo: We are going to see more activity from major powers, like China and Russia, but we are also, going to see smaller regional powers engage in cyber experimentation with their regional advisories…We will see simmering cyber conflicts continue, with potential overflow of capacity being pointed at western networks. To expand, the conflict from nation-state to nation-state with proxies will then, overflow and affect third parties, who are not in the original conflict at all. Here in the United States, there will be a continued shortage of experts in the cybersecurity industry and sophisticated debate on how best to develop that workforce. That is going to be the challenge I think for the next five to ten years. We will see some ‘best of class’ that get it right and are defending themselves properly, but we are, also, going to see some of the continued compromises from people from enterprises that are cutting corners or are not fully focused on the problem. That is really where the adversaries take advantage. Attackers do not have to make everybody vulnerable, they just need to find someone who is not paying attention for a significant period of time and that becomes their payday for the moment and they continue to operate that way, becoming more successful over time.

Leo Taddeo left LIFARS on this note, “The days of everything outside is bad and everything inside is good are gone. The security detectives should start really thinking about moving away from the perimeter-based mindset to a micro-segmentation and individual one to one security between the user and the resource.” Contact Leo Taddeo by visiting the Cryptzone website.