I’m a security researcher currently preparing a conference talk on ‘security within virtual worlds’ - I will be covering EVE Online as one of my topics as an example of how ‘corporations’ deal with insider threats.
I need an ‘introduction’ to various corporation leaders to talk through issues/problems they’ve had with insiders stealing virtual assets and how they deal with these threats.
This will be presented at an international security conference in 2021, possibly both in the USA and Europe. Attendance at these is very high with anywhere from 10,000-30,000 attendees and many of the talks are broadcoast internationally and covered by the media.
The chats will be relatively informal and can be in whatever format you choose (e-mail, video chat, voice chat, etc.) Most of the information presented will remain anonymous, but if you are happy to have your corporate name used in the presentation that’s fine too.
I’ve been in touch with CCP and they suggested coming here first. If you’re a head of corporation or currently deal with ‘security’ within your corp I’d love to speak to you so feel free to reply to this threat so I can pick your brains.
EDIT: For those that just prefer to post here, I’ve listed the questions I’m interested in getting answers/information to below. It also helps if you list your corporate name/size so I can organise my notes . For those of you that prefer to maintain some privacy you can send me your answers at EveResearcher@outlook.com and I’ll happily communicate that way:
Have you or your corporation experienced any insider threats - anything ranging from theft/destruction of assets/in-game currency or any other malicious activity? Can you describe them and what impact it had on you/the corporation? If you’re able to put a number of the amount that was stolen/defrauded, this is also very interesting.
How do you vet/deal with operational security matters?
Do you use ‘external’ sources of information to enrich background research on new players entering your corporation? ie. Do you research social media profiles, etc.
How do you ‘segregate’ or ‘contain’ new players. Is there some kind of ‘probation’ period and what kind of goal posts do you set before someone is allowed to take over critical functions within the corporation (for example, finance or any ‘privileged role’ within the corporation)
Has you/your corporation ever experienced ‘out of band’ attacks (ie. account takeover attempts for the purpose of in-game theft)