Insider Threats Increase as a Result of a Struggling Economy
Insider threat

insider threatsThe headlines this week makes reference to a fairly minor theft of healthcare records at a Los Angeles Clinic. The incident involved a janitor selling 14 boxes of computer reports for $40. The theft exposed 30,000 patient records. Although minor, this incident highlights several major issues that we have covered in our blogs over the last several months.

First, the possibility of a data breach caused by a trusted employee should be on every CEO’s list of threats that could cause significant harm to their business. The 2010 Verizon Data Breach Report states that 48% of data breaches occur as a result of employees stealing confidential information.  That’s a 26% increase from 2009. The primary motivation for stealing highly confidential information is typically personal financial gain. There should be little doubt that many employees are feeling the impact of the recession and selling confidential information to your competitors or other more sinister buyers such as organized crime could provide a means for holding off the creditors.

Who’s stealing your corporate information now?
Data breach Insider threat

corporate espionageJust when you thought you had the corporate crown jewels under lock and key it now appears that veteran CIA spies can moonlight and help your competitors determine what is going on inside your company!  I just finished reading a book titled “Broker, Trader, Lawyer, Spyby Eamon Javers.  In his book Javers details how companies are employing CIA Agents to spy on their competitors.  Using cutting-edge technology, age-old techniques of deceit and manipulation, and sheer talent, spies act as the hidden puppeteers of globalized businesses.

Because the US Federal Government cannot pay these seasoned employees enough compensation, they are now permitted to use their skills during off hours.  This permits them to leverage their experience and techniques, such as reading the body language of CEOs during interviews to see if they are telling the truth.  Javers discusses a theory called “cognitive dissidence” which says that when someone attempts to hold two conflicting ideas in their brain at the same time, normal people will display noticeable patterns of discomfort.  The human brain will do almost anything to avoid this discomfort and will attempt to do or say things to circumvent the truth.  The classic example is Bill Clinton’s “There is no affair” and “It depends on what the meaning of the word ‘is’ is.”  Agents trained to detect body language and innocuous activities can detect valuable information that would otherwise go unnoticed.

How that Data Walked Out the Door
Insider threat

data walking out the door Did you ever wonder if your customer lists and other confidential data is walking out the door when people leave the organization?  Here is something that I came across when working with a client.

This organization uses multiple FTP and other file sharing sites to share documents internally and with partners and customers.  Some of these are sanctioned by the organization, but many aren’t.  The reason there are so many is because IT is very busy and hasn’t gotten around to creating an easy-to-use collaboration site for everyone.  They also make it very difficult to implement anything as basic as a secure collaboration site without having to get vice presidential justification and jumping through hoops.  There are Windows file servers for some internal projects and Microsoft SharePoint sites for others.  People use email, free sites, like and YouSendIt, and FTP sites to exchange documents with outside people.  Employees have resorted to “roll your own” because of the IT can’t meet the need in a timely way.

Digital Rights Management joins Data Loss Prevention
Insider threat Secure collaboration

Enterprise Digital Rights Management (EDRM) is a growing and important part of securing an organization’s information.  The traditional methods of using firewalls and intrusion detection systems are good at keeping the bad guys out, but not so good at keeping those on the inside (the good guys?) from leaking important documents.  EDRM encrypts documents and controls access to them even after they leave the security of your firewall.
Data Loss Prevention (DLP) is good at filtering content by searching for things like social security numbers and preventing that information from getting out.  But it’s not good at preventing sensitive documents from walking out the door on a thumb drive or other removable media.

Indecent exposure
Data breach Insider threat

Indecent exposureWhile visiting with a client last week they were discussing an upcoming company cruise that will be taking place this October.  The event includes over 500 employees and their spouses.  The company sent an Excel spreadsheet to each employee that requires information such as Passport number, Social Security Number and credit card information.

After completing the form one of the employees mistakenly hit reply all and his information was instantly sent to over 500 people, most of whom he does not know.  Without a way to revoke the rights to the file his personal information was exposed.

Another client’s Human Resources department had a new administrator access an Excel spreadsheet from the department’s network directory.  The visible cells showed the employees’ names and phone extensions.  Thinking this would be helpful information for company employees the administrator emailed the file to all employees. Little did he know that the hidden cells contained salary, stock option and other confidential information.  Not sure what happed to the administrator but needless to say the company had significant issues to deal with.