Blog

Tag: GlaxoSmithKline

Insider threats can cause more damage than external hackersYou do complete background checks and go through references as part of your hiring processes. You continually and painstakingly train employees on security and data breach topics to make sure they are educated and will know what to do and not to do during the course of daily business.

You even conduct daily auditing of system activity and ensure that you are consistent with discipline at your workplace.  On top of it all, you’ve even gotten cyber insurance. You’ve made reasonable efforts to protect your sensitive business files as well as data and your business.  And, you trust your staff, so you naturally feel pretty confident that you are covered on all sides.

This false sense of security results in many of the data breaches we all hear and read about daily. The concept of “inside” and “outside” in an enterprise network is dated. Businesses increasingly work with consultants, employees doing work remotely or in a mobile fashion and the old network perimeter security isn’t able to deal with increasingly porous borders. While you focus on external threats, right under your nose, there is even a more significant security gap as shown by some of the important breaches below:

The examples above are a small sample of the damage done by trusted insiders who have betrayed the trust given to them. After most data breaches, we hear statements to minimize the impact of these breaches. All is fine! We do not believe information was further disclosed or used! We are offering one year of identity protection!

But the real impact is huge, to both businesses and people whose information is compromised. Businesses suffer financial and reputation losses. People are exposed for a lifetime. What happens to all this breached data? Once it is out there, it is out and the life-span of the stolen unprotected information is forever since most environments have no means to really tell if this data is further copied and distributed. Companies haven’t implemented a mechanism to disable use to this sensitive data so it does not float out there forever.

There are elegant ways to protect sensitive data using technologies that exist today, whether the threats are from external or internal sources. This can be achieved by supplementing existing technologies already deployed in most organizations with an additional security layer that protects data at the time of creation. And the technology is called persistent data-centric security.

Stop Data Breaches by Authorized UsersWith news of data breaches every other day, many companies are now turning their attention to where sensitive files reside, who has access to the sensitive information, how this information is being used and securing it.

The cyber criminals’ techniques for breaking through perimeter defenses are always getting more sophisticated. Everyone realizes that network security alone is no longer a sufficient solution as the perimeter that once held sensitive information safe has been eroded.  Now everyone must adapt to a perimeter-less world.

Today a large number of internal and external users enter company systems and access data daily – vendors, suppliers, partners, customers and employees. This makes it an extremely complicated task to secure sensitive files with the volume of users, applications and various levels of data access. With all of the implemented technology stack, it is daunting – if not near impossible – to secure all the various points of exposure. It only takes one weak point to be compromised and to suffer significant damages.

Whether intentional or in error, authorized users cause a large portion of data breaches and the criminals and hackers are onto this. More and more breaches are due to authorized users doing something they weren’t supposed to do.

This week there was news on Mount Olympus Mortgage Company – $25 million awarded in a lawsuit around corporate espionage. Authorized users of the mortgage company had stolen loan files, borrower information and other confidential information diverting it all to their current employer.

Last January, former GlaxoSmithKline scientists were indicted for stealing trade secrets to seed a startup company where they worked with external parties to profit from the breached information.

On September 2015, a former Morgan Stanley financial advisor pleaded guilty to taking hundreds of thousands of confidential records. The adviser was in discussions with other competitors of Morgan Stanley about a job as the breaches took place.

Last month, news broke out about a data breach within Pulaski County Special School District. An employee was responsible for compromising thousands of current and former employee’s personal information. This individual was emailing health insurance and benefits reports to her supervisor, and blind-copying the information to her personal email address including social security numbers, names, health insurance costs and individuals that did not have insurance.

Companies need to adapt and secure their sensitive data. Perimeter based security is no longer sufficient. The good news is implementing a data-centric security approach for persistent protection is available and easy to deploy.

Protect Against R&D Data TheftRecently I was in a meeting with a global pharmaceutical client in New Jersey who told me of the importance they place on their highly secure, centrally managed and monitored persistent security platform to protect against data theft and ensure that their valuable R&D information cannot be lost or inadvertently sent to a competitor.

As the meeting ended, I was informed of the news about the charges brought against five people in the Untied States around trade secret theft inside another global pharmaceutical company. Allegedly a senior level manager at the company was involved in this theft.

Given the global state of business competition, there is a special appeal to the cyber thugs with high-priced or high-demand items. There is an alarming interest in stealing intellectual property, trade secrets and exactly how these items are produced.

A recent Verizon Data Breach Report 2015 identified Manufacturing as the most commonly attacked industry sector for cyber espionage.

Another recent worldwide study by consulting firm PwC and CIO and CSO magazines, “The Global State of Information Security Survey 2016”, provides some alarming indicators of the security threat landscape:

  • Theft of “hard” intellectual property increased 56% in 2015
  • Employees remain the most cited source of compromise
  • Incidents attributed to partners climbed 22%

It is time that organizations with high value data shift their security focus from the perimeter to insider threats to lock down R&D data, intellectual property and trade secrets. Today technology advancements afford a variety of methods for an employee, contractor or a partner to take critical data electronically from an organization. There are many ways for a trusted insider to steal or inadvertently share sensitive data – printing paper documents, copying files to hard drives, downloading information onto a CD or a USB memory stick, and screen captures are a few such methods as examples.

When we add mobility adoption in the workforce and how this adds to the complexity of securing high value data, this task seems almost insurmountable. Targeting and protecting critical value data ensures that a company maintains its intellectual property, R&D work and its competitive edge in the market.

Protecting this data need not be such a daunting task. A data-centric persistent security approach can effectively help you protect and lock down your data.

Categories
Book a meeting