Beware of Insider Threats
 
We all want to believe in the good of people. We want to believe most people want to do the right thing. This sounds great, but in practice there are issues, as there always are with the staff. We all remember Snowden and others. Regardless of your view on Snowden’s acts and rationale, the confidential documents were leaked from a private source to third parties outside of the business. This has not only been present with private emails and memos, but also with business intellectual property and proprietary information. This can be just as damaging to the business, if not more, to its longevity.

 This can be a significant problem for your business or clients, unless a monitoring process is put into place.

 Digital Media
The mode of the information and data being removed from the business has changed significantly over the years. This technology began with the 5 ¼” large removable floppy discs, which advanced to 3.5” smaller discs with the hard plastic exterior. These mediums, while an improvement over the cassette tape drives (for those who remember this), were still very limited as to the amount of available storage.

  Presently there are thumb drives with upwards of 32GB of data availability. This would hold easily the entirety of the customer data (names, addresses, SSN, account numbers, balances, etc.) for a small bank. This being taken by an insider and sold or given to a competitor would be a significant detriment. Another avenue of theft may also be the Google Glass. In a data or call center, the employees are heavily monitored via innumerable cameras posted throughout the floor, mounted on the ceiling. Their usage of the services is also reviewed regularly. One of the “stellar” employees wearing their Google Glass could record personally identifiable information (“PII”) of the people calling in while sitting at his desk. As an alternative, a mechanical engineer sitting at the desk, taking images of the schematics for a new fixture on a tank is also another source of data leakage. These examples are of relatively inconspicuous people simply sitting at their desk working.
Advances in our technology will only make this more of an issue. The storage devices will only increase in the amount of data they are able to comfortably and stably hold. There will also be other devices created that will cause the CISO a headache.

 Prior SOP
Management in year’s past did not have this on the forefront of their worries and thoughts. This was not significantly discussed at the IT Business Continuity Plan (“BCP”) meeting. The issue of data storage and manipulation probably held more weight in the management meetings from years gone past.

 The management team knew information theft occurred on some level in the business, but were not able to quantify its extent. Occasionally there would be an obvious spike in activity when an employee would leave to work at a competitor, and the competitor mysteriously would suddenly have the advanced research or the competitor would take three steps in the R&D process versus one.

 InfoSec Defense
It is not that management does not trust the staff, but the business does not want to be a victim. Monitoring it’s assets and processes is not a crime. All is not lost! InfoSec models can be implemented to mitigate the risks. These involve log review and analysis. These will show who is using the services at a much higher rate than the baseline and show as an anomaly.
Due to the mass amount of data involved with this, programs are used to parse through the data for the pertinent and important information. If you are the CTO or CISO of a medium business, there will be stacks of log files. There is no way to reasonably review these manually due to the pure mass amount of data. The programs available that complete this task do a reasonable job of this.
The SysAdmin can monitor the staff’s accessing of files, review the folders and files accessed, the frequency of this activity, and if this data would be saved to the USB or emailed. The email usage can also be monitored. If suddenly there were to be a large spike above the baseline level of activity, this is probably an issue waiting to happen, especially with the data or attachments being sent out to the third party.

In short, this is not trying to make everyone’s life difficult. The IT department is not merely snooping in everything the employee does. This level of micro-management or oversight does not work and only manages to push people away. The business can’t be a victim and needs to protect itself. A recent case involved a software engineer that had been working on Wall Street on an algorithm that was meant to predict the ups and downs of the market. The firm would then recommend the clients purchase the stock with the price was significant lower. There was a mass expense involved with this, as the engineer had been working on this for a year. This was clearly proprietary in nature. The application was liberated by the then employee, soon ex-employee, as he moved to a new employer. This could have been disastrous for the firm, but was resolved. To minimize the risk, the insider threat issue needs to be monitored-unfortunately