One Man… $1Billion… Stolen.

A former Intel employee has been charged with attempting to steal $1Billion worth of information. Wow. Turns out that while he had resigned and officially left, he still had access to the computer systems - and guess what… he decided to copy stuff, which he freely admits he would use to further his career in the future.

While I have written about the decline of implicit trust before, this is yest another case, although this time it shows up a poor corporate process relating to shutting out individuals from company systems when they leave.

I was with a customer this week and they are about to change their policy on password changes to every two weeks. Every two weeks… we change our passwords every three months and even then I can have problems trying to (a) find something that fits the policy, uppercase, lowercase, numeric, punctuation, not this or that and then (b) remembering it… let alone having to do it every two weeks. The reason that passwords used to have to be changed frequently was because companies were not good at shutting people out of systems when they left… but now there is no excuse.

Time to revisit that employee leaver policy… and examine how you can prevent falling foul of a malicious insider - after all he was just copying restricted data onto removable media… something technology can help you spot.

November 7, 2008 | Filed Under Insider, security | Leave a Comment 

Stealing Data

So a survey showed that 88% of IT staff would steal sensitive corporate information if they were laid off. I’m quite sure that a lot more people actually walk out the door with sensitive information. OK, so it may not be the CEO’s password, but sensitive information none the less. Companies don’t know where their information is at the best of times, let alone whether someone has taken a copy on a CD ROM, or memory stick - or in some cases just had it mailed out to a personal email account. Customer lists, pricing details, business plans are all good targets to be stolen from the inside. As with most data-loss it also happens inadvertently, executives are often allowed to walk out with their laptops, but what about the data! Ooops there goes another disaster waiting to happen…

Of course walking out with information is one thing, using it maliciously is completely different. I wonder if the survey had asked whether those 88% of IT staff that would walk out with sensitive information would actually use it, or sell it - what would the response be? It might not be zero, but I very much doubt it would be more than a few percent. On the other hand we do know that the ‘malicious insider’ is a real threat - they do steal information with a view to using it. The thing about being an ‘insider’ is that (a) you have access to the systems, so no need to break in and (b) you know where the valuable data is. This is why we are seeing an increase in criminal placements… companies need to wake up to the fact that this is happening and start putting policies and technologies to prevent it. It will save embarrassment (or even large fines) later… Forewarned is forearmed.

September 2, 2008 | Filed Under data-loss | 1 Comment 

One Man, One Password, One Cell

So just how important can one person be? If they happen to the the IT administrator and they have a grudge, then perhaps the answer will scare you. In a recently reported incident one employee locked out a whole city from the computer system - and then refused to hand over the password. Implicit Trust fails once more. If that had been your company what would you have done? In this case they threw the individual in jail and are waiting… and trying to crack the password themselves!

More to the point, what could you do to prevent it from happening? This is a tough one - obviously you could have audit trails (but if you can’t log in, then how can you find the information), perhaps you could have a secret backdoor (not such a good idea - some cyber-criminal will find it), perhaps you can have policies and procedures (not that they help when you are locked out)… so what to do? Maybe the best thing to do is to ask your IT administrators how they would solve the problem - they will no doubt come up with a solution that would work for you and your network. If you think using this case might be a little close to the mettle, then how about framing it as an ‘accident’ when everyone gets locked out - it’s own form of ‘disaster’.

July 22, 2008 | Filed Under Availability, Insider, disaster recovery, security | 1 Comment