Clearly some individual, or individuals, had an all access pass to the company’s systems.
Many top IT security experts believe that the most common form of insider data threat is that of accidental exposure – an employee unintentionally and unwittingly creating a vulnerable situation or allowing data to be accessed. That certainly accounts for many threat incidents.
“All companies are going to have the possibility of this occurring because accidents do commonly occur, and I do believe that accidental exposure is much more common than intentional harm,” explains Meg Anderson, chief information security officer at Principal Financial Group.
“So lack of awareness is one cause of accidents – such as lost laptops, misdirected email, even paper reports that are still walking out of companies,” Anderson says. “Those are relatively small incidents. But we also have data on all kinds of new devices now, so we’ve added possibilities of iPhones being hacked, tablets, etc.” They all run the risk of financial loss, fines, lost customers, plus the potential loss of reputation.
[Related: UBA vs. the rogue insider]
Insider threats also vary depending on what the organization does and the type of data it collects, Anderson says.
“There are a lot of scenarios and I think a lot of it depends on the organization. You cannot discount financial gain. There are going to be insiders that want to make money on your data and on your intellectual property. It could involve insider trading – having authorized access and passing that along to somebody else. “
“The third thing I can think of is that a lot of times employees think that they own what they work on while they’re at work. One thing that is often compromised is source code – programmers thinking they own their source code. They may also be temporary contract employees that work for us. They take that code from company to company, because you do reuse code, and it makes sense to them that it is their property.”
Still, Anderson agrees that it the disgruntled employee that probably poses the greatest theat.
“When we talk about intentional damage it could be far more impactful because it’s less likely to be noticed and it also could go on for some time – a ‘slow flow’ sort of approach,” Anderson says.
To spot a thief
So how do you spot the potential data thief in your midst?
It starts with observing behavior, notes Ganesan (Ravi) Ravishanker, CIO at Wellesley College, in Massachusetts.
“We do the usual best practices,” Ravishanker says. “Most of us rely on the annual audit. We create the best practice controls and do the best we can. We also rely on the business units to partner with us to be able to develop controls, to develop reports; we do have very comprehensive reports that we generate on which users have access to what data. That gets adjusted because people’s roles change. We need to make sure that we keep people’s access as limited as possible.”
Sign up for CIO Asia eNewsletters.