In the aftermath of the great data heist by Edward Snowden, the now-infamous computer specialist who stole top secret information from the National Security Agency and leaked it to The Guardian earlier this summer, CIOs are feeling a little helpless.
"People are saying that if it happens to the NSA, which must have incredible tools to prevent people from leaking data yet still leaks on a grand scale, we better be really careful," says Jeff Rubin, vice president of strategy and business development at Beachhead, a mobile security company.
There's little doubt CIOs are reeling from the Snowden effect.
A New Breed of Rogue Employee Roams the Network
Snowden represents a new kind of rogue employee or contractor: a tech-savvy millennial armed with personal computers who can spirit away highly sensitive data. CIOs will have to deal with this threat sooner rather than later. The old thinking of relying on encryption to safeguard data just won't suffice in today's corporate computing environment.
The 29-year-old Snowden hatched a plan to swipe data from arguably one of the safest organizations on the planet. His age is significant because he's symbolic of today's millennial, a 20-something tech worker flooding corporations across the country. Millennials will make up the largest segment of the workforce by 2015, according to the U.S. Bureau of Labor Statistics.
Two-thirds of millennials assess their technology acumen as "cutting edge" or "upper tier," according to CompTIA. Snowden, who once described himself as a "computer wizard," not only gained access to sensitive data, he communicated with the media using encrypted email under the codename Verax.
For CIOs, the warning is clear: Your next rogue employee may be good at finding ways around your best-laid security plans.
Social Engineering and Tech Savvy a Dangerous Combo
While there's no questioning Snowden's technical chops-after all, he worked at contractor Booz Allen Hamilton as a computer specialist-Rubin doubts Snowden relied on technical skills alone to do what he did. Rather, Rubin believes Snowden employed social engineering tactics to gain access to computers and download data to thumb drives and, eventually, his personally owned computers.
"My guess is he went to NSA employees, said [he was there] to work on their computers and needed access to them, and gained their trust," Rubin says. "He may have even gone as far as telling them, 'You may get a notice on your screen that there's some sort of intrusion, but that's just me so don't be alarmed.'"
The idea that Snowden probably used his personal computers and thumb drives should also be alarming to CIOs, especially in the age of BYOD, says Rubin. With BYOD, mobility and cloud storage services such as Dropbox now common, the chances of corporate data leaking out is higher than ever.
Sign up for CIO Asia eNewsletters.