What To Do When You Know Your Data Breach Personally?

As we think of what scary costume we want to dress up as for Halloween, as a business, we need to understand what costumes our employees are wearing at work.  Are they wearing a disguise?  

What we always like to emphasize here at iCorps is how much IT Services and infrastructure is not so much about tech, but about the people who work for you with your sensitive data.  

A few scary points to ponder: 

  • According to Martin Giles, US technology correspondent for ever venerable The Economist,  "800 million digital records are lost or stolen each year. And the cost of those breaches is going up." . 
  • As more objects go online - think about mobility and the internet of things (IoT), the complexities of data breaches will go up and up.
  • "4 or 5 data intrusions involve the exploitation of easily guess-able credentials. It is thought that crimes are instantaneous but they actually play out over weeks or years."

image-068859-edited

Still not scared?  Well, think about this: many data breaches do not come from outside of your company.  They don't have to guess the passwords, or steal access - they were already given access.  What do you do when the call is coming from INSIDE THE HOUSE?

From Edward Snowden to Bradley Manning, I'm sure that you have heard of rogue elements working from within the US gov't to steal data and put it into the hands of nations, nation-states and other rogue elements.  But what about the "Edward Snowdens" of your company?  Have you identified them?

Et tu, Dejan?

We'd all like to believe we run a fun corporation where all employees are loyal and happy and would never do harm to our company by leaking or selling data.  For those that do not have that kind of company, you would probably like to think that there are contractuals or non-competes in place that prevent employees from doing any harm in the event that they are unhappy.  This is folly.

In the case of American Superconductors (AMSC), they had IP that was set to be sold to Chinese wind turbine maker Sinovel.  What happened is that Sinovel didn't want to pay for the copywright to AMSC and identified a disgruntled employee, Dejan Karabesevic, who was recently demoted at AMSC in 2011. Exploiting that demotion, Sinovel realized that Karabesevic had access to AMSC 'secret sauce' and plied it from him for promises of riches (which they never delivered).  While the case was decided in China in AMSC's favor earlier this year, the loss of revenue from Sinovel (which accounted for 70% of AMSC's revenue) and drop in stock price was almost irrevocable.  And it all could have been prevented!


Data_Leak_Google_Trends

Fear of data breach is at an all time high.  As you can see from this Google trends chart (right) searches on the popular search engine for "Data Leak" have skyrocketed in the last year and peaked in September of 2014. So does your company have a plan in place for insider leaks a la Snowden? Instead of waiting to find out, it is important for your company to be proactive rather than merely reactive.  


What To Do To Prevent Internal Data Breaches From People

  • Identify the security risks by position: make an assesment of every employee in your company.  This can be done by giving a score to each employee (some companies have a security score for every single employee) and from there understanding where efforts against insider attack should be focused.  
  • Set up behavioral monitoring- understand who, when and from where your employees access information.  If there is access at times that information isn't usually accessed, that sets up red flags to investigate whether that employee is working late, or if they are up to something fishy.  

    One thing we have heard that can be very effective is to set up proxy accounts that only those in an inner circle will know to never use.  If and when they are used, you can understand who and from where the inside attack is coming.

  • Look at those being fired, tendering resignations, who are disgruntled or who will be a part of a round of layoffs: this is low hanging fruit for protecting yourself against employee backlash.  More than half of the perpetrators of insider crime have been terminated but their access has not yet been revoked.  Make sure you revoke access to sensitive information immediately.  

  • Perform background checks of those who have sensitive information- this is a no-brainer.  While you may not catch everything, this is a good preventative measure to understand if you should trust any individuals with your data to begin with. 

Dealing with insider leaks is hard enough from the technology side so you want to make sure your efforts aren't for nought when a person attacks.  All of this should be handled with care and a positive company culture is a great way to mete out any reasons for anger or resentment that could lead to these attacks.  

 



CONCLUSION:

You never want to have to deal with a disaster without a plan in place.  Every company should find ways to identify who the security threats may be.  And it is important to not only think about who the threat could be in-house, but which of your vendors or partners could also be a threat to data leak or internal attack.