One area which has been explored, but not as extensively as it deserves, is the insider threats. This is not limited to any one specific field or industry. The insider has access, in each of these, to the company’s intellectual property, corporate email addresses, and dependent on the position, personnel records. These have varying values, depending on the circumstances. For example, the intellectual property of a defense contractor would be significantly greater than a material recycler.
Yet another example of the potential issues with the insider threat recently occurred with a government entity. Not too long ago, the FDIC experienced an issue with an extended attack and breach that was directly and clearly known by the agency. The earlier OPM and IRS breaches are likewise fresh in the industry’s memory. The example at hand occurred with the Office of the Comptroller of the Currency. Here, an employee, at the time, downloaded data onto two thumb drives, and then retired. The data included unclassified personnel records and other data sets. These were downloaded onto two USB drives. The former employee was not able to locate or return the USB drives.
There is however a positive attribute to the unfortunate event. As part of the cyber- and information security platform, there are a number of security points and logs to check. This transgression of the retiree was caught as part of the routine security review.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!