Wikileaks and the authorized insider threat

Data security beyond DLP requires orchestration of many moving parts, say Craig Shumard and Serge Beaulieu

By Craig Shumard and Serge Beaulieu, CSO |  Security, insider threat, Wikileaks

The recent military and U.S. State Department Wikileaks fiasco epitomizes a key challenge to data security and privacy today: the authorized insider threat.

Massive amounts of secret documents: 250,000 embassy cables, 91,000 documents relating to the Afghanistan war, and almost 400,000 documents relating to the Iraq war, were taken and leaked to Wikileaks. And this may just be the tip of the iceberg--Wikileaks founder Julian Assange reportedly has an encrypted 1.4 gigabyte 'insurance' file that will be decrypted and leaked if he dies.

All this information came from 'authorized users'. Allegedly, a low-level intelligence analyst, an Army private no less, had access and downloaded all the Iraq and Afghanistan war documents to CDs or DVDs. He may also be responsible for the State Department leak.

Also see Wikileaks fallout: DLP helps but doesn't solve

The authorized insider threat is not unique to the government or the military. All organizations are susceptible--virtually any organization that has sensitive business information such as earnings releases, merger and acquisition plans, strategic plans, attorney/client documents, personal identifiable information, sensitive internal emails, et cetera, is at risk. Notably, Wikileaks has said that their next target for posting whistle-blowing documents will be a large US financial institution.

Moreover, not all leaked information has to be sensitive to be damaging. Damage may occur from leaked intellectual property, or embarrassing things such as blunt emails that can be taken out of context, or internal debates on controversial issues that are not meant for public consumption.

Even if you know who has access to what, can an organization know what their employees did, what documents they read, printed, or copied?

Why organizations are at risk

Organizations are at risk because they have both sensitive information and people who have authorized access to it. Even assuming that access to sensitive information is adequately protected, organizations are still at risk, because a determined disgruntled or uninformed authorized user can still find ways to steal or lose information.

The challenge is to evolve the layers of information security defenses to reduce that exposure.


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question