A Little DLP can Protect from the Enemy Within – oh, and WikiLeaks
Sahota's writing picked out a few key gems from the KPMG report, the thrust of which made the claim;
A fifth of all reported data loss incidents in the first half of 2010 were a result of malicious attacks from inside the organization.
The headlines I am referring to are of course screaming about the latest WikiLeaks release; which like the last is bound to have come from an insider with "authorized access" to the system storing the data.
But as someone who has spent most of their career in IT Security this is not really news to me. We've known for a long time that the 'people' are always the weakest link in any security solution or policy - as humans we have a natural ability to want to help people and trust them, assuming they are up to no good is hard for us.
Sahota's blog points out that, as organizations (read, the IT team) get wise to hackers, the criminals are tempting the staff to pass on valuable information. Which is very true, but I think there is a stronger motivation at play here too, as the Wikileaks data shows. The motivation of the "Do-gooder" or the idealist who believes the public should be made aware of the 'secret' data they are looking at, presents a significantly greater threat. We need to rethink how we solve this problem with these two types of motivation in mind.
The KPMG report, and Sahota's post, goes on to single out the Healthcare sector as suffering a large proportion of the leaks, mostly due to the working practices of its users. Sharing of passwords, portable media and accidental leaks all present a wide channel for data to leak out of the organization, but almost all Sectors share these same issues, and most try to combat them with awareness and education for their employees.
I think a better solution is to look towards technology. For example, password sharing can be mitigated by the use of Biometric two factor authentication. Portable media problems can be eliminated with the use of Centralized Endpoint Device Control Systems and of course all external channels can be protected once efficient DLP (Data Leak Prevention) tools have been deployed.
Each type of motivation for the attack or leak is going to need different a consideration. Education, awareness, technology and a good dose of luck are just the start of protecting your data from the baddies or publicity like WikiLeaks.