Insider Threats at the Executive Level

Monday, December 20, 2010

Headlines

69dafe8b58066478aea48f3d0f384820

An article by Guy Bunker published recently in ComputerWorld UK warns that the insider threat has escalated, and the trend indicates that the greatest potential for damage may now come from those in executive positions.

The insider threat is particularly troublesome for organizations, as the the perpetrators have access to the most confidential of information, and breach detection usually only occurs after the damage is done.

"For every story that makes the news there are probably dozens that don’t, and many more organisations with no idea that such things might be occurring. In the latest case one of the executives admitted to selling the data for many years, an insidious and undetected leak of company secrets over a long period."

Bunker also points out the risks inherent with third-party access to sensitive data as companies move to Cloud-based managed services, which creates an entirely new layer of insider threat.

Though your company may have state-of-the-art access control, authentication, and data loss prevention protocols in place, the move to Cloud-based services requires a leap of faith that the vendor is also being as vigilant regarding who has access to your data, and the data of your clients.

"With the advent of the cloud and increasing collaboration there is now a need for the data to start ‘protecting’ itself from being accessed by the wrong individuals or systems. Do you know where your data is and who might be selling it?"

Source:  http://blogs.computerworlduk.com/jericho-forum/2010/12/beware-the-rogue-insider-at-the-top/index.htm

Possibly Related Articles:
9023
General
breaches Cloud Security Insider Threats Data Loss Prevention Headlines Third Party DLP
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.