Data loss - The Insider Threat

Data loss happens, and most of it is deliberate though not malicious, Clearswift’s head of marketing strategy Kevin Bailey told a round-table session at Technology in Government 2014.

While some delegates said their organisations were using mobile device management (MDM), they noted that executive users prefer to use native apps, and one said the “executive fleet” - which tends to contain more sensitive information - was not secured because the executives do not want the restrictions imposed by MDM.

Other measures taken or being considered by delegates’ organisations to avoid data leakage include codes of conduct, requirements that all information has to be classified before sending and then treated in accordance with that classification, automatic classification based on content, and email filters designed to detect particular types of data (an easily understood example is a tax file number).

USB storage devices provide an easy way of removing bulk data. Mr Bailey mentioned an incident in Japan where an employee copied a huge number of records onto their mobile phone and then sold the data - and he then pointed out that one of his cufflinks was a USB drive and the other was a Wi-Fi dongle. “I can walk in with anything,” he said, noting that people may have malicious intent or they might only want to take ‘their’ information with them when they leave the organisation.

Delegates said there doesn’t seem to be a whole of government policy regarding this aspect of security, although some organisations do take a risk-based approach. In some cases, biometric USB drives are mandated when the data is PROTECTED, but this addresses the issue of use of lost or stolen devices, not the deliberate removal of information.

According to Mr Bailey, three-quarters of data breaches are internal, and are primarily down to “innocent insiders.” Part of the problem, according to one delegate, is that systems within that organisation are so inconvenient that people tend to work around them, providing opportunities for malicious or incremental leakage. “There’s a level of innocence,” the delegate said, observing that people don’t know that they should not be following these unauthorised practices. Another delegate agreed, citing an example where an executive was forwarding all emails to a Hotmail account.

“Is it just that someone wants to be particularly productive?” for example by working at home in the evening, wondered Mr Bailey. “Everyone’s got deadlines,” he said. Problems will occur where an organisation does not have the budget or headcount required for its mission, or in situations where somebody has to do 10 hours work in eight hours.

And where the activity is malicious, insiders - especially systems administrators - can hide their tracks to such an extent that nobody will notice unless it is a major breach, said a delegate.

On the subject of IT staff, delegates noted the importance of only allowing developers to deal with test data (not live data), and to deny developers access to systems once they have been handed over to operations. One pointed out the need to keep telling operations staff that “you can’t trust developers” - the problem is that colleagues tend to trust each other as that lubricates the ongoing working relationship. So a delegate recommended regular briefings to remind staff of the procedures and that they are there to protect employees: if the other person cannot satisfactorily explain why they are doing something, they should not be allowed to proceed. The individual might just be trying to be productive, but the risk is that the organisation is put into “a questionable state.”


This article is brought to you by Enex TestLab, content directors for CSO Australia.

Have you registered yet to hear from Richard Thieme, Fran Trentley, CERT Australia, NBN Co, telstra, Women in IT security, Craig Davies and many more... No then Register your seat today not many left

Earn CPE credits and recieve the book "Mind Games"signed by the author as well on the day.

Read more: Talking insider threats at the CSO40 Security Confab and Awards

Join the CSO newsletter!

Error: Please check your email address.

Tags mobile device management (MDM)risk#TechinGovsecuritydata leakageinsider threatsUS Storage devicesTIGdata lossclearswift

More about CERT AustraliaCSOEnex TestLabHotmailTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Withers

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place