Is Your Data Protection Good Enough to Stop Insider Fraud?
e-Espionage: fraud and carelessness are serious threats to data protection
Data protection - fraud from within
INSIDER THREATS
'Fraud has grown to epidemic proportions,' says James Ratley, CEO of the Association of Certified Fraud Examiners. 'It is so pervasive, it can no longer be ignored.' A 2010 survey of fraud examiners estimates that businesses lose as much as 5% of their revenues to fraud by employees, from bookkeepers to CEOs. In world-wide terms, that translates to 'losses of more than US $2.9-trillion.'
It's not uncommon for disgruntled or departing employees to steal confidential information such as customer details, prospect or price lists, marketing plans, new product details, financial information and Intellectual Property. In fact, a recent Ponemon Institute study found that it was more the rule than the exception: nearly 60 per cent of employees who'd lost or left their jobs took confidential information with them.
Theft by departing employees happens regardless of rank or pay package. In a familiar example, US company Starwood (owner of Sheraton, Westin and Le Meridien) filed suit against the Hilton Hotel group after it hired a number of Starwood executives. According to the lawsuit, trade secrets were taken which Hilton used to develop its new Denizen Hotels concept. Starwood claims that the former head of its luxury brands group downloaded 'truckloads of documents when printed' on his laptop computer. Electronic documents are, of course, much more prone to theft than paper ones since they're so easy to copy, even in vast quantities.
MORE MOBILITY = MORE RISK
Another big consideration for security of your data is the increasing mobility of knowledge workers. Recently, there's been a dramatic rise in the number of smart phones and tablets and BYOD, bringing your own devices to work. 'Organizations need to welcome them in with their 'kit',' a Carnegie Melon University study describes the dilemma, 'and at the end of the relationship let those employees go with their kit intact, but also be able to claw back the corporate data that belongs to the organization.'
The other concern is employees' expectation of unfettered access to social media for networking, a trend that's giving IT security staff severe heartburn. A recent Cisco survey found that 2 out of 3 U.S. IT security decision makers perceived social networking as the biggest risk to their organisation. It needs to be taken seriously: social media sites are fertile hunting grounds for cyber gangs doing 'research'.
€We're living in a world where our entire emerging workforce has grown up online and has been engineered to overshare,' Branden Williams from RSA told SC Magazine. 'Big data miners have taken notice.' The article talks about the danger of employees, partners and contractors 'beaconing' information that can be used in targeted attacks, as well as product details and other IP - via €their online r©sum©s, in blogs, email, Skype, instant and SMS messaging, through misconfigured systems, even search engines, say experts.'
The problem here is enforcing governance policies and security controls across these channels and mediums. SC Magazine quotes an October 2011 AIIM survey, where 65% of respondents said they lacked such controls in their Web 2.0 collaborative environments. A compounding factor is that many young professionals don't see data security as their responsibility. €They want to work hard, from home or the office, using social networks and cloud applications to get the job done,' writes Constantine von Hoffman on CIO.com, 'while someone else builds seamless security into their interactions.'
Data protection - fraud from within
INSIDER THREATS
'Fraud has grown to epidemic proportions,' says James Ratley, CEO of the Association of Certified Fraud Examiners. 'It is so pervasive, it can no longer be ignored.' A 2010 survey of fraud examiners estimates that businesses lose as much as 5% of their revenues to fraud by employees, from bookkeepers to CEOs. In world-wide terms, that translates to 'losses of more than US $2.9-trillion.'
It's not uncommon for disgruntled or departing employees to steal confidential information such as customer details, prospect or price lists, marketing plans, new product details, financial information and Intellectual Property. In fact, a recent Ponemon Institute study found that it was more the rule than the exception: nearly 60 per cent of employees who'd lost or left their jobs took confidential information with them.
Theft by departing employees happens regardless of rank or pay package. In a familiar example, US company Starwood (owner of Sheraton, Westin and Le Meridien) filed suit against the Hilton Hotel group after it hired a number of Starwood executives. According to the lawsuit, trade secrets were taken which Hilton used to develop its new Denizen Hotels concept. Starwood claims that the former head of its luxury brands group downloaded 'truckloads of documents when printed' on his laptop computer. Electronic documents are, of course, much more prone to theft than paper ones since they're so easy to copy, even in vast quantities.
MORE MOBILITY = MORE RISK
Another big consideration for security of your data is the increasing mobility of knowledge workers. Recently, there's been a dramatic rise in the number of smart phones and tablets and BYOD, bringing your own devices to work. 'Organizations need to welcome them in with their 'kit',' a Carnegie Melon University study describes the dilemma, 'and at the end of the relationship let those employees go with their kit intact, but also be able to claw back the corporate data that belongs to the organization.'
The other concern is employees' expectation of unfettered access to social media for networking, a trend that's giving IT security staff severe heartburn. A recent Cisco survey found that 2 out of 3 U.S. IT security decision makers perceived social networking as the biggest risk to their organisation. It needs to be taken seriously: social media sites are fertile hunting grounds for cyber gangs doing 'research'.
€We're living in a world where our entire emerging workforce has grown up online and has been engineered to overshare,' Branden Williams from RSA told SC Magazine. 'Big data miners have taken notice.' The article talks about the danger of employees, partners and contractors 'beaconing' information that can be used in targeted attacks, as well as product details and other IP - via €their online r©sum©s, in blogs, email, Skype, instant and SMS messaging, through misconfigured systems, even search engines, say experts.'
The problem here is enforcing governance policies and security controls across these channels and mediums. SC Magazine quotes an October 2011 AIIM survey, where 65% of respondents said they lacked such controls in their Web 2.0 collaborative environments. A compounding factor is that many young professionals don't see data security as their responsibility. €They want to work hard, from home or the office, using social networks and cloud applications to get the job done,' writes Constantine von Hoffman on CIO.com, 'while someone else builds seamless security into their interactions.'
