“In the digital age, it’s very difficult to control the flow of information. This is true not just in government but in business as well. Everyone’s on email. It’s all out there.” —James Goodale, leading First Amendment lawyer
Recent news involving Edward Snowden demonstrates that even highly confidential information is ripe for the taking in today’s one click of the button world.
Snowden was a National Security Agency contractor who leaked information about US intelligence programs.
When asked about his motive for leaking confidential information, Snowden said “My sole motive is to inform the public as to that which is done in their name and that which is done against them.” He claims to have acted to protect ‘basic liberties.’
We know that Snowden’s laptop had stickers supporting internet freedom organizations such as the Electronic Frontier Foundation, an organization created out of a perceived need for greater protection for Internet civil liberties. We also know that Snowden used the codename “Verax” meaning truth-teller in Latin when communicating via encrypted email.
What was the result of his truth-telling? Robert Mueller, FBI Director stated that “These disclosures have caused significant harm to our nation and to our safety.”
Is Snowden altruistic? Is he an individual that feels more superior or more moral than others?
Surely if Snowden is altruistic, he adheres to a sort of pathological altruism or “altruism in which attempts to promote the welfare of others instead result in unanticipated harm” where Snowden has failed to anticipate the harm he has caused even though it was reasonably foreseeable.
What would motivate people in your organization to disclose confidential information? Every company has its secrets and ways of doing things different from their competition, so all businesses can benefit from learning from one of the most significant security breaches in history.
Charles Foley, Chairman & CEO of Watchful Software, highlights some key lessons that companies that have important secure information should pay attention to.
Expect your next security breach to come from an insider. Foley points out that our “greatest risk is likely someone ‘inside the perimeter’ that we think we can trust but can do something either erroneously or maliciously which has massive impact to us… ‘malicious insiders’ were responsible in 2012 for more losses than phishing, social engineering, Trojan horses, viruses, and worms combined.”
Expect many more Snowdens in the future. “It’s not a matter of ‘if’ we encounter our own Edward Snowdens, said Foley, “it’s just a matter of ‘when’; 90% of CIO and CISOs interviewed last year admitted that they had a security breach in the prior 12 months… young Mr. Snowden may have had a major impact on the NSA because of their public profile, but he’s certainly not unique.”
Current solutions to security breaches aren’t enough. Instances in the past and in light of the NSA security breach has “shown that ‘securing the perimeter’ with ever-stronger firewalls and anti-intrustion/virus/malware systems, while valuable, isn’t enough… they don’t stop the ‘insider threat’ which is both pervasive and powerful.”
How can you prevent a security breach occurring from an insider?
Of course, the first line of offense is the background check. The company that was subcontracted to conduct a background check on Snowden is now under criminal investigation suggesting that the intelligence leak could have been prevented
In order to protect your company from security breaches by insiders you need to be able to conduct effective background checks and look at who has your company information and what they have access to.
Your information should be secure. Snowden should not have been able to grab the hard copies of the leaked information.
James Goodale, leading First Amendment lawyer, talks about the how Snowden leak could have been prevented stating that the solution is that “it [information] should have been encrypted…you’re going to have an inconvenient encryption of information and people are going to have to learn how to use it.” Security needs to be put in place to ensure that the information that needs to be protected is secure.
Whether you choose to use our services related to effective background checks and making sure your information is safe from insiders, the role of your security professional is to show you your company’s Achilles heel.
Photo Source: FlickrPosted in: Current Events, K&K Private Investigators, Kusic and Kusic Ltd., Privacy Issues, Technology