Incident Response, TDR

How to stop the next Edward Snowden

According to a study by Symantec, data breaches in the U.S. cost businesses a cool $5.4 million last year – and U.S. companies experience the most expensive data breach incidents when compared against Germany, United Kingdom, France, Australia, India, Italy, Japan and, Brazil.

The Edward Snowden fiasco offers a worst-case wake up call for CIOs to prevent intentional data breaches.

Edward Snowden hacked the National Security Agency (NSA) and he did it from the inside, while working as a low-level contractor. If a security breach can go undetected there, the same can happen anywhere.

Symantec's Marty Hodgett knows all about mitigating such risks - by way of predictive analysis, because merely managing employees' access is not enough.

As chief information officer, she has access to some of the best tools the world has to offer, including Manage Security Service Group (MSS), a cloud-based model that allows Symantec's worldwide support to monitor firewall, proxy alerts and endpoint logs (17 billion logs for more than 1,000 clients daily).  She also uses predictive analytics tools that allow IT to detect scenarios.

Let's say in a six-month period, ten employees leave your firm. If you look carefully, you'll find patterns that will emerge for those ten employees. Maybe they had a bad review recently – that would be one flag to note. Or maybe they didn't get along with their colleagues or boss (which you would know as your systems would flag specific keywords within emails or IMs and produce a sentiment analysis).

Smart companies retrace what happened and use the data to create early warning systems to safeguard against similar situations in the future. At best, all these departing employees do is download or delete a bunch of personal information from devices. But at worst? Well, that's Snowden.

While the Snowden case is an extreme example of intentional data compromise, there is a much more pervasive source of leakage caused by sloppy employee practices, particularly mobile practices.

The IT department in many companies is typically overwhelmed. Users demand easy-to-use applications, universal access to company data and to top it off, use of their own devices at work. IT wants to maintain secure standards, but ensuring compliance across multiple platforms is often as impossible as keeping up with changing technologies. Not to mention the fact that ‘sanctioned' apps often are not the most user-friendly options.

Despite the fact that the consumer experience has fundamentally changed over the past five years, with touch-screen interfaces, activity streams, and video and apps downloaded from app stores as part of their daily experiences, business users (for the most part) are stuck with comparatively primitive point-and-click and cut-and-paste experiences at work.

So all roads lead to employees reverting to insecure, non-sanctioned solutions like DropBox and Box.net for sharing sensitive documents while on the go.

Does your office have a set standard for accessing, editing and sharing sensitive documents that you (and your employees) could speak to? Does it supply specific smartphones or tablets with strict security programs and does it have a clear policy for handling sensitive business data while you're mobile? And does anyone check, regardless?

That's what I thought.

Setting up a central hub to closely manage permissions, and making that hub easily accessible and available across all computing devices is really the best way to deal with unintentional data breaches - and services like harmon.ie (a client of mine) set the standard for just that. Reinforcing company permissions for accessing documents stored within the popular Microsoft SharePoint platform makes it secure to do business on mobile devices.

Those that integrate with SharePoint (and that are endorsed by the leading Mobile Device Management (MDM) vendors), allow users to securely access Office 365 and SharePoint documents and social features on mobile devices. Once employees have easy – and consistent – access to Office 365 and SharePoint, a notoriously difficult-to-use application, they won't look for other apps to speed up their processes because they won't have to.

Had the NSA had used a combination of these types of monitoring, predictive analytics and mobile tools, it wouldn't be struggling to figure out where the “access to sensitive files” breakdown occurred, because it would have been recorded (or better yet stopped).

And remember, digital monitoring can, and should, go both ways. It can be used to identify and weed out problem employees, but it can also be used to identify great employees and give them the recognition they deserve.

That's a solid balance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.